Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PInstaller.exe

Overview

General Information

Sample name:PInstaller.exe
Analysis ID:1526549
MD5:ea17d9a8373df3180020a861f91333c0
SHA1:beee77b8e24c4dd91e13f8154d180cbab37fccf2
SHA256:f5813155f25b4d8b8e3aee7b5353467973e5907dd743075676c462cff9f4acfe
Tags:exeuser-JolefanM
Infos:

Detection

STRRAT
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected STRRAT
AI detected suspicious sample
Connects to a pastebin service (likely for C&C)
Contains functionality for read data from the clipboard
Contains functionality to detect virtual machines (SLDT)
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains sections with non-standard names
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • PInstaller.exe (PID: 6920 cmdline: "C:\Users\user\Desktop\PInstaller.exe" MD5: EA17D9A8373DF3180020A861F91333C0)
    • install.exe (PID: 1780 cmdline: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe MD5: 5ECD826BABBEBDD959456C471DEC6465)
      • javaw.exe (PID: 1816 cmdline: "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher MD5: 48C96771106DBDD5D42BBA3772E4B414)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: javaw.exe PID: 1816JoeSecurity_STRRATYara detected STRRATJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Source: PInstaller.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\README.txtJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dllJump to behavior
    Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.4:49736 version: TLS 1.2
    Source: PInstaller.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: javaw.exe, 00000003.00000002.2002355616.000000006E233000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: javaw.exe, 00000003.00000002.2000391361.000000006C037000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: javaw.exe, 00000003.00000002.2002355616.000000006E233000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb9 source: mlib_image.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: javaw.exe, 00000003.00000002.1997227041.000000006B409000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: javaw.exe, 00000003.00000002.2000685361.000000006C08D000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: bci.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000003.00000002.2002514380.000000006F986000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000003.00000002.1996049209.000000006ADD4000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe, 00000003.00000002.1973447456.0000000000DDC000.00000002.00000001.01000000.00000006.sdmp, javaw.exe, 00000003.00000000.1897955244.0000000000DDC000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: lcms.dll.0.dr
    Source: Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^DkdwBk source: javaw.exe, 00000003.00000002.1997227041.000000006B409000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: msvcr100.i386.pdb source: javaw.exe, 00000003.00000002.2001972892.000000006C471000.00000020.00000001.01000000.00000007.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: lcms.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: javaw.exe, 00000003.00000002.2000391361.000000006C037000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: orbd.exe.0.dr
    Source: Binary string: msvcr120.i386.pdb source: javaw.exe, 00000003.00000002.1999710623.000000006BF41000.00000020.00000001.01000000.0000000E.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000003.00000002.2002220765.000000006DB4A000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: msvcp120.i386.pdb source: javaw.exe, 00000003.00000002.1999224847.000000006BEC1000.00000020.00000001.01000000.0000000F.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb source: mlib_image.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000003.00000002.1996512018.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000003.00000002.1996512018.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawt\jawt.pdb source: jawt.dll.0.dr
    Source: C:\Users\user\Desktop\PInstaller.exeCode function: 0_2_00406A05 FindFirstFileW,FindClose,0_2_00406A05
    Source: C:\Users\user\Desktop\PInstaller.exeCode function: 0_2_00402930 FindFirstFileW,0_2_00402930
    Source: C:\Users\user\Desktop\PInstaller.exeCode function: 0_2_00405DB4 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405DB4
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\Jump to behavior

    Networking

    barindex
    Connects to a pastebin service (likely for C&C)
    Source: unknownDNS query: name: pastebin.com
    Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
    Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: 2db6873021f2a95daa7de0d93a1d1bf2
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: pastebin.com
    Source: javaw.exe, 00000003.00000002.1976371401.000000000566B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: HTTP://WWW.CHAMBERSIGN.ORG
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings:
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodeshy
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansionG
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations3
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations/
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settings
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesO
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespacesY
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtdA
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs:
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations9
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamic
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking5
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi=
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default=
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema:
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef:
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xincludeC
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node7
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name3
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-size
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor7
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner7
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager:
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver?
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler=
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter8
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binderA
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-contextxQ
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table6
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager:
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory8
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtdD
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema(
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/locale
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocationJ
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AAC7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://asm.objectweb.org
    Source: javaw.exe, 00000003.00000002.1985274707.000000000A813000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.2002355616.000000006E233000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.drString found in binary or memory: http://bugreport.sun.com/bugreport/
    Source: javaw.exe, 00000003.00000002.2002355616.000000006E233000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.drString found in binary or memory: http://bugreport.sun.com/bugreport/java.vendor.url.bughttp://java.oracle.com/java.vendor.urljava.ven
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B08A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crlK
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl##
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlCF
    Source: javaw.exe, 00000003.00000002.2002355616.000000006E233000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000A818000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.drString found in binary or memory: http://java.oracle.com/
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/jaxp/xpath/dom
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource;
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/)
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AE6A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtdR
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AE6A000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
    Source: fxplugins.dll.0.drString found in binary or memory: http://javafx.com/
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AD80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javafx.com/fxml/1
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AD80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javafx.com/javafx/8
    Source: fxplugins.dll.0.drString found in binary or memory: http://javafx.com/vp6decoderflvdemux
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTDR
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemaHJs
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheet
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheet8
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMResult/feature
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMSource/feature
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXResult/feature#
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXSource/feature
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, jfr.jar.0.drString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilter
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilterss
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/featureH
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXResult/feature
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature#
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature-
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature6
    Source: PInstaller.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: javaw.exe, javaw.exe, 00000003.00000003.1957496475.000000001703B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1991773621.0000000017032000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000003.1951924804.000000001701B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://null.sun.com/
    Source: PInstaller.exe, 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.example.net:80
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
    Source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://openjdk.java.net/jeps/220).
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.coms
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/3
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/sq
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://s2.symcb.com0
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://site.com/
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://sv.symcd.com0&
    Source: javaw.exe, 00000003.00000002.1976371401.0000000005319000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crlCk
    Source: javaw.exe, 00000003.00000002.1976371401.0000000005319000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crlK
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crlc
    Source: javaw.exe, 00000003.00000002.1976371401.000000000566B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
    Source: jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jdk/
    Source: jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jfr-info/
    Source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmp, jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jvm/
    Source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/java/monitor/address
    Source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/code_sweeper/id
    Source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/compiler/id
    Source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/gc/id
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1991531187.0000000016EC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javafx/index.html
    Source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/
    Source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/C:
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/is-standalone
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo%
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager;
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm;
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B08A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
    Source: javaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://www.symauth.com/cps0(
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://www.symauth.com/rpa00
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xalan
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xpath/features/whitespace-pre-stripping
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xslt
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTDN
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities7
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities8
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000AE6A000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interning
    Source: javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interningfeature
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validations
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler
    Source: javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler.
    Source: javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string
    Source: javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string?
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: https://d.symcb.com/cps0%
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: https://d.symcb.com/rpa0
    Source: javaw.exe, 00000003.00000003.1951264881.00000000170AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/maxd/63691840fc372f22f470.
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1991531187.0000000016EC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/TsSaltan/DevelNext-jURL/releases/latest
    Source: javaw.exe, 00000003.00000002.1985274707.000000000A8CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/gson
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.comK
    Source: javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/WhdMR234
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.4:49736 version: TLS 1.2
    Source: C:\Users\user\Desktop\PInstaller.exeCode function: 0_2_0040586C GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040586C
    Source: C:\Users\user\Desktop\PInstaller.exeCode function: 0_2_0040366B EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040366B
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 2_2_00405D302_2_00405D30
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 2_2_004013B02_2_004013B0
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: String function: 00406E10 appears 37 times
    Source: PInstaller.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: classification engineClassification label: mal56.troj.winEXE@5/219@1/1
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 2_2_00401ED0 GetLastError,puts,ShellExecuteA,printf,fclose,MessageBoxA,FormatMessageA,strlen,strcat,LocalFree,fprintf,fprintf,fprintf,2_2_00401ED0
    Source: C:\Users\user\Desktop\PInstaller.exeCode function: 0_2_0040366B EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040366B
    Source: C:\Users\user\Desktop\PInstaller.exeCode function: 0_2_00404B18 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404B18
    Source: C:\Users\user\Desktop\PInstaller.exeCode function: 0_2_004021CF CoCreateInstance,0_2_004021CF
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 2_2_00404740 FindResourceExA,LoadResource,LockResource,fprintf,FindResourceExA,LoadResource,LockResource,fprintf,strchr,strlen,strcpy,FindResourceExA,LoadResource,LockResource,fprintf,strchr,strlen,strcpy,strncpy,strlen,strcat,strncpy,strlen,strcat,FindResourceExA,LoadResource,LockResource,atoi,SetLastError,SetLastError,SetLastError,strcpy,fprintf,FindResourceExA,LoadResource,LockResource,atoi,strcpy,fprintf,fprintf,SetLastError,SetLastError,fprintf,2_2_00404740
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDWJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeMutant created: NULL
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\nssDA44.tmpJump to behavior
    Source: PInstaller.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\PInstaller.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeFile read: C:\Users\user\Desktop\PInstaller.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\PInstaller.exe "C:\Users\user\Desktop\PInstaller.exe"
    Source: C:\Users\user\Desktop\PInstaller.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
    Source: C:\Users\user\Desktop\PInstaller.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe C:\Users\user\AppData\Roaming\InstallerPDW\install.exeJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncherJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeSection loaded: oleacc.dllJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeSection loaded: shfolder.dllJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: acgenral.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: msacm32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: acgenral.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: msacm32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dhcpcsvc6.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: d3d9.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: d3d10warp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: resourcepolicyclient.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dxcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dwrite.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dataexchange.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: d3d11.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dcomp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dxgi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
    Source: PInstaller.exeStatic file information: File size 58639106 > 1048576
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dllJump to behavior
    Source: PInstaller.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: javaw.exe, 00000003.00000002.2002355616.000000006E233000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: javaw.exe, 00000003.00000002.2000391361.000000006C037000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: javaw.exe, 00000003.00000002.2002355616.000000006E233000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb9 source: mlib_image.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: javaw.exe, 00000003.00000002.1997227041.000000006B409000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: javaw.exe, 00000003.00000002.2000685361.000000006C08D000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: bci.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000003.00000002.2002514380.000000006F986000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000003.00000002.1996049209.000000006ADD4000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe, 00000003.00000002.1973447456.0000000000DDC000.00000002.00000001.01000000.00000006.sdmp, javaw.exe, 00000003.00000000.1897955244.0000000000DDC000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: lcms.dll.0.dr
    Source: Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^DkdwBk source: javaw.exe, 00000003.00000002.1997227041.000000006B409000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: msvcr100.i386.pdb source: javaw.exe, 00000003.00000002.2001972892.000000006C471000.00000020.00000001.01000000.00000007.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: lcms.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: javaw.exe, 00000003.00000002.2000391361.000000006C037000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: orbd.exe.0.dr
    Source: Binary string: msvcr120.i386.pdb source: javaw.exe, 00000003.00000002.1999710623.000000006BF41000.00000020.00000001.01000000.0000000E.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000003.00000002.2002220765.000000006DB4A000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: msvcp120.i386.pdb source: javaw.exe, 00000003.00000002.1999224847.000000006BEC1000.00000020.00000001.01000000.0000000F.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb source: mlib_image.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000003.00000002.1996512018.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000003.00000002.1996512018.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawt\jawt.pdb source: jawt.dll.0.dr
    Source: jfxwebkit.dll.0.drStatic PE information: section name: .unwante
    Source: prism_sw.dll.0.drStatic PE information: section name: _RDATA
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 3_3_170250D7 push cs; ret 3_3_17025176
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 3_3_16FCCC30 push eax; retf 3_3_16FCCC51
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 3_3_16FABDA6 push eax; ret 3_3_16FABDA9
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 3_3_16FADA9A push eax; ret 3_3_16FADA9D
    Source: msvcr100.dll.0.drStatic PE information: section name: .text entropy: 6.90903234258047
    Source: msvcr100.dll0.0.drStatic PE information: section name: .text entropy: 6.90903234258047
    Source: msvcr120.dll.0.drStatic PE information: section name: .text entropy: 6.95576372950548
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_d3d.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_common.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\w2k_lsa_auth.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\verify.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunec.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\wsdetect.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\resource.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\splashscreen.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\zip.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunmscapi.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_sw.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\npjp2.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\README.txtJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeCode function: 3_3_17023E4C sldt word ptr [eax]3_3_17023E4C
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_d3d.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_common.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\w2k_lsa_auth.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\verify.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunec.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\wsdetect.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\resource.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\splashscreen.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\zip.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunmscapi.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_sw.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\npjp2.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\PInstaller.exeCode function: 0_2_00406A05 FindFirstFileW,FindClose,0_2_00406A05
    Source: C:\Users\user\Desktop\PInstaller.exeCode function: 0_2_00402930 FindFirstFileW,0_2_00402930
    Source: C:\Users\user\Desktop\PInstaller.exeCode function: 0_2_00405DB4 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405DB4
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\Jump to behavior
    Source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: l{constant pool}code cache C-heap hand metaspace chunks dict zone strs syms heap threads [Verifying Genesis-2147483648Unable to link/verify Finalizer.register methodUnable to link/verify ClassLoader.addClass methodProtectionDomain.impliesCreateAccessControlContext() has the wrong linkageUnable to link/verify Unsafe.throwIllegalAccessError methodJava heap space: failed reallocation of scalar replaced objectsGC overhead limit exceededRequested array size exceeds VM limitCompressed class spaceJava heap spaceUnable to link/verify VirtualMachineError classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\arrayKlass.cpp[]guarantee(component_mirror()->klass() != NULL) failedshould have a classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\gc_interface/collectedHeap.inline.hpp - length: %dguarantee(a->length() >= 0) failedarray with negative length?guarantee(obj->is_array()) failedmust be arrayshould be klassguarantee(is_constantPool()) failedvtable restored by this call<pseudo-string> cache=0x%08x (extra) for /operands[%d]/preresolutionconstant pool [%d]A constant pool lockC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\constantPool.cppguarantee(!ConstantPool::is_invokedynamic_index(which)) failedan invokedynamic instruction does not have a klassRESOLVE %s %s
    Source: javaw.exe, 00000003.00000003.1898754307.00000000156CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
    Source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmp, classlist.0.drBinary or memory string: java/lang/VirtualMachineError
    Source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: Unable to link/verify VirtualMachineError class
    Source: javaw.exe, 00000003.00000002.1974453691.000000000151B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
    Source: javaw.exe, 00000003.00000003.1898754307.00000000156CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
    Source: javaw.exe, 00000003.00000002.1975550538.0000000003030000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cjava/lang/VirtualMachineError
    Source: javaw.exe, 00000003.00000002.1975550538.0000000003030000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t[Ljava/lang/VirtualMachineError;
    Source: javaw.exe, 00000003.00000003.1898754307.00000000156CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: )Q+com/sun/corba/se/impl/util/SUNVMCID.classPK
    Source: javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: _well_known_klasses[SystemDictionary::VirtualMachineError_klass_knum]
    Source: javaw.exe, 00000003.00000003.1898754307.00000000156CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
    Source: javaw.exe, 00000003.00000002.1975550538.0000000003030000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lVirtualMachineError.java
    Source: C:\Users\user\Desktop\PInstaller.exeAPI call chain: ExitProcess graph end nodegraph_0-3498
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 2_2_00401150 SetUnhandledExceptionFilter,__getmainargs,_iob,_iob,_setmode,_iob,_iob,_setmode,__p__fmode,__p__environ,_cexit,ExitProcess,2_2_00401150
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeMemory protected: page read and write | page guardJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncherJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "c:\users\user\appdata\roaming\installerpdw\jre\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\copyright;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\license;jre\readme.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\thirdpartylicensereadme-javafx.txt;jre\thirdpartylicensereadme.txt;jre\welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncher
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "c:\users\user\appdata\roaming\installerpdw\jre\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\copyright;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\license;jre\readme.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\thirdpartylicensereadme-javafx.txt;jre\thirdpartylicensereadme.txt;jre\welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncherJump to behavior
    Source: C:\Users\user\Desktop\PInstaller.exeCode function: 0_2_0040366B EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040366B
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected STRRAT
    Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 1816, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected STRRAT
    Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 1816, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Access Token Manipulation    		11
    Masquerading    		OS Credential Dumping1
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		1
    Web Service    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
    Process Injection    		1
    Virtualization/Sandbox Evasion    		LSASS Memory1
    Virtualization/Sandbox Evasion    		Remote Desktop Protocol1
    Clipboard Data    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    DLL Side-Loading    		1
    Disable or Modify Tools    		Security Account Manager3
    File and Directory Discovery    		SMB/Windows Admin SharesData from Network Shared Drive1
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Access Token Manipulation    		NTDS4
    System Information Discovery    		Distributed Component Object ModelInput Capture2
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
    Process Injection    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Deobfuscate/Decode Files or Information    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
    Obfuscated Files or Information    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Software Packing    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    DLL Side-Loading    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    PInstaller.exe7%VirustotalBrowse
    PInstaller.exe3%ReversingLabs

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\InstallerPDW\install.exe3%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cpl0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    pastebin.com0%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    http://repository.swisssign.com/00%URL Reputationsafe
    http://bugreport.sun.com/bugreport/0%URL Reputationsafe
    http://java.oracle.com/0%URL Reputationsafe
    http://www.symauth.com/cps0(0%URL Reputationsafe
    http://www.symauth.com/rpa000%URL Reputationsafe
    http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
    http://www.quovadisglobal.com/cps00%URL Reputationsafe
    http://apache.org/xml/properties/input-buffer-size0%VirustotalBrowse
    http://apache.org/xml/features/validation/schema/augment-psvi0%VirustotalBrowse
    http://apache.org/xml/properties/internal/entity-manager0%VirustotalBrowse
    HTTP://WWW.CHAMBERSIGN.ORG0%VirustotalBrowse
    http://repository.swisssign.com/30%VirustotalBrowse
    http://apache.org/xml/features/dom/include-ignorable-whitespace0%VirustotalBrowse
    http://javafx.com/fxml/10%VirustotalBrowse
    http://apache.org/xml/properties/internal/stax-entity-resolver0%VirustotalBrowse
    http://www.oracle.com/hotspot/jvm/vm/compiler/id0%VirustotalBrowse
    http://apache.org/xml/features/xinclude/fixup-base-uris0%VirustotalBrowse
    http://apache.org/xml/features/internal/parser-settings0%VirustotalBrowse
    http://apache.org/xml/properties/internal/error-reporter0%VirustotalBrowse
    http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation0%VirustotalBrowse
    http://java.sun.com/xml/dom/properties/0%VirustotalBrowse
    http://apache.org/xml/properties/internal/namespace-binderA0%VirustotalBrowse
    http://www.oracle.com/hotspot/jvm/java/monitor/address0%VirustotalBrowse
    http://apache.org/xml/features/include-comments0%VirustotalBrowse
    http://apache.org/xml/properties/schema/external-schemaLocationJ0%VirustotalBrowse
    http://apache.org/xml/features/scanner/notify-char-refs0%VirustotalBrowse
    http://apache.org/xml/properties/internal/symbol-table60%VirustotalBrowse
    http://apache.org/xml/features/validation/schema:0%VirustotalBrowse
    https://gist.github.com/maxd/63691840fc372f22f470.0%VirustotalBrowse
    http://apache.org/xml/features/namespacesY0%VirustotalBrowse
    http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace30%VirustotalBrowse
    http://apache.org/xml/properties/dom/current-element-node70%VirustotalBrowse
    http://java.sun.com/xml/stream/properties/ignore-external-dtd0%VirustotalBrowse
    http://apache.org/xml/properties/internal/document-scanner0%VirustotalBrowse
    http://apache.org/xml/features/continue-after-fatal-error0%VirustotalBrowse
    http://www.oracle.com/hotspot/jdk/0%VirustotalBrowse
    http://www.certplus.com/CRL/class2.crl0%VirustotalBrowse
    http://apache.org/xml/features/generate-synthetic-annotations0%VirustotalBrowse
    http://apache.org/xml/features/standard-uri-conformant0%VirustotalBrowse
    http://www.oracle.com/technetwork/java/javaseproducts/C:0%VirustotalBrowse
    http://apache.org/xml/features/0%VirustotalBrowse

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    pastebin.com
    		104.20.3.235
    		truetrueunknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://javafx.com/fxml/1javaw.exe, 00000003.00000002.1985274707.000000000AD80000.00000004.00001000.00020000.00000000.sdmpfalseunknown
    http://javax.xml.XMLConstants/property/accessExternalDTDRjavaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpfalse
      		unknown
      http://apache.org/xml/features/validation/schema/augment-psvijavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      http://apache.org/xml/properties/input-buffer-sizejavaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
      http://www.chambersign.org1javaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmpfalse
        		unknown
        http://repository.swisssign.com/0javaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        HTTP://WWW.CHAMBERSIGN.ORGjavaw.exe, 00000003.00000002.1976371401.000000000566B000.00000004.00001000.00020000.00000000.sdmpfalseunknown
        http://repository.swisssign.com/3javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/properties/internal/entity-managerjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/features/internal/parser-settingsjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/features/dom/include-ignorable-whitespacejavaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpfalseunknown
        http://java.sun.com/xml/dom/properties/javaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/properties/internal/stax-entity-resolverjavaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://www.oracle.com/hotspot/jvm/vm/compiler/idjavaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpfalseunknown
        http://apache.org/xml/features/xinclude/fixup-base-urisjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/properties/internal/error-reporterjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/features/validation/schema:javaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/properties/internal/namespace-binderAjavaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        https://gist.github.com/maxd/63691840fc372f22f470.javaw.exe, 00000003.00000003.1951264881.00000000170AA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/properties/schema/external-schemaLocationJjavaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://www.oracle.com/hotspot/jvm/java/monitor/addressjavaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpfalseunknown
        http://apache.org/xml/features/include-commentsjavaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpfalseunknown
        http://apache.org/xml/features/scanner/notify-char-refsjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://javax.xml.transform.sax.SAXResult/feature#javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpfalse
          		unknown
          http://apache.org/xml/properties/internal/symbol-table6javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
          http://javax.xml.XMLConstants/property/accessExternalStylesheet8javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            http://apache.org/xml/features/namespacesYjavaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
            http://policy.camerfirma.com0javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpfalse
              		unknown
              http://apache.org/xml/properties/dom/current-element-node7javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              http://java.sun.com/xml/stream/properties/ignore-external-dtdjavaw.exe, 00000003.00000002.1985274707.000000000AE6A000.00000004.00001000.00020000.00000000.sdmpfalseunknown
              http://apache.org/xml/features/continue-after-fatal-errorjavaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              http://apache.org/xml/features/standard-uri-conformantjavaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              http://apache.org/xml/properties/internal/document-scannerjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              http://www.oracle.com/hotspot/jdk/jfr.jar.0.drfalseunknown
              http://www.certplus.com/CRL/class2.crljavaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpfalseunknown
              http://bugreport.sun.com/bugreport/javaw.exe, 00000003.00000002.1985274707.000000000A813000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.2002355616.000000006E233000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.drfalse
              • URL Reputation: safe
              		unknown
              http://java.oracle.com/javaw.exe, 00000003.00000002.2002355616.000000006E233000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000A818000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.drfalse
              • URL Reputation: safe
              		unknown
              http://apache.org/xml/features/javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              http://apache.org/xml/features/generate-synthetic-annotationsjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              http://www.oracle.com/technetwork/java/javaseproducts/C:javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpfalseunknown
              http://www.symauth.com/cps0(fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drfalse
              • URL Reputation: safe
              		unknown
              http://xml.org/sax/features/allow-dtd-events-after-endDTDjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpfalse
                		unknown
                http://cps.chambersign.org/cps/chambersroot.htmljavaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpfalse
                  		unknown
                  http://www.certplus.com/CRL/class3P.crljavaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpfalse
                    		unknown
                    http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlyjavaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://xml.org/sax/features/string-interningfeaturejavaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://crl.securetrust.com/STCA.crljavaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpfalse
                          		unknown
                          http://javax.xml.XMLConstants/property/accessExternalSchemaHJsjavaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://apache.org/xml/properties/internal/namespace-binderjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://www.oracle.com/hotspot/jvm/vm/gc/idjavaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpfalse
                                		unknown
                                http://www.symauth.com/rpa00fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                http://apache.org/xml/features/validate-annotations9javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://www.oracle.com/xml/is-standalonejavaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://java.sun.com/xml/stream/properties/ignore-external-dtdRjavaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://javax.xml.transform.sax.SAXTransformerFactory/featurejavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, jfr.jar.0.drfalse
                                        		unknown
                                        http://javafx.com/vp6decoderflvdemuxfxplugins.dll.0.drfalse
                                          		unknown
                                          http://javax.xml.XMLConstants/property/accessExternalStylesheetjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://apache.org/xml/properties/security-managerjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://www.oracle.com/technetwork/java/javaseproducts/javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpfalse
                                                		unknown
                                                http://java.sun.com/xml/dom/properties/ancestor-checkjavaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://xml.apache.org/xsltjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://www.oracle.com/hotspot/jvm/javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmp, jfr.jar.0.drfalse
                                                      		unknown
                                                      http://javax.xml.transform.stax.StAXResult/featurejavaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://asm.objectweb.orgjavaw.exe, 00000003.00000002.1985274707.000000000AAC7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://policy.camerfirma.comsjavaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://apache.org/xml/features/validation/warn-on-duplicate-attdef:javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://apache.org/xml/features/xincludejavaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://apache.org/xml/features/validation/schema-full-checkingjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://javax.xml.XMLConstants/property/javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://apache.org/xml/properties/internal/dtd-scanner7javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://openjdk.java.net/jeps/220).javaw.exe, 00000003.00000002.2001338707.000000006C361000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                        		unknown
                                                                        http://apache.org/xml/properties/internal/grammar-pooljavaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://apache.org/xml/properties/localejavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://java.sun.com/xml/stream/properties/reader-in-defined-statejavaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://crl.thawte.com/ThawteTimestampingCA.crl0fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://www.quovadisglobal.com/cps0javaw.exe, 00000003.00000002.1985274707.000000000AFDE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crljavaw.exe, 00000003.00000002.1976371401.0000000005319000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilterssjavaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://apache.org/xml/features/allow-java-encodingsjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://apache.org/xml/properties/internal/validator/dtdDjavaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://www.oracle.com/feature/use-service-mechanismjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://xml.org/sax/features/validationsjavaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://javax.xml.XMLConstants/property/accessExternalDTDjavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://apache.org/xml/xmlschema/1.0/anonymousTypesjavaw.exe, 00000003.00000003.1957826795.0000000015E55000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              http://javax.xml.transform.stream.StreamSource/featurejavaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://apache.org/xml/features/validation/schema/normalized-valuejavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://javax.xml.transform.stax.StAXSource/feature#javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://apache.org/xml/features/xinclude/fixup-languagejavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://javax.xml.transform.dom.DOMSource/featurejavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989115644.0000000015863000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://github.com/TsSaltan/DevelNext-jURL/releases/latestjavaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1991531187.0000000016EC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://www.quovadisglobal.com/cpsjavaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B08A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://apache.org/xml/properties/dom/document-class-namejavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespacejavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://apache.org/xml/properties/internal/symbol-tablejavaw.exe, 00000003.00000002.1985274707.000000000ABEB000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://apache.org/xml/properties/internal/error-handler=javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://www.quovadis.bmjavaw.exe, 00000003.00000002.1985274707.000000000B1D6000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000003.00000002.1985274707.000000000B0A5000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://apache.org/xml/features/xincludeCjavaw.exe, 00000003.00000002.1989115644.0000000015725000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://xml.org/sax/properties/xml-string?javaw.exe, 00000003.00000002.1989866648.0000000015DD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown

                                                                                                                          World Map of Contacted IPs

                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs

                                                                                                                          Public IPs

                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          104.20.3.235
                                                                                                                          		pastebin.comUnited States
                                                                                                                          		13335CLOUDFLARENETUStrue

                                                                                                                          General Information

                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                          Analysis ID:1526549
                                                                                                                          Start date and time:2024-10-06 09:30:13 +02:00
                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                          Overall analysis duration:0h 9m 39s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                          Number of analysed new started processes analysed:6
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:0
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample name:PInstaller.exe
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal56.troj.winEXE@5/219@1/1
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 66.7%
                                                                                                                          HCA Information:
                                                                                                                          • Successful, ratio: 100%
                                                                                                                          • Number of executed functions: 37
                                                                                                                          • Number of non-executed functions: 68
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                          • Stop behavior analysis, all processes terminated

                                                                                                                          Warnings

                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                          • Execution Graph export aborted for target javaw.exe, PID 1816 because there are no executed function
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          No simulations

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          104.20.3.235sostener.vbsGet hashmaliciousNjratBrowse
                                                                                                                          • pastebin.com/raw/V9y5Q5vv
                                                                                                                          SX8OLQP63C.exeGet hashmaliciousVjW0rm, AsyncRAT, RATDispenserBrowse
                                                                                                                          • pastebin.com/raw/V9y5Q5vv
                                                                                                                          sostener.vbsGet hashmaliciousRemcosBrowse
                                                                                                                          • pastebin.com/raw/V9y5Q5vv
                                                                                                                          New Voicemail Invoice 64746w .jsGet hashmaliciousWSHRATBrowse
                                                                                                                          • pastebin.com/raw/NsQ5qTHr
                                                                                                                          Invoice-883973938.jsGet hashmaliciousWSHRATBrowse
                                                                                                                          • pastebin.com/raw/NsQ5qTHr
                                                                                                                          2024 12_59_31 a.m..jsGet hashmaliciousWSHRATBrowse
                                                                                                                          • pastebin.com/raw/NsQ5qTHr
                                                                                                                          PendingInvoiceBankDetails.JS.jsGet hashmaliciousWSHRATBrowse
                                                                                                                          • pastebin.com/raw/NsQ5qTHr

                                                                                                                          Domains

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          pastebin.comra66DSpa.exeGet hashmaliciousXWormBrowse
                                                                                                                          • 104.20.4.235
                                                                                                                          tMREqVW0.exeGet hashmaliciousXWormBrowse
                                                                                                                          • 104.20.3.235
                                                                                                                          wSVyC8FY.exeGet hashmaliciousXWormBrowse
                                                                                                                          • 172.67.19.24
                                                                                                                          vb.vbsGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                                                                          • 104.20.3.235
                                                                                                                          tYeFOUhVLd.exeGet hashmaliciousRedLineBrowse
                                                                                                                          • 104.20.3.235
                                                                                                                          SKMBT_77122012816310TD0128_17311_XLS.vbsGet hashmaliciousRemcosBrowse
                                                                                                                          • 104.20.4.235
                                                                                                                          sostener.vbsGet hashmaliciousNjratBrowse
                                                                                                                          • 104.20.4.235
                                                                                                                          sostener.vbsGet hashmaliciousXWormBrowse
                                                                                                                          • 104.20.4.235
                                                                                                                          3.dllGet hashmaliciousUnknownBrowse
                                                                                                                          • 104.20.3.235
                                                                                                                          6.dllGet hashmaliciousUnknownBrowse
                                                                                                                          • 104.20.4.235

                                                                                                                          ASNs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 172.67.151.30
                                                                                                                          updater.exeGet hashmaliciousXmrigBrowse
                                                                                                                          • 172.67.162.29
                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 172.67.151.30
                                                                                                                          http://www.grandsignatureyercaud.com/Get hashmaliciousUnknownBrowse
                                                                                                                          • 104.21.51.144
                                                                                                                          http://www.nesianlife.com/Get hashmaliciousUnknownBrowse
                                                                                                                          • 104.18.39.195
                                                                                                                          https://daf2019.com/8/02Get hashmaliciousUnknownBrowse
                                                                                                                          • 172.65.190.172
                                                                                                                          https://wtm.entree-plat-dessert.com/r/eNqtj01vgkAQhn8NvVXcL1gOplGBqgUraGrx0gC7iquAwqLVX99Ve2iT9ubMHN6ZyeSd56hbEBqA6oCbGCPCAQM0phBhC7IUJHBp4phQznVAEdGxSfQEotRYwjYyKWMGQTFoQwMCK4mxCmupt1U2+lPTyaTc1RrqatBVxVmLF7Li/HG3jeUj43XNK9lKy/yyRy7nGrJv32jQUHf2UdkpuVfSXC6C9bAo5mAqNzN3IcLBoB0KacxNSptTOZpGXmrlfX/q7OFn8n7yUEaceiRW/VPoRudGgwT2crMOCCGr4Xl86V1zIgp5juC1sfd2lCXe8KU7Pryth8GiG+RWUUQEilF2skVEzh6ejS3PwcBeGTPfB5zNXTo5YPHsrF+vDscJq+zellaxHwrkrW62I0kdAcp+Qvz5oCw3ySY+bGyF1sj8oy6bKr2wF9vvSc7ZusnVJOMx49UDSzt34P9N/4P9DuR/cP9H/QVY0sGGGet hashmaliciousUnknownBrowse
                                                                                                                          • 188.114.96.3
                                                                                                                          https://blmphilly.com/Get hashmaliciousUnknownBrowse
                                                                                                                          • 172.66.0.227
                                                                                                                          https://wtm.entree-plat-dessert.com/r/eNpVUF2v2jAM/TXdW29J0vTj4WoCCgMGd3xprLygNHFLS5OWNoELv35hmjTNsuzj42Nb8t2LMQ5Q5CEIfZ9QQAJFLMLEj7HgKMN56DMaAXgoItTzQ+plmPAgxwMSRkIElDA0wAFGccZ8a3Hu+R5CXuN9Ne9nrdveIUMHT60zrs1bDlLCC0Fdw1veWZ6bsi8VWNQBB62hdwW4/9iiY7pUf7jGdMVL4Zpad8wtbC2ZEm7N3L+zrm6MjX0p2xrcUgCz6Wpeoka50GtXNTLrwHy6GIVx5IcOmRotT73dxcEhyR1q3shSFaB0B9DWTAvoe+i0gwMmW4eMXnoJojTS6nnL/2twC1lZKNtqZXPKGT+xTpe8hi+Cv4f5cVPOlTqgnb7sp8dqO5sNtpUODmEUmUez2KVLHsvxaje54s/s12NJznTSL6pi/NhO06dx8EiG/YZSWsyfH/Y94bpS+pliC5Nrkp6z5fz78OP2s5xvjsONjJVKKa4W50dSpfS59Pcf8XLio6QI9qsVAnGYRuubX32blD/s7vtadMmojjq22lZkWbzOLXQ0qVAzzujqMGuaS3Zht0vyG3pQvJg=Get hashmaliciousUnknownBrowse
                                                                                                                          • 172.67.186.254
                                                                                                                          https://wtm.entree-plat-dessert.com/r/eNpNj1uTojAQhX8N+6aYG4SHqS0VWHXB9Vbj4stUCAGDXJyQ6OKv38zbdPXDV+d096l+ugGEHqAuED7GiAhQAMooRDiABQc5LH3MCBXCBRQRF/vEzSHiXglnyKdF4RHEwAx6EAQ5w7aC0vVcQNze/WnerlrfBwfNHRjbZlybacuUFLxhUolpqazKjRxkJyxpprSYMDPJVc/7Rk4GZriYcKPUOOFWcuASYD/wCJyy4e6gmOmPVhTStA4KRaE/bIIDPdZab2E9bonJqrPus+F925pGy+8DQ28UF1/LnVZC3BumCzEMQukfBX/zy8terrvuDI76doov9WG1mh1q7Z19Ss3Yb45ZwoN2mR6jT/gv/zsm6EqiYVNXy/EQZy/jwEXrD3tCSLV+be2H/q7u9CuDFsPPMLvmyfr3fPt4l+v9Zb5vg67LCKw31zGsM/JK8GkbJBEGYeWd0hSI4hzT3QPXvyL5x95+7goVLhqqWHqoUVJ9xW00jWrQL3OSnld9f8tv7HEL/wMooptNGet hashmaliciousUnknownBrowse
                                                                                                                          • 104.18.38.76

                                                                                                                          JA3 Fingerprints

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          2db6873021f2a95daa7de0d93a1d1bf2123.sfx.exeGet hashmaliciousSTRRATBrowse
                                                                                                                          • 104.20.3.235

                                                                                                                          Dropped Files

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dll123.sfx.exeGet hashmaliciousSTRRATBrowse
                                                                                                                            EYOFFTITMDLXZJFFCCGFDTBIY.msiGet hashmaliciousUnknownBrowse
                                                                                                                              SSCBOLGZFXVJMEICRNQMJOCDIF.msiGet hashmaliciousUnknownBrowse
                                                                                                                                BOCTGZXINFFCD20242108.msiGet hashmaliciousUnknownBrowse
                                                                                                                                  PGCTGZXFCD20242008.msiGet hashmaliciousUnknownBrowse
                                                                                                                                    CloudInstaller.zipGet hashmaliciousUnknownBrowse
                                                                                                                                      uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                                                                                                                        uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                                                                                                                          Advanced_IP_Scanner_2.5.4594.1 (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                            New Soft Update.exeGet hashmaliciousUnknownBrowse

                                                                                                                                              Created / dropped Files

                                                                                                                                              C:\Users\user\.oracle_jre_usage\5a479ad919b8cd0e.timestamp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):64
                                                                                                                                              Entropy (8bit):4.69868417945087
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:oNt+kiEaKC5FXmhFs0Xy:oNwknaZ5FXmf7i
                                                                                                                                              MD5:12BAA52F2E4281D4846C2EBE4EDF2938
                                                                                                                                              SHA1:47761D39E0DE2FE6232097F7CFB7F3A5AFB77BD9
                                                                                                                                              SHA-256:EFD1BC513200C64FC69F0F162375643FC15D463D50BC79E24F09AB07047C7C47
                                                                                                                                              SHA-512:7AE8EED1B37B1EC94329F50D514A3034C4A9F4E3FFBCA6568CCBB5333F8560C906C9D178E62BB4A608563CA34D17CFCEB19CCBC850059DD613F2A69FBBBB7D16
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:C:\Users\user\AppData\Roaming\InstallerPDW\jre..1728199887712..

                                                                                                                                              C:\Users\user\AppData\Local\Temp\hsperfdata_user\1816

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):65536
                                                                                                                                              Entropy (8bit):1.3790048024412722
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:e6RreWRa8G+cAAdGiaFbMR4MVbJ+TUSCa37rX61BMzJ2nrW2UO:e6cAa8G+cJdGhXMKAG7rX61BMzJ2nrF
                                                                                                                                              MD5:247291AF53A8AF91F1F57FF39185FD00
                                                                                                                                              SHA1:B9A52ACBDAA6B6B01FC54FCE62A5D48D6878854D
                                                                                                                                              SHA-256:05CB07AA2FF6F48E19E262FB892B5D1079F1370A3138F1E007A201A30898FCA8
                                                                                                                                              SHA-512:A1E9C39816DAF79F4BE0A77E7CC379A600B7F2B89984842AABE6BA1775DF8C8693367CE547A3CDFB4D10253DEDF4E8D85823F58B2762E174C78F912BE7828C07
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:.........;......k("..... .......8...........J...0...sun.rt._sync_Inflations.....-.......8...........J...0...sun.rt._sync_Deflations.....+.......@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..L.......@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..?.......8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                                                                              C:\Users\user\AppData\Local\Temp\nssDB2F.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):161465692
                                                                                                                                              Entropy (8bit):6.70933895101626
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1572864:08nnAcje4a6u24/Zcv/GhiQs0GZTjjY1UWB4Lc:JNJa61b5Tjj/5Lc
                                                                                                                                              MD5:376BF19DA46424069AFBA0B6A1F6656D
                                                                                                                                              SHA1:662ECAA8416C1E762A42011403891452A2E2260C
                                                                                                                                              SHA-256:84FB806D3C57C082E1D79A3CF073C48E1AF5AF1D31CDFB2846DEAACF89F1A248
                                                                                                                                              SHA-512:8F243F3B16DCDECA8FEB019E8EA1C315066E7BF4B367D3EFCF62DB546FF7183D27DB4D35533245A51A14CF12376468F272235DBE6C5AE5791FC971271BF11E4B
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:*M......,..................."....).......L.......L..........................................................................4...............................................................................................................................................................G...J...............g.......................Z.......................................j.......................Z...................................................................................................................5.......Wk..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\install.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):139264
                                                                                                                                              Entropy (8bit):4.666971952850818
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:JZ2FWSNhd/4131iP08SKKAP7wBwp8wZtE:r2ddQ131ispKJP7w2p
                                                                                                                                              MD5:5ECD826BABBEBDD959456C471DEC6465
                                                                                                                                              SHA1:F94A596B742C0653FF7201469F133108F17B46E9
                                                                                                                                              SHA-256:B2BE43C010BC0D268A42A11296829E088D7EEF81CC39BFCDC0B9F0E9A65717EA
                                                                                                                                              SHA-512:30563A15786F245E4A7FF1B8996F302DBF4B1D4950098D6899815B5065D3058B290A81B6564C19C85CFCD425C08C9F6BAC5BC31BA95773978F9A9C5CDE123D38
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                              Reputation:low
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v.f.................b........................@..................................1....@... ..............................0.......@..F............................................................................2...............................text....`.......b.................. .0`.data...@............f..............@.0..rdata...............h..............@.0@.bss....0.............................0..idata.......0.......n..............@.0..rsrc...F....@.......z..............@.0.................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\COPYRIGHT

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3313
                                                                                                                                              Entropy (8bit):4.557128068430301
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:a58tiSm9iicC7CRRS9i7cq11iUDcsMLks0h9n:WOi59rcF/Cigq11iUD5MLks0z
                                                                                                                                              MD5:FC605D978E7825595D752DF2EF03F8AF
                                                                                                                                              SHA1:C493C9541CAAEE4BFE3B3E48913FD9DF7809299F
                                                                                                                                              SHA-256:7D697EAA9ACF50FE0B57639B3C62FF02916DA184F191944F49ECA93D0BB3374F
                                                                                                                                              SHA-512:FB811DE6A2B36B28CA904224EA3525124BD4628CA9618C70EB9234AB231A09C1B1F28D9B6301581A4FA2E20F1036D5E1C3D6F1BF316C7FE78EF6EDEAE50EA40E
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                              Preview:Copyright . 1993, 2016, Oracle and/or its affiliates...All rights reserved.....This software and related documentation are provided under a..license agreement containing restrictions on use and..disclosure and are protected by intellectual property laws...Except as expressly permitted in your license agreement or..allowed by law, you may not use, copy, reproduce, translate,..broadcast, modify, license, transmit, distribute, exhibit,..perform, publish, or display any part, in any form, or by..any means. Reverse engineering, disassembly, or..decompilation of this software, unless required by law for..interoperability, is prohibited.....The information contained herein is subject to change..without notice and is not warranted to be error-free. If you..find any errors, please report them to us in writing.....If this is software or related documentation that is..delivered to the U.S. Government or anyone licensing it on..behalf of the U.S. Government, the following notice is..applicable:...

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\LICENSE

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):41
                                                                                                                                              Entropy (8bit):4.271470906740504
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:c3AXFshzhRSkv:c9hzhgkv
                                                                                                                                              MD5:67CB88F6234B6A1F2320A23B197FA3F6
                                                                                                                                              SHA1:877ACEBA17B28CFFF3F5DF664E03B319F23767A1
                                                                                                                                              SHA-256:263E21F4B43C118A8B4C07F1A8ACB11CAFC232886834433E34187F5663242360
                                                                                                                                              SHA-512:4D43E5EDECAB92CEBD853204C941327DCCBFD071A71F066C12F7FB2F1B2DEF59C37A15CE05C4FE06EC2EA296B8630C4E938254A8A92E149E4A0A82C4307D648F
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                              Preview:Please refer to http://java.com/license..

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\README.txt

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):47
                                                                                                                                              Entropy (8bit):4.2563005536211715
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:c3AXFshzhRSkjn:c9hzhgkjn
                                                                                                                                              MD5:4BDA1F1B04053DCFE66E87A77B307BB1
                                                                                                                                              SHA1:B8B35584BE24BE3A8E1160F97B97B2226B38FA7D
                                                                                                                                              SHA-256:FD475B1619675B9FB3F5CD11D448B97EDDEE8D1F6DDCCA13DED8BC6E0CAA9CF3
                                                                                                                                              SHA-512:997CEE676018076E9E4E94D61EC94D5B69B148B3152A0148E70D0BE959533A13AD0BC1E8B43268F91DB08B881BF5050A6D5C157D456597260A2B332A48068980
                                                                                                                                              Malicious:false
                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                              Preview:Please refer to http://java.com/licensereadme..

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):111645
                                                                                                                                              Entropy (8bit):4.8590909329531025
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:iiVRF8bLuepEvc5O5YwT3JJ4WOHHA/AFjrlHyEepdfZ9JIH4gDq:dRMiCOjJJ4pg/0Hx9MlZ9KH47
                                                                                                                                              MD5:0E05BD8B9BFCF17F142445D1F8C6561C
                                                                                                                                              SHA1:CF0A9F4040603008891AA0731ABF89CE2403F2FB
                                                                                                                                              SHA-256:C3EA3996241B8E9AE7DB3780E470174076FD2003D8AEFAA77BF0BAB5E04DE050
                                                                                                                                              SHA-512:07C7865D31D22BA0C68E384AFEDC22261F7B3A82BEBC9324145FF7F631623ECA2DC31C71CDBBFC9FEBC1733451A095302DE2A0877821A5B68038E350969BF460
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:.DO NOT TRANSLATE OR LOCALIZE....***************************************************************************....%%The following software may be included in this product:..Microsoft DirectShow - Base Classes....Use of any of this software is governed by the terms of the license below:....MSDN - Information on Terms of Use....Updated: February 13, 2008....ON THIS PAGE.... * ACCEPTANCE OF TERMS.. * PRIVACY AND PROTECTION OF PERSONAL INFORMATION.. * NOTICE SPECIFIC TO APIs AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO SOFTWARE AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO DOCUMENTATION AVAILABLE ON THIS WEB SITE.. * NOTICES REGARDING SOFTWARE, DOCUMENTATION, APIS AND SERVICES AVAILABLE ON..THIS WEB SITE.. * RESERVATION OF RIGHTS.. * MEMBER ACCOUNT, PASSWORD, AND SECURITY.. * NO UNLAWFUL OR PROHIBITED USE.. * USE OF SERVICES.. * MATERIALS PROVIDED TO MICROSOFT OR POSTED AT ANY MICROSOFT WEB SITE.. * NOTICES AND PROCEDURE FOR MAKING CLAIMS OF COP

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txt

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):180668
                                                                                                                                              Entropy (8bit):5.064180003233063
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:54ct+BcF1N7m8arf1kHRSusX2NyJ9KH4PF4j52eTjLAzE7GzmCK+XNhalQxkM8QB:N7mtrf1GhMF4j5RMGQoyzaXmR
                                                                                                                                              MD5:0E87879F452892B85C81071A1DDD5A2A
                                                                                                                                              SHA1:2CF97C1A84374A6FBBD5D97FE1B432FA799C3B19
                                                                                                                                              SHA-256:9C18836FD0B5E4B0C57CFFDB74574FA5549085C3B327703DC8EFE4208F4E3321
                                                                                                                                              SHA-512:10BA68FFD9DEAB10A0B200707C3AF9E95E27AED004F66F049D41310CB041B7618EE017219C848912D5951599208D385BCB928DD33175652101C7E5BC2E3EBA5B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:DO NOT TRANSLATE OR LOCALIZE...-----------------------------....%% This notice is provided with respect to ASM Bytecode Manipulation ..Framework v5.0.3, which may be included with JRE 8, and JDK 8, and ..OpenJDK 8.....--- begin of LICENSE ---....Copyright (c) 2000-2011 France T.l.com..All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:....1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution.....3. Neither the name of the copyright holders nor the names of its.. contributors may be used to endorse or promote products derived from.. this software without specific prior written

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\Welcome.html

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):983
                                                                                                                                              Entropy (8bit):5.135635144562017
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:+STATDcxWpAVjXQ5cjaJ2gjQo4OSED6R8R/TtDpM:+STATD7pqjXBeJdso4OnxRc
                                                                                                                                              MD5:3CB773CB396842A7A43AD4868A23ABE5
                                                                                                                                              SHA1:ACE737F039535C817D867281190CA12F8B4D4B75
                                                                                                                                              SHA-256:F450AEE7E8FE14512D5A4B445AA5973E202F9ED1E122A8843E4DC2D4421015F0
                                                                                                                                              SHA-512:6058103B7446B61613071C639581F51718C12A9E7B6ABD3CF3047A3093C2E54B2D9674FAF9443570A3BB141F839E03067301FF35422EB9097BD08020E0DD08A4
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<html>..<head>..<title>..Welcome to the Java(TM) Platform..</title>..</head>..<body>....<h2>Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Platform</h2>..<p> Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Standard Edition Runtime .. Environment. This provides complete runtime support for Java applications. ..<p> The runtime environment includes the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> .. Plug-in product which supports the Java environment inside web browsers. ..<h3>References</h3>..<p>..See the <a href="http://download.oracle.com/javase/7/docs/technotes/guides/plugin/">Java Plug-in</a> product..documentation for more information on using the Java Plug-in product...<p> See the <a href=.."http://www.oracle.com/technetwork/java/javase/overview/"..>Java Platform</a> web site for .. more information on the Java Platform. ..<hr>..<font size="-2">..Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved...</font>..<p>..</body>..</html>..

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\asm-all.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):247787
                                                                                                                                              Entropy (8bit):7.915391305945515
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:p+30cnH7ihlQT+uRm0C/vL7cvRurEQ9oTo4/1pC:p+3VnYo+WkvsJuApo4/1k
                                                                                                                                              MD5:F5AD16C7F0338B541978B0430D51DC83
                                                                                                                                              SHA1:2EA49E08B876BBD33E0A7CE75C8F371D29E1F10A
                                                                                                                                              SHA-256:7FBFFBC1DB3422E2101689FD88DF8384B15817B52B9B2B267B9F6D2511DC198D
                                                                                                                                              SHA-512:82E6749F4A6956F5B8DD5A5596CA170A1B7FF4E551714B56A293E6B8C7B092CBEC2BEC9DC0D9503404DEB8F175CBB1DED2E856C6BC829411C8ED311C1861336A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........RT.IcT..............META-INF/MANIFEST.MF.....T]o.0.}G...x.6.......L.T..X_'.\..3.....h....).}r...zF.[.6.3(.........G..LFl. .....z4....4.A@*"........5&.....=..Ah^`.I....N.3......y1#.s.r.5h...D.J7.....s..2..4.05H5.{...A..|.,...}..C....'.tT.g.d.}..I../.....8.2&.w.........+.."..`c.y._...?..9.{........L3.0.....M...6..T.x.R.tQ..+#...`4.K..)f.L.5.^..(..22U....-.#.5Qdj.......n.e=5$..$b."...sA!..D....OO..fNg.... ui.2...=....-..R.G..E..V3..G..m.i..L...f.......8.`......^........!...`5.0V.%?...D&.Iy5.....?...V.._..m.T..B.:..-..Ng)%....}o.w._PK........RT.I................org/..PK........RT.I................org/objectweb/..PK........RT.I................org/objectweb/asm/..PK........RT.I............)...org/objectweb/asm/AnnotationVisitor.class..]O.`.....(+.....:']...`L..b...../.4M..R.~...&.%...~(.9m...3{..?...y....??....]..@E. .v.P.{b..w.'.....'.;......~....qt.^.i.....><.....}.&a..u..&l..{..u. ..........s'3..(L_.^.>.z...uU.<$(..9I.......'......'.........

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):14912
                                                                                                                                              Entropy (8bit):6.141852308272967
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:7pQMhM63XLPVT6MsMPapRuBUEp7nYe+PjPriT0fwtK:7muL7PV4aapRuBTp7nYPLr7J
                                                                                                                                              MD5:D63933F4E279A140CC2A941CCFF38348
                                                                                                                                              SHA1:75169BE2E9BCFE20674D72D43CA6E2BC4A5A9382
                                                                                                                                              SHA-256:532D049E0D7A265754902C23B0F150D665A78A3D6FE09AD51C9BE8C29D574A3D
                                                                                                                                              SHA-512:D7A5023A5EB9B0C3B2AD6F55696A166F07FA60F9D1A12D186B23AAAACC92EF948CB5DFFA013AFC90C4BBE3DE077D591185902384F677D0BAE2FF7CFD5DB5E06C
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Joe Sandbox View:
                                                                                                                                              • Filename: 123.sfx.exe, Detection: malicious, Browse
                                                                                                                                              • Filename: EYOFFTITMDLXZJFFCCGFDTBIY.msi, Detection: malicious, Browse
                                                                                                                                              • Filename: SSCBOLGZFXVJMEICRNQMJOCDIF.msi, Detection: malicious, Browse
                                                                                                                                              • Filename: BOCTGZXINFFCD20242108.msi, Detection: malicious, Browse
                                                                                                                                              • Filename: PGCTGZXFCD20242008.msi, Detection: malicious, Browse
                                                                                                                                              • Filename: CloudInstaller.zip, Detection: malicious, Browse
                                                                                                                                              • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                                                                                                                              • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                                                                                                                              • Filename: Advanced_IP_Scanner_2.5.4594.1 (1).exe, Detection: malicious, Browse
                                                                                                                                              • Filename: New Soft Update.exe, Detection: malicious, Browse
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...yPjW...........!......................... .....m.........................`......em....@.........................`%......,"..P....@..x............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..d.... ......................@..@.data...`....0......................@....rsrc...x....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):14912
                                                                                                                                              Entropy (8bit):6.1347115439165085
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:0Usw4DPU3XLPVT6GsKOhWIutUinYe+PjPriT0fwyI8:ew7PVIKyWIutDnYPLr728
                                                                                                                                              MD5:B4EB9B43C293074406ADCA93681BF663
                                                                                                                                              SHA1:16580FB7139D06A740F30D34770598391B70AC96
                                                                                                                                              SHA-256:8CD69AF7171F24D57CF1E6D0D7ACD2B35B4EA5FDF55105771141876A67917C52
                                                                                                                                              SHA-512:A4E999E162B5083B6C6C3EAFEE4D84D1EC1C61DCA6425F849F352FFDCCC2E44DFEE0625C210A8026F9FF141409EEBF9EF15A779B26F59B88E74B6A2CE2E82EF9
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...zPjW...........!......................... .....m.........................`.......2....@.........................`%......,"..P....@..p............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..a.... ......................@..@.data...`....0......................@....rsrc...p....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):128064
                                                                                                                                              Entropy (8bit):6.428684952829155
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:uN77TJSG78+5Orcj5K/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mn:uNXd178+5fJZnQLo
                                                                                                                                              MD5:2F808ED0642BD5CF8D4111E0AF098BBB
                                                                                                                                              SHA1:006163A07052F3D227C2E541691691B4567F5550
                                                                                                                                              SHA-256:61DFB6126EBA8D5429F156EAAB24FF30312580B0ABE4009670F1DD0BC64F87BB
                                                                                                                                              SHA-512:27DBDA3A922747A031FF7434DE5A596725FF5AE2BC6DD83D6D5565EB2BA180B0516896323294459997B545C60C9E06DA6C2D8DD462A348A6759A404DB0F023A7
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...rPjW...........!................#..............m................................p.....@.........................p...........P.......x...............@...........................................p...@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):127552
                                                                                                                                              Entropy (8bit):6.413283221897154
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:SdQ4jWJt4XChlFavveKSQ4gHK/e2Hrgc6kZAn1y1koKMKy1Zf22QYHJiuzTl8ShM:Sy4SJ1TFavvehc7ZnwEr
                                                                                                                                              MD5:C3DED5F41E28FAF89338FB46382E4C3E
                                                                                                                                              SHA1:6F77920776D39550355B146D672C199A3941F908
                                                                                                                                              SHA-256:4691603DFABE6D7B7BEAC887DADC0E96243C2FF4F9A88CE3793E93356C53AA08
                                                                                                                                              SHA-512:23621F2856899F40CFA9858DC277372BFE39F0205377543EB23E94422D479A53FDF664F4A9A4515C2285811F01D91AB64A834A03A4D3AB0CB7D78F8AF11135FF
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...sPjW...........!...............................m......................................@.........................@...........P.......p...............@...........................................H...@............................................text...n........................... ..`.rdata..............................@..@.data...............................@....rsrc...p...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):97856
                                                                                                                                              Entropy (8bit):6.467907542894502
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:/fHGbDtpt+WfGegcX30EJ4YHiYmRkgAPe+GP8uWg1kQOPt:/w2WfGe/30EWbY4Z+GpWuHOPt
                                                                                                                                              MD5:F78D2BF2C551BE9DF6A2F3210A2964C1
                                                                                                                                              SHA1:B6A4160ECA4C0D0552234FF69BCFDF45F0A2A352
                                                                                                                                              SHA-256:9D18E5421A8606985FA54D7CEA921D1B8930358A2E4CDF5FDF2A8B3E4D857288
                                                                                                                                              SHA-512:AAC8622683BE57518F8B03198A03BF1F760E082692C1FB6252E96CDBA19D3CEB0A6786CCBD7B98830E865297308FA99DBBEA464E41041ABDDA18AEB862BA993F
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...pPjW...........!................At.............p................................7P....@..........................9..A....1..<....................f..@............................................,..@...............@............................text...\........................... ..`.rdata..Qg.......h..................@..@.data...`,...P.......8..............@....rsrc................F..............@..@.reloc..J............N..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):95808
                                                                                                                                              Entropy (8bit):6.48897048228647
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:EHSB4i2hJwZaDEoDVzkhbyJCAqn9nV+1vkJnHBoY8BK5Hj:EJJwZWEoDVYby81yiBovkHj
                                                                                                                                              MD5:E5A6231FE1E6FEC5F547DFD845D209BC
                                                                                                                                              SHA1:3F21F90ECC377B6099637D5B59593D2415450D45
                                                                                                                                              SHA-256:51355EA8A7DC238483C8069361776103779CE9FE3CD0267770E321E6E4368366
                                                                                                                                              SHA-512:D5D20DF0089F3217B627D39ABD57C61E026D0DC537022FB698F85FA6893C7FA348C40295DEEC78506F0EF608827D39E2F6F3538818BA25E2A0EE1145FCC95940
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...qPjW...........!................!o.............p......................................@.........................p7..>...<0..<.......x............^..@...........................................(+..@...............@............................text...<........................... ..`.rdata...e.......f..................@..@.data...`,...P.......0..............@....rsrc...x............>..............@..@.reloc..J............F..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1182272
                                                                                                                                              Entropy (8bit):6.63089480914076
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:68M4H6ioDs5FELnSbY6Ck2IlAnVCXQlFg3:9eaGnkXQlFQ
                                                                                                                                              MD5:159CCF1200C422CED5407FED35F7E37D
                                                                                                                                              SHA1:177A216B71C9902E254C0A9908FCB46E8D5801A9
                                                                                                                                              SHA-256:30EB581C99C8BCBC54012AA5E6084B6EF4FCEE5D9968E9CC51F5734449E1FF49
                                                                                                                                              SHA-512:AB3F4E3851313391B5B8055E4D526963C38C4403FA74FB70750CC6A2D5108E63A0E600978FA14A7201C48E1AFD718A1C6823D091C90D77B17562B7A4C8C40365
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.Q...?...?...?......?.......?.......?.z...?.......?.......?...>.;.?.....s.?.....w.?.......?.......?.......?.Rich..?.........................PE..L...nPjW...........!................,G.............m.........................P......Y.....@.................................,{...........N..............@....P......................................v..@............... ....V..`....................text...<........................... ..`.rdata.............................@..@.data...8....@...~...2..............@....rsrc....N.......P..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15424
                                                                                                                                              Entropy (8bit):6.380726588633652
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:1Td3hw/L3kKLnYgIOGOOssnPV5Lnf6onYPLr7EbH:1zw/bkKLt7KnddnfPC7S
                                                                                                                                              MD5:A46289384F76C2A41BA7251459849288
                                                                                                                                              SHA1:4D8EF96EDBE07C8722FA24E4A5B96EBFA18BE2C4
                                                                                                                                              SHA-256:728D64BC1FBF48D4968B1B93893F1B5DB88B052AB82202C6840BF7886A64017D
                                                                                                                                              SHA-512:34D62BEB1FA7D8630F5562C1E48839CE9429FAEA980561E58076DF5F19755761454EEB882790EC1035C64C654FC1A8CD5EB46ECA12E2BC81449ACBB73296C9E8
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../x.W...w.W..W..W....s.W...u.W...@.W...A.W...p.W...q.W...v.W..Rich.W..........................PE..L...nPjW...........!......................... .....m.........................`.......9....@..........................'......|$..<....@...............$..@....P....... ..............................8#..@............ ...............................text............................... ..`.rdata..v.... ......................@..@.data...p....0......................@....rsrc........@......................@..@.reloc.......P......."..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\Xusage.txt

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1447
                                                                                                                                              Entropy (8bit):4.228834598358894
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:+3AKdmzfuv6pBSyGJkR/4o6kn2SRGehD+GrspGC/hLRra:BzMUBLGJkBA+RGeV+GrspGC/TO
                                                                                                                                              MD5:F4188DEB5103B6D7015B2106938BFA23
                                                                                                                                              SHA1:8E3781A080CD72FDE8702EB6E02A05A23B4160F8
                                                                                                                                              SHA-256:BD54E6150AD98B444D5D24CEA9DDAFE347ED11A1AAE749F8E4D59C963E67E763
                                                                                                                                              SHA-512:0BE9A00A48CF8C7D210126591E61531899502E694A3C3BA7C3235295E80B1733B6F399CAE58FB4F7BFF2C934DA7782D256BDF46793F814A5F25B7A811D0CB2E3
                                                                                                                                              Malicious:false
                                                                                                                                              Preview: -Xmixed mixed mode execution (default).. -Xint interpreted mode execution only.. -Xbootclasspath:<directories and zip/jar files separated by ;>.. set search path for bootstrap classes and resources.. -Xbootclasspath/a:<directories and zip/jar files separated by ;>.. append to end of bootstrap class path.. -Xbootclasspath/p:<directories and zip/jar files separated by ;>.. prepend in front of bootstrap class path.. -Xnoclassgc disable class garbage collection.. -Xincgc enable incremental garbage collection.. -Xloggc:<file> log GC status to a file with time stamps.. -Xbatch disable background compilation.. -Xms<size> set initial Java heap size.. -Xmx<size> set maximum Java heap size.. -Xss<size> set java thread stack size.. -Xprof output cpu profiling data.. -Xfuture enable strictest checks, an

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3857984
                                                                                                                                              Entropy (8bit):6.850425436805504
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:98304:GyXul1SNceWfkD000V3wnIACM7g6cv/GZ:Q1SgfEP0ZwnIA97dcv/GZ
                                                                                                                                              MD5:39C302FE0781E5AF6D007E55F509606A
                                                                                                                                              SHA1:23690A52E8C6578DE6A7980BB78AAE69D0F31780
                                                                                                                                              SHA-256:B1FBDBB1E4C692B34D3B9F28F8188FC6105B05D311C266D59AA5E5EC531966BC
                                                                                                                                              SHA-512:67F91A75E16C02CA245233B820DF985BD8290A2A50480DFF4B2FD2695E3CF0B4534EB1BF0D357D0B14F15CE8BD13C82D2748B5EDD9CC38DC9E713F5DC383ED77
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$=.$`\.w`\.w`\.w{.Twb\.w..Pwf\.w{.Vwl\.w{.bwl\.wi$[wo\.w`\.w}].w{.cw-^.w{.Swa\.w{.Rwa\.w{.Uwa\.wRich`\.w........PE..L...nPjW...........!......,...........+.......,....m..........................<......q;...@...........................4.......4.......9.(.............:.@.... 9..G....,..............................t2.@.............,.P............................text.....+.......,................. ..`.rdata..Y.....,.......,.............@..@.data...d.....5..*....4.............@....rsrc...(.....9......"7.............@..@.reloc..\.... 9......(7.............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):142912
                                                                                                                                              Entropy (8bit):7.350682736920136
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:aoGzTjLkRPQ9U9NuLqcNicj5ojGylYCE2Iu2jGLF5A9bE8LUekfCz:LGz/oRPGLJN1IGgYCE2L1F5A9bEGUeR
                                                                                                                                              MD5:4BDC32EF5DA731393ACC1B8C052F1989
                                                                                                                                              SHA1:A677C04ECD13F074DE68CC41F13948D3B86B6C19
                                                                                                                                              SHA-256:A3B35CC8C2E6D22B5832AF74AAF4D1BB35069EDD73073DFFEC2595230CA81772
                                                                                                                                              SHA-512:E71EA78D45E6C6BD08B2C5CD31F003F911FD4C82316363D26945D17977C2939F65E3B9748447006F95C3C6653CE30D2CDA67322D246D43C9EB892A8E83DEB31A
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..K.c.K.c.K.c.Br..I.c.P...H.c.P...I.c.P...N.c.K.b.m.c.P...m.c.P...J.c.P...J.c.P...J.c.RichK.c.........................PE..L...nPjW...........!.........Z......V.............Sm.........................@.......!....@.................................<...P.... ..................@....0..........................................@............................................text...n........................... ..`.rdata........... ..................@..@.data....+.......(..................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):64064
                                                                                                                                              Entropy (8bit):6.338192715882019
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:Skh2CQuUlng7qkKi5iO8pm8cN9qOU33oit:Skkhu0nTli5jN8cNAOUHnt
                                                                                                                                              MD5:B04ABE76C4147DE1D726962F86473CF2
                                                                                                                                              SHA1:3104BADA746678B0A88E5E4A77904D78A71D1AB8
                                                                                                                                              SHA-256:07FF22E96DCFD89226E5B85CC07C34318DD32CDA23B7EA0474E09338654BFEB3
                                                                                                                                              SHA-512:2E4E2FEB63B6D7388770D8132A880422ABF6A01941BFF12CAD74DB4A641BDA2DCC8BF58F6DAE90E41CC250B79E7956DDF126943E0F6200272F3376A9A19505F1
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{.|.{.|.{.|..N..y.|.{.}.g.|.v.x.|.v.y.|.v.w.|.v.y.|....Z.|....z.|.v.z.|....z.|.Rich{.|.........................PE..L...nPjW...........!......... ......_.............Vm......................... .......*....@.....................................<.......................@...........................................(...@...............t............................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):453184
                                                                                                                                              Entropy (8bit):6.516599034237354
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:3J/sbugq7rm5zX2JDYfiA9+wvpsEWcIGnFm8iTFOBITfnvxIW1x8:3JUbzq+5zX25qvdfnFm88nvq+x8
                                                                                                                                              MD5:5EDAEFFC60B5F1147068E4A296F6D7FB
                                                                                                                                              SHA1:7D36698C62386449A5FA2607886F4ADF7FB3DEEF
                                                                                                                                              SHA-256:87847204933551F69F1CBA7A73B63A252D12EF106C22ED9C561EF188DFFCBAE8
                                                                                                                                              SHA-512:A691EF121D3AC17569E27BB6DE4688D3506895B1A1A8740E1F16E80EEFCE70BA18B9C1EFD6FD6794FAFC59BA2CAF137B4007FCDC65DDB8BCBFCF42C97B13535B
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:...:...:.......:.e....:......:......:.....:....:....:...;.`.:......:.......:.......:.......:.Rich..:.................PE..L...oPjW...........!.........:......n.............Xm................................-.....@.........................@...\6..............................@.......|8..................................Xh..@...............X...8........................text............................... ..`.rdata...;.......<..................@..@.data...............................@....rsrc...............................@..@.reloc..ZE.......F..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):25152
                                                                                                                                              Entropy (8bit):6.627329311560644
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:0mgNWEfK0RiC4qxJL8VI6ZEPG5Vv/11nYPLr7N:H6WmK0RiSxJ4VI6W+zbC7N
                                                                                                                                              MD5:72B7054811A72D9D48C95845F93FCD2C
                                                                                                                                              SHA1:D25F68566E11B91C2A0989BCC64C6EF17395D775
                                                                                                                                              SHA-256:D4B63243D1787809020BA6E91564D17FFEA4762AF99201E241F4ECD20108D2E8
                                                                                                                                              SHA-512:C6A16DAAF856939615DFDE8E9DBE9D5BFC415507011E85E44C6BF88B17B705C35CD7CED8EDA8F358745063F41096938D128DEE17E14FE93252E5B046BDFCDDC0
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%..cK.cK.cK....cK....cK.cJ.cK....cK....cK....cK....cK....cK....cK.Rich.cK.........PE..L...nPjW...........!.....*...........4.......@....|m................................:6....@.........................0M.......H..<....p...............J..@............A...............................F..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......@..............@....rsrc........p.......B..............@..@.reloc..z............F..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):21568
                                                                                                                                              Entropy (8bit):6.601333059222365
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:QwiAYZIxsQbbRLEs5Ltd7rpPVJfq0nYPLr7Ko+:BiPZj+bVEmtd7rpdJfnC7J+
                                                                                                                                              MD5:73603BF0DC85CAA2F4C4A38B9806EC82
                                                                                                                                              SHA1:74EBC4F158936842840973F54AF50CDF46BC9096
                                                                                                                                              SHA-256:39EF85AB21F653993C8AAAB2A487E8909D6401A21F27CBA09283B46556FB16AF
                                                                                                                                              SHA-512:5C238D677D458D5B7D43FA3FF424E13B62ABFCEDE66D55E3112DC09BF2F7B640EB8F82D00E41A2C7A7E7B36E3FCE3C2DCB060037314418D329466CC462D0BF71
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...'<8.>...'<:.>...'<..>...<...v...5.7.9...'<..1...'<?.=...'<>.=...'<9.=...Rich<...........................PE..L...nPjW...........!.................&.......0....}m................................F.....@..........................A..U....<..P....`...............<..@....p......@1..............................x;..@............0..(............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):827456
                                                                                                                                              Entropy (8bit):6.022966185458799
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:E0NweWDjb28WNjE/lBy/pUbS3lYMpQIRrAOh3:7Wb5By/pUbouAQIRHh3
                                                                                                                                              MD5:E741028613B1FC49EC5A899BE6E3FC34
                                                                                                                                              SHA1:9EAE3D3CA22E92A925395A660B55CECB2EB62D54
                                                                                                                                              SHA-256:9163A546696E581D443B3A6250F61E5368BE984C69ADFB54EE2B0E51D0FA008E
                                                                                                                                              SHA-512:05C6CE707F4F0F415E74D32F1AACEC7E2C7746C3D04C75502EAECAFAF9E0108CE6206A8A3939C92EDCE449FFC0A68FB4389EDAA93D61920D1EC85327D1B3A55A
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vu.'...t...t...t..Tt...t.lIt...t.lYt...t...t...t}bat...t..`t...t..at{..t..Qt...t..Pt...t..Wt...tRich...t................PE..L...pPjW...........!................T.............`m.....................................@.........................................P..................@....p..\^.....................................@...............X...........................text...,........................... ..`.rdata..8...........................@..@.data....t.......R..................@....rsrc........P......................@..@.reloc..zr...p...t..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):907328
                                                                                                                                              Entropy (8bit):6.160830535423145
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:ZyWOeRjqm9ZRI+Ga+fme7CV93+x6FQ3ge:VRAeMme7kA6F6ge
                                                                                                                                              MD5:4FD3548990CAF9771B688532DEF5DE48
                                                                                                                                              SHA1:567C27A4EA16775085D8E87A38FE58BEC4463F7D
                                                                                                                                              SHA-256:BDE5DF7BCFC35270B57A8982949BF5F25592A2E560A04E9868B84BEF83A0EA4B
                                                                                                                                              SHA-512:FD2CF2072A786293E30CD495BA06F4734F0CEA63CBC49B6D7A24F6891612375E48D1B5758D9408625E769E8A81C7C34F04278E011BCF47EDEB8C2AFC13AEC20C
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x...x...x....k..x...._..x....v..x....f..x...x...y....^..x....^..x....n..x....o..x....h..x..Rich.x..........................PE..L...nPjW...........!.................D.......0....mm................................t.....@..........................>......."..........................@........c...5..............................p...@............0..4............................text............................... ..`.rdata..T....0......................@..@.data...$Y...@...6...,..............@....rsrc................b..............@..@.reloc...g.......h...X..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):109120
                                                                                                                                              Entropy (8bit):5.986571003903383
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:LE9WcstxlDgZ9EYDKg0nc6N3MR+EpOB+o+5PVT/B:ghspgZPDanhs+EpOBF+5PFB
                                                                                                                                              MD5:A5455B9BEB5672D89B1F0FCFAA4C79CA
                                                                                                                                              SHA1:9C7DBB5AD1CB3EBE7347A9CDDD80389902DA81EC
                                                                                                                                              SHA-256:89A429889DCD0F6A3FE56217A0FEB5912132AAB2817643021EAE3716DA533D4A
                                                                                                                                              SHA-512:131866A4754F4AF78A94F0776815E7EA4375736A4B11A723B87A4436FA101D271FFE14E4B49D3AB1AE2FA61CDBDED0C3D174C75327BE3C24E0E4CC39AFFA9469
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ot....Z...Z...Z..Z...ZC@.Z...Z..Z...Z..Z...Z.v.Z...Z.v.Z...Z...Z...Z.x.Z...Z..Z...Z..Z...Z..Z...Z..Z...ZRich...Z........................PE..L...oPjW...........!..............................~m......................................@.........................P...J............0...t..............@...........P...............................0...@............... ...d...`....................text............................... ..`.rdata...D.......F..................@..@.data...0...........................@....rsrc....t...0...v..................@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):223296
                                                                                                                                              Entropy (8bit):6.501845596055873
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:8P8OC0xbNXLJAEh4hijzud6kAgZkFGMReiDfbgOBI1:8P8OC0xbNXLJAEh4hijzud6kAgYGSA
                                                                                                                                              MD5:9D5EDECF7E33DDD0E2A6A0D34FC12CA1
                                                                                                                                              SHA1:FC228A80FF85D78AA5BFBA2515EFED3257B9B009
                                                                                                                                              SHA-256:6D817519C2E2EFDD3986EB655C1F687D4774730AB20768DF1C0AAEF03B110965
                                                                                                                                              SHA-512:B4D58D3415D0255DCD87EF413762BC0F2934AAA6C8151344266949D3DD549ABDCA1366FA751A988CDDC1430EBF5D17668ADF02096DD4D5EAFE75604C0DA0B4C9
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wG.s3&. 3&. 3&. .h. 0&. (.. 6&. :^. ;&. (.. 4&. 3&. n&. (.4 n&. (.5 "&. (.. 2&. (.. 2&. (.. 2&. Rich3&. ........PE..L...oPjW...........!.........~.....................m.................................e....@......................... ;.......1.......`...............P..@....p......................................@...@............................................text............................... ..`.rdata...O.......P..................@..@.data........@.......,..............@....rsrc........`.......8..............@..@.reloc..L....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):151104
                                                                                                                                              Entropy (8bit):6.548096027649263
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:PPuiQNBInyjJ2y53/5d8n9e/ry7zOAHpyWWJd1u2TeKSNlGFGZQfVN2:iBInu2y5P5dkeDy7zOUpLJ2mHZQf2
                                                                                                                                              MD5:7A710F90A74981C2F060FA361D094822
                                                                                                                                              SHA1:FBDCA4E3F19AD5201572974E3C772A3C2694FBB3
                                                                                                                                              SHA-256:9BC52058C02E0C87A6A9470C62D1AA4F998942CC00F99A82E7805E87D958BC16
                                                                                                                                              SHA-512:928708DFF6A372BA997C072238823469CBFD28CCBB17A723AD35F851D35C6EFF82748AA41A9215955B9536A14AA57D47ABE0F1BA00D11F8D920A57F91B7A35E5
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................5......7.....................&.......8.......#.....5.........................4......3.....6.....Rich....................PE..L...oPjW...........!................g..............m.........................p............@.........................0...P............@...............6..@....P..........................................@...............4............................text............................... ..`.rdata...g.......h..................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):200768
                                                                                                                                              Entropy (8bit):6.431501859060678
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:lC0MaRHVsSduCCkNlKpR1FHNnuNcCwJPT54l2B3Fzkmldrz5ZD9hYJOj9T3iRK:s0XR1sYtxgGl2B3uWjhYJOj9TSY
                                                                                                                                              MD5:434CBB561D7F326BBEFFA2271ECC1446
                                                                                                                                              SHA1:3D9639F6DA2BC8AC5A536C150474B659D0177207
                                                                                                                                              SHA-256:1EDD9022C10C27BBBA2AD843310458EDAEAD37A9767C6FC8FDDAAF1ADFCBC143
                                                                                                                                              SHA-512:9E37B985ECF0B2FEF262F183C1CD26D437C8C7BE97AA4EC4CD8C75C044336CC69A56A4614EA6D33DC252FE0DA8E1BBADC193FF61B87BE5DCE6610525F321B6DC
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g_..g_..g_..._..g_..._..g_..._..g_..._..g_aT._..g_aT._..g_aT._..g_..f_..g_..._..g_.._..g_.._..g_..._..g_.._..g_Rich..g_........................PE..L...oPjW...........!...............................m.........................0............@..........................l..................X&..............@........(......................................@...............<....^.......................text...\........................... ..`.rdata..............................@..@.data...\"..........................@....rsrc...X&.......(..................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):400960
                                                                                                                                              Entropy (8bit):6.165546757090391
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:vxDvEpBGH7t7PB7Es7va/QdqOBYswIprNWhk+URpxfu4w7J:tvEpBGH7pN57vwQd6swIp5WhkRlfu4CJ
                                                                                                                                              MD5:767BBA46789597B120D01E48A685811E
                                                                                                                                              SHA1:D2052953DDE6002D590D0D89C2A052195364410A
                                                                                                                                              SHA-256:218D349986E2A0CD4A76F665434F455A8D452F1B27EAF9D01A120CB35DA13694
                                                                                                                                              SHA-512:86F7F7E87514DBC62C284083D66D5F250A24FC5CD7540AF573C3FB9D47B802BE5FFBBC709B638F8E066AB6E4BB396320F6E65A8016415366799C74772398B530
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..'..{t..{t..{t.g.t).{t#..t-.{t#..t".{t#..t".{t#..t,.{tS..ty.{t.8.t".{t..zt..{tS..t/.{t#..t/.{tS..t/.{tRich..{t................PE..L...oPjW...........!.....V...........=.......p.....m.........................P............@.............................^...............................@.... ..h'......................................@............p...............................text....T.......V.................. ..`.rdata...j...p...l...Z..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..h'... ...(..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):514112
                                                                                                                                              Entropy (8bit):6.805344203686025
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:Y5JbfdT5NYGe8m51QSWvopH1kdMDbA2ZoNnYX:Y5JV7eB3KopvnAe2YX
                                                                                                                                              MD5:8D0CE7151635322F1FE71A8CEA22A7D6
                                                                                                                                              SHA1:81E526D3BD968A57AF430ABB5F55A5C55166E579
                                                                                                                                              SHA-256:43C2AC74004F307117D80EE44D6D94DB2205C802AE6F57764810DEE17CFC914D
                                                                                                                                              SHA-512:3C78C0249B06A798106FEAF796AA61D3A849F379BD438BF0BB7BFED0DC9B7E7EA7DE689BC3874ED8B97FF2B3BA40265DED251896E03643B696EFDBF2E01AC88C
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Es.J$..J$..J$....N$..Gv..I$..Gv.G$..Gv..G$..Gv..H$..7]..%$.....B$..7]..H$..J$...%..7]..K$..Gv.K$..7].K$..RichJ$..........PE..L...pPjW...........!................g..............m......................................@..........................F.......I..........................@.......lT...................................E..@............................................text............................... ..`.rdata..............................@..@.data....0...`..."...D..............@....rsrc................f..............@..@.reloc..lT.......V...j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):132672
                                                                                                                                              Entropy (8bit):6.708436670828807
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:HGBc2vf2AWlvx+Kre9vVv3CoLORljxWEXyB/NK3GyNf9:mxvffVvyo0X8NKW+1
                                                                                                                                              MD5:6376B76728E4A873B2BB7233CBCD5659
                                                                                                                                              SHA1:3BE08074527D5B5BC4A1DDCEC41375E3B3A8A615
                                                                                                                                              SHA-256:4FDF86D78ABC66B44B8AFF4BBCE1F2A5D6D9900767BE3CAAE450409924DBC5AD
                                                                                                                                              SHA-512:955E7C5AB735183B491A753710B6F598A142A2876DDAE5AD301C3DA82A65CE82238E0F20C9F558F80138D58F8DC00B4EBD21483CEED0AABEEDA32CCA5D2E3D48
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........vu^............8Y...............................o..............................................Rich............................PE..L...oPjW...........!.....z...x......_..............m......................... ......^.....@.............................i...|...d.......................@........................................... ...@...............d............................text...Ny.......z.................. ..`.rdata...N.......P...~..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):115776
                                                                                                                                              Entropy (8bit):6.787384437276838
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:0LHPDcdivqC4xMfl/hAxfZ/t0QHQIM7iVxoQCpGlyir0wIOfnToIfemrVZQirM:0rPDco4xMNEfZ1LQG4igmvTBfem7QcM
                                                                                                                                              MD5:AB6ED0CFD0C52DBEDE1BE910EFA8A89B
                                                                                                                                              SHA1:83CBC2746A50C155261407ECE3D7A5C58AAD0437
                                                                                                                                              SHA-256:8A6FBB08E0F418A3BB80CC65233E7270C820741DD57525ED7FD3CC479A49396E
                                                                                                                                              SHA-512:41773183FC20E42BF208064163AA55658692B9221560146E4F6A676F96FC76541ED82F1EFDFA31F8C25BA42F271F7D9087DE681DA937BBF0EB2C781E027F1218
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g0...c...c...c..c...c...c...cP..c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...cRich...c........PE..L...oPjW...........!........................0.....m......................................@.........................@.......|...(.......................@...........p1.............................. ...@............0..0............................text...L........................... ..`.rdata...f...0...h..................@..@.data....,..........................@....rsrc...............................@..@.reloc..Z...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):16448
                                                                                                                                              Entropy (8bit):6.490137326885244
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:WCMJqfiSZzDonPV5TyVIbb8nYPLr7VblXT:WLJqrNkndQIsC7Vhj
                                                                                                                                              MD5:1F004C428E01F8BEB07B52EB9659A661
                                                                                                                                              SHA1:4D6AAB306CB1F4925890BF69FCDF32BBFE942B81
                                                                                                                                              SHA-256:1BDEFECDF8CFA3F6DA606AD4D8BD98EC81E4A244D459A141723CCB9DC47E57CB
                                                                                                                                              SHA-512:61888A778394950D2840E4D211196FFE1CB18FA45D092CBADBEDF2809BDED3D4421330CFE95392DD098E4AE3F6F8A3070E273FFCA2FB495C43C76332CA331DBF
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w.x^w.x^w.x^...^v.x^l..^u.x^l..^u.x^l..^u.x^~..^r.x^w.y^[.x^l..^y.x^l..^v.x^l..^v.x^l..^v.x^Richw.x^........PE..L...oPjW...........!.........................0.....m.........................p.......!....@..........................7.......2..P....P...............(..@....`..`....0..............................`1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):51264
                                                                                                                                              Entropy (8bit):6.576803205025954
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:urOHh9t7/GAzqHcGxAARrZT9ixHDyo/r0rV9LrBH1bjPEwhEdheBwHWQFgE/XudL:G+9t7/qHcGHuy/pb
                                                                                                                                              MD5:3A744B78C57CFADC772C6DE406B6B31E
                                                                                                                                              SHA1:A89BF280453C0BCF8C987B351C168AEB3D7F7141
                                                                                                                                              SHA-256:629393079539B1B9849704CE4757714D1CBE5C80E82C6BB3BC4445F4854EFA7B
                                                                                                                                              SHA-512:506A147F33C09FA7338E0560F850E42139D0875EF48C297DDB3CC3A29F12822011915FACCB21DA908CF51A462F0EBA56B6B37C71D9C0F842BDE4A697FB4FFB64
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O^;w.?U$.?U$.?U$.G.$.?U$...$.?U$.?T$&?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$Rich.?U$........................PE..L...oPjW...........!.....v...8......l..............m................................O1....@.............................u...|...<.......................@.......................................... ...@............................................text...~t.......v.................. ..`.rdata...'.......(...z..............@..@.data...............................@....rsrc...............................@..@.reloc..V...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):19520
                                                                                                                                              Entropy (8bit):6.452867740862137
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:45kF/QP8xkI6hgWIE0PVlyJSZ9nYPLr7+:4SqP7I6rkd4EfC7+
                                                                                                                                              MD5:503275E515E3F2770A62D11E386EADBF
                                                                                                                                              SHA1:C7BE65796AA0E490779F202C67EEC5E9FBB65113
                                                                                                                                              SHA-256:97B5D1C8E7AAACE5C86A418CB7418D3B0BA4F5E178DE3CF1031029F7F36832AF
                                                                                                                                              SHA-512:AC7C0CB626C2D821F0F4E392EE4E02C9E0093F019AA5B2947E0C7B3290A0098A3D9BB803AB44FD304CA1F1D272CFB7B775E3C75C72C7523FF7240F38440CFC3C
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..|fl./fl./fl./}.(/dl./}.*/gl./}../dl./o.'/al./fl./_l./}../kl./}.//gl./}../gl./}.)/gl./Richfl./................PE..L...pPjW...........!.........................0.....m.........................p............@..........................=.......8..d....P...............4..@....`..\....1...............................6..@............0...............................text............................... ..`.rdata..w....0......................@..@.data...`....@.......*..............@....rsrc........P.......,..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):30784
                                                                                                                                              Entropy (8bit):6.413942547146628
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:+HhfWinfwUFAvnb5TIUX+naSOu9MQQ5jhC7EY:cuin5FAvNTIUX+nbMQQ54EY
                                                                                                                                              MD5:530D5597E565654D378F3C87654CCABA
                                                                                                                                              SHA1:6FAC0866EE0E68149AC0A0D39097CEF8F93A5D9E
                                                                                                                                              SHA-256:0CFAA99AE669DDC00BD59B5857F725DFF5D4C09834E143AB1B5C5F0B5801D13B
                                                                                                                                              SHA-512:D7520A28C3054160FCD62C9D816A27266BE9333E00794434FB4529F0FF49A2B08E033B5E67A823E5C184EE2D19D7F615FF9EE643FE71C84011A7E5C03251F3B4
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............I...I...I..HI...I..JI...I..~I...I..GI...I...I..I...I...I..NI...I..II...IRich...I........PE..L....DjW.................0...,.......1.......@....@..................................<....@.................................dR..x....p...............`..@.......t....A...............................P..@............@..p............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......N..............@....rsrc........p.......P..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15936
                                                                                                                                              Entropy (8bit):6.466457942735197
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:GpsbHnDiW6gejmSHhV8cGees7snYPLr7Wj53:GpsbHn/HS/8cresgC743
                                                                                                                                              MD5:CF2F023D2B5F0BFB2ECF8AEEA7C51481
                                                                                                                                              SHA1:6EB867B1AC656A0FC363DFAE4E2D582606D100FB
                                                                                                                                              SHA-256:355366D0C7D7406E2319C90DF2080C0FAE72D9D54E4563C48A09F55CA68D6B0C
                                                                                                                                              SHA-512:A2041925039238235ADC5FE8A9B818DFF577C6EA3C55A0DE08DA3DEDD8CD50DC240432BA1A0AEA5E8830DCDCCD3BFBF9CF8A4F21E9B56DC839E074E156FC008D
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW..................................... ....@..........................`......B.....@..................................#..P....@..\............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata..z.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):126528
                                                                                                                                              Entropy (8bit):6.8082748642937725
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:Kw2b3Kr+uWU9XzFhziJ1TBZAhsIn/B9NZwMgjeNXLD:43KFFheLCBpV/
                                                                                                                                              MD5:73BD0B62B158C5A8D0CE92064600620D
                                                                                                                                              SHA1:63C74250C17F75FE6356B649C484AD5936C3E871
                                                                                                                                              SHA-256:E7B870DEB08BC864FA7FD4DEC67CEF15896FE802FAFB3009E1B7724625D7DA30
                                                                                                                                              SHA-512:EBA1CF977365446B35740471882C5209773A313DE653404A8D603245417D32A4E9F23E3B6CD85721143D2F9A0E46ED330C3D8BA8C24AEE390D137F9B5CD68D8F
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!..r..r..r.W.r..r.W(r..r...r..r..(r..r...r..r.W.r..r..r..r.W)r..r.W.r..r.W.r..r.W.r..rRich..r................PE..L...qPjW...........!..... ...........(.......0.....m................................6N....@......................... u...B...U..........................@............5...............................S..@............0......<U..@....................text...b........ .................. ..`.rdata.......0.......$..............@..@.data...............................@....rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):191040
                                                                                                                                              Entropy (8bit):6.75061028420578
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:iUJiEoGLsncZizZQ7QBdCPdG3TBfMzrjZqMNGSplN2:iUJsnVzy7QBdC1G3TBEvFp6
                                                                                                                                              MD5:E3E51A21B00CDDE757E4247257AA7891
                                                                                                                                              SHA1:7F9E30153F1DF738179FFF084FCDBC4DAE697D18
                                                                                                                                              SHA-256:7E92648B919932C0FBFE56E9645D785D9E18F4A608DF06E7C0E84F7CB7401B54
                                                                                                                                              SHA-512:FC2981A1C4B2A1A3E7B28F7BF2BE44B0B6435FD43F085120946778F5C2C2CA73AD179796DEC0B92F0C6C8F6B63DD329EECC0AF1BB15392364C209DCF9CD6F7CA
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+H..E...E...E.L.....E..E....E..E....E......E...D...E..E..{.E..E....E..E....E.Rich..E.........PE..L....DjW.....................&....................@..........................0......aN....@.................................L*..d.......................@............................................$..@............................................text...~........................... ..`.rdata...s.......t..................@..@.data....4...@....... ..............@....rsrc................6..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):23616
                                                                                                                                              Entropy (8bit):6.620094371728742
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:Qp2dG5pC/ujTc8ZrEnrZm8WXLFnPV52WZQAnYPLr7lOGa:uvCGjJ0Q9ndRZdC71a
                                                                                                                                              MD5:1C47DD47EBD106C9E2279C7FCB576833
                                                                                                                                              SHA1:3BA9B89D9B265D8CEC6B5D6F80F7A28D2030A2D1
                                                                                                                                              SHA-256:58914AD5737F2DD3D50418A89ABBB7B30A0BD8C340A1975197EEA02B9E4F25B2
                                                                                                                                              SHA-512:091F50B2E621ED80BAFE2541421906DE1BCC35A0E912055B93E40CD903BE8B474103C0D8FECDF46E7F2F3C44BDADE64A857AB2B9CB5404306055150EE4ED002A
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..v...v...v.....+.t...m'$.u...v...\...m'&.w...m'..t...m'..{...m'#.w...m'".w...m'%.w...Richv...................PE..L...wPjW...........!.....*...........4.......@.....m................................F.....@..........................I..|....E..<....`...............D..@....p.......@...............................D..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...(....P.......:..............@....rsrc........`.......<..............@..@.reloc..^....p.......@..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cpl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):160256
                                                                                                                                              Entropy (8bit):6.469497559123052
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:a2lpElIhbyyH3c1CX766zKELxKvFaPSnjZqMNJlGle:a2rE+xdW+76DEVKv8wv
                                                                                                                                              MD5:4E3C37A4DE0B5572D69AD79B7A388687
                                                                                                                                              SHA1:6B274E166641F9CE0170E99FE2D1F4319B75A9E8
                                                                                                                                              SHA-256:893A86E7B1DE81DEDAB4794732FCCD02790756A2DBE4815C102F039088DFCBD2
                                                                                                                                              SHA-512:8352A1CD859D17A27560448C6FFB0E8200096CAC744C8BB56330397FDE0B7F702E2295999D89FBAD74DF72DF200C391113A23A9B4342ABAC738167967533F9CD
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d6.. We. We. We.;...9We.;...We.)/..)We. Wd..We.O!.(We.;...We.;...!We.;...!We.;...!We.Rich We.........................PE..L....HjW...........!.....r...........q....................................................@.............................Z.......d.... ..............................@...................................@............................................text....p.......r.................. ..`.rdata..jH.......J...v..............@..@.data...,3..........................@....rsrc........ ......................@..@.reloc..@............T..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):70208
                                                                                                                                              Entropy (8bit):6.353501201479367
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:jFVfr2k521ZnrawwMmqPXt+rP3b/9/YMCxx0OpPOrEE14EVHLAuDeGJiqrmehiV9:PxioMmqF+2x0MORLVq7qjh3rmKPNpwGg
                                                                                                                                              MD5:C2A59C7343D370BC57765896490331E5
                                                                                                                                              SHA1:A50AF979E08A65EB370763A7F70CDB0E179D705D
                                                                                                                                              SHA-256:40614FE8B91E01AD3562102E440BDBF5FAC5D9F7292C6B16A58F723BFFFE6066
                                                                                                                                              SHA-512:CA266F1B2E51F66D119E2D71E3377C229A3D583853FFB606C101AFEB41689ACE7D1F1594781091DA67F9BE9D09F3019BF048C0F819777E8F1827A56BEEC252C4
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...1...1...1..9....1.j...1..9....1..9...1.....1...0.q.1.....1..9....1..9....1..9....1.Rich..1.................PE..L....HjW.................B...........B.......`....@..........................@......5C....@..................................}..x.......................@....0.......b...............................u..@............`......@{.......................text...,@.......B.................. ..`.rdata..x'...`...(...F..............@..@.data................n..............@....rsrc................p..............@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):57408
                                                                                                                                              Entropy (8bit):6.6711491011490285
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:f6arRmcnq2lxm+Na6C7HIT6T8E2pLSSm3:fzm+q7HITS8E2pLSSA
                                                                                                                                              MD5:AEADA06201BB8F5416D5F934AAA29C87
                                                                                                                                              SHA1:35BB59FEBE946FB869E5DA6500AB3C32985D3930
                                                                                                                                              SHA-256:F8F0B1E283FD94BD87ABCA162E41AFB36DA219386B87B0F6A7E880E99073BDA3
                                                                                                                                              SHA-512:89BAD9D1115D030B98E49469275872FFF52D8E394FE3F240282696CF31BCCF0B87FF5A0E9A697A05BEFCFE9B24772D65ED73C5DBD168EED111700CAAD5808A78
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................I2.......(.......*.....................\.:.....\.>...............................)...............+.....Rich............PE..L...tPjW...........!.....r...V.......w.............m......................................@.........................@...x...............................@.......8.......................................@...............4............................text....p.......r.................. ..`.rdata...@.......B...v..............@..@.data...............................@....rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):446528
                                                                                                                                              Entropy (8bit):6.603555069382601
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:RreTVhY4gXwLR4YS+OX3kQg4O5kM2LY58gwDTxXvwGSelo:Rr4VhyK7eTxXvwelo
                                                                                                                                              MD5:8AE40822B18B10494527CA3842F821D9
                                                                                                                                              SHA1:202DFFA7541AD0FAD4F0D30CEE8C13591DCA5271
                                                                                                                                              SHA-256:C9742396B80A2241CE5309C388B80000D0786A3CAB06A37990B7690FD0703634
                                                                                                                                              SHA-512:AA324A265639C67843B4BF6828029B413044CBE4D7F06A253B78B060EA554FECC6E803D59D03742C485B2EB3D52E5C0A44928DCC927501F413EE4664BB8A11F5
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.4Z..gZ..gZ..g.}g^..gWUggX..gWUeg\..gWUZgW..gWU[g_..g..qg]..gZ..g...g'~Zg~..g'~[g...g'~fg[..gWUag[..g'~dg[..gRichZ..g........PE..L...uPjW...........!..............................m......................................@.........................@..........d.......................@........%...................................\..@...............,............................text...{........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):126016
                                                                                                                                              Entropy (8bit):6.608910794554507
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:oOxjjADzd+aeaPB9JhjxkM2wzGdXJbD/jn8Y6:ocKzeaPB9JhjxknwzG5JbDb8F
                                                                                                                                              MD5:01706B7997730EAA9E2C3989A1847CA6
                                                                                                                                              SHA1:7CEAD73CBE94E824FA5E44429B27069384BFDB41
                                                                                                                                              SHA-256:20533C66C63DA6C2D4B66B315FFCF5C93AE5416E3DAE68CDD2047EFE7958AB3A
                                                                                                                                              SHA-512:3272C8DE6C32D53372D481441DA81AE2B6EA02E8360B23D7F793B24827BD683A6604F43BE18CE2BEE40038FBE7D5F7AF78B2C465A51F82478D881DBEB5744DC2
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........y.r.*.r.*.r.*O..*.r.*.r.*.r.*. .*.r.*. .*.r.*. 0*.r.*. 1*.r.*..0*.r.*...*.r.*. .*.r.*...*.r.*Rich.r.*........PE..L...vPjW...........!.........:.....................m................................c.....@.....................................<.......................@.......\...................................0...@............................................text... ........................... ..`.rdata..8(.......*..................@..@.data...............................@....rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):191552
                                                                                                                                              Entropy (8bit):6.744419946343284
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:lScg0xvhTZNIs3Ft+STckCBQo3C0Y22vncTBfsO9jZqMN3cH1Tefqk:lSclI6nTc3BQo3C0YHncTBxvs65
                                                                                                                                              MD5:48C96771106DBDD5D42BBA3772E4B414
                                                                                                                                              SHA1:E84749B99EB491E40A62ED2E92E4D7A790D09273
                                                                                                                                              SHA-256:A96D26428942065411B1B32811AFD4C5557C21F1D9430F3696AA2BA4C4AC5F22
                                                                                                                                              SHA-512:9F891C787EB8CEED30A4E16D8E54208FA9B19F72EEEC55B9F12D30DC8B63E5A798A16B1CCC8CEA3E986191822C4D37AEDB556E534D2EB24E4A02259555D56A2C
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...%...%...%..w%...%.7D%...%.7q%...%..|%...%...%...%.7E%*..%.7u%...%.7r%...%Rich...%........................PE..L....DjW.....................(...................@..........................0............@.................................\*..d.......................@............................................$..@............................................text............................... ..`.rdata...t.......v..................@..@.data....4...@......."..............@....rsrc................8..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):269888
                                                                                                                                              Entropy (8bit):6.418120581797452
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:Fp9B0qT85g5Sq+VBY2qVLC2wH5rM8HoQvlHO:5uqT85sSq+ERVm2wZEQvlHO
                                                                                                                                              MD5:F8211DB97BF852C3292C3E9C710C19D9
                                                                                                                                              SHA1:46DAD07779E030D8D1214AFE11C4526D9F084051
                                                                                                                                              SHA-256:ECF4307739CA93F1569CE49377A28B31FE1EB0F44B6950DBAAFA1925B24C9752
                                                                                                                                              SHA-512:B3E20EECA87136CAE77F06E4149E65EBFEF71A43589F7E2833008FE43811A2BC8B6202B6ADB5CE122A1822E83CE226B833DEF93A2B161476BD5B623794E4F697
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..L%...%...%...>c..8...J.4.-...,.......%.......>c5.....>c4.....>c..$...>c..$...Rich%...................PE..L...rGjW.................t...........C............@..................................a....@.................................L...x.......................@.......8................................... ...@...............h...T........................text....r.......t.................. ..`.rdata...c.......d...x..............@..@.data...8........z..................@....rsrc................V..............@..@.reloc..>-..........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):13888
                                                                                                                                              Entropy (8bit):6.274978807671468
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:ahKnvndLwm3XLPVlD6yTUZnYe+PjPriT0fwdNJLkoRz:a4j7PVl1TAnYPLr7cLka
                                                                                                                                              MD5:0291BA5765EE11F36C0040B1F6E821FB
                                                                                                                                              SHA1:FFE1DCF575CCD0374DF005E9B01D89F6D7095833
                                                                                                                                              SHA-256:F8540BE2BBD5BDE7962D2FE4E7EC9EF9BF53D95B48781AE549AA792F10032485
                                                                                                                                              SHA-512:72ADDC631D8CF064E1B047B51EEF7F306CA959D24ED705065C33EE8DDDF7EA84B95B3DE5B0709015A81D36ACA01E15CE99A354D4069D4D798ED128A6A76D1010
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X"._9LR_9LR_9LRD..R^9LRD..RS9LRD..RZ9LRVA.R]9LR_9MR|9LRD..R\9LRD..R^9LRD..R^9LRD..R^9LRRich_9LR........PE..L...xPjW...........!......................... .....m.........................`............@..........................&..J...\"..P....@..................@....P..@.... ...............................!..@............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):163904
                                                                                                                                              Entropy (8bit):6.783788147675078
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:XrQPwE5tlGsXVomHvD+1febSICzqozXtrQwnNZkB+5:XU15tpX9HvsfrTtMwNWBY
                                                                                                                                              MD5:6E08D65F5CBB85E51010F36A84FC181D
                                                                                                                                              SHA1:4EEE8BE68BAAF6320AEA29131A1C0B322F09F087
                                                                                                                                              SHA-256:2D8658909D9E357A4B70FCF862D690EEC82A2F77161ABB021E0839C6A67D4825
                                                                                                                                              SHA-512:DF4494D062E9A8AC82D727D2722DCF32C3FC924FA104F384FA099ADB08ECBDEEA7A19245D779097C0AFCF51F84852328ED595C88380F42BD39560678C8AD9621
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..cp..cp..cp...p..cp...p..cp.D.p..cp..bp..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cpRich..cp........................PE..L...{PjW...........!...............................m......................................@......................... ?..h...|9..<....P...............h..@....`...)..@...............................(8..@...............,............................text............................... ..`.rdata..._.......`..................@..@.data...0....@.......4..............@....rsrc........P.......8..............@..@.reloc...+...`...,...<..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):22592
                                                                                                                                              Entropy (8bit):6.620820751411794
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:YL4Z7lZRiY3PB6cGgOp2m1zq2oatSnPV5zYxkpLfsnYPLr7Ybc:E4PZRiY3PB6cVAebaMnd+ypLkC7Cc
                                                                                                                                              MD5:700F5789D2E7B14B2F5DE9FDB755762E
                                                                                                                                              SHA1:F35EDE3441D6E5461F507B65B78664A6C425E9AC
                                                                                                                                              SHA-256:D115EAF96BD41C7A46400DCFF7EF26AC99E3CF7A55A354855C86BAE5C69A895A
                                                                                                                                              SHA-512:664A442DD424CA04AC0CE072B9BBD5EF7C657B59A26403C44A856738F7998466BFE3010825A13451281841D39B0A34D8997EE24497D626EC60C19AA1AF0EE465
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../j.W...e.W..W..W....a.W...g.W...R.W...S.W...b.W...c.W...d.W..Rich.W..........PE..L...|PjW...........!........."......T&.......0.....m.................................O....@.........................`>.......:..<....`...............@..@....p.. ....0...............................9..@............0...............................text...^........................... ..`.rdata..p....0....... ..............@..@.data........P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):115264
                                                                                                                                              Entropy (8bit):6.588792190592223
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:2Cgsy+/cydqNiaZr+lOzZPh7/W4MCnc8Ioaa2yFWcC6vsx/8:FZOzZPh7/WSe+S6v+U
                                                                                                                                              MD5:8BC8FE64128F6D79863BC059D9CC0E2E
                                                                                                                                              SHA1:C1F2018F656D5500ACF8FA5C970E51A55004DA2E
                                                                                                                                              SHA-256:B77CD78FF90361E7F654983856EE9697FDC68A0F9081C06207B691B0C9AF1F5D
                                                                                                                                              SHA-512:6771F23ECF1A449EB6B0B394E0F1D3EB17C973FC0544BA25487C92F215ACC234FC31C9B7BE5528EFD06D29A35BB37DD7934318837576862ADFC2631B4D610A24
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l..>7..l..>...l..>5..l..>...l...#..l..5..l..l.zl.....l.....l..4..l..>3..l..6..l.Rich.l.........PE..L...}PjW...........!.........|......],.......@.....m................................~.....@.....................................x.......................@............................................h..@............@...............................text....-.......................... ..`.rdata..4Z...@...\...2..............@..@.data...4...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):33934912
                                                                                                                                              Entropy (8bit):6.35314231534845
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:393216:VJ8d7SMzwH5R2sdDcBwHHdI4DKRlDsqXCagQZhzvilh2Wlq7ODI:VJ8d7zzUesdDtevn
                                                                                                                                              MD5:4D857A5FC9CA16D2A67872FACCF85D9F
                                                                                                                                              SHA1:EAEB632E526EFA946E4DB1B8CFA31DE6A7B03219
                                                                                                                                              SHA-256:7FFA7423DDA07499394B345E5ECE2D54C8E19247E6E76C0E23B5BF1470AB0D7F
                                                                                                                                              SHA-512:8DBC8675CE2DACE8D629C3FA66CF65704346AB829AE0B0A1D7B25BE22783B7E73624BA70F6D67264D6CA1656D7590E3753A8DF2227DA45112C5BD4A5654089AF
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O..z!..z!..z!.c...z!..(...z!..(...z!......z!..z!..z!..(..hz!..(...z!......z!. ...z!..z ..{!......p!......z!..(...z!......z!.Rich.z!.................PE..L...~PjW...........!......... $....................m......................................@.................................X...x.......@...............@..............................................@............................................text.............................. ..`.rdata...E.......F..................@..@.data..............................@....unwante............................@..@.rsrc...@...........................@..@.reloc.............................@..B........................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15936
                                                                                                                                              Entropy (8bit):6.475020301731584
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:GpsE5cnm6ObmSHhV8j0eeq4SziahnYPLr79OOu:Gpszn6iS/8jxeqfhC78Ou
                                                                                                                                              MD5:4F11D43AA2215CE771DA528878F01C8E
                                                                                                                                              SHA1:8062681D73489FF200CA0BA426FF1FF3F44494A7
                                                                                                                                              SHA-256:0D554CD4B373D6D9B9C179A468D179388706C0BDE4D878ED75EF575651588B3C
                                                                                                                                              SHA-512:34CB271C32FB479CFAEEC536A5D35A41730E90001D67DC9DB595DB240A1F58C3BF12334BB5CDE7673C8E56A4C272BFBD66E4EACDEE0082F6FD583E4E039EC540
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......C....@.................................$#..P....@..@............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...@....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):158784
                                                                                                                                              Entropy (8bit):6.816453355323999
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:gLkNbBRaz4rQWiG6wMz9/S3en9pHUw06TBfkqI44:rNbB4Mcnv7z6en9pj06TB6
                                                                                                                                              MD5:73A76EC257BD5574D9DB43DF2A3BB27F
                                                                                                                                              SHA1:2C9248EAE2F9F5F610F6A1DFD799B0598DA00368
                                                                                                                                              SHA-256:8F19B1BA9295F87E701C46CB888222BB7E79C6EE74B09237D3313E174AE0154F
                                                                                                                                              SHA-512:59ECD5FCF35745BDADCDB94456CB51BB7EA305647C164FE73D42E87F226528D1A53CE732F5EC64CE5B4581FA8A17CFBFDC8173E103AE862D6E92EB3AD3638518
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................6...........0.....=............7....5.....4.....3....Rich............PE..L....PjW...........!...............................o................................Y.....@..........................3..m....*..d....................T..@............................................#..@............................................text...~........................... ..`.rdata...u.......v..................@..@.data....4...@......."..............@....rsrc................6..............@..@.reloc.."............:..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):207424
                                                                                                                                              Entropy (8bit):6.630800216665857
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:ckZ5ktGCru8e6Y3RhNw0mjs+OBS7n7ACKRAHbW:ciIbS6Y37Nw0/QC
                                                                                                                                              MD5:475DD87198F9C48EFB08AAB4ADE8AF5A
                                                                                                                                              SHA1:9B657E0837639663D4D721F8C5E25401F11E7BEB
                                                                                                                                              SHA-256:32764005FCCE7D0E51801528F6B68C860979E08D027A5220DFEC19B2A8013354
                                                                                                                                              SHA-512:0B492B0FBADC14178A6F79A58E47C30D92B59B18414E38A7B119699D0788ACF3713F925CF0EC570BE3E29AB26BDB6B567C38526BC0603BA78ECC3E2952EA3E2B
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.*...*...*.......*.......*.;....*.......*.......*...+...*.......*.......*.......*.......*.......*.......*.Rich..*.........................PE..L....PjW...........!.........>.....................o.........................P............@.............................................................@......../...................................C..@...............|...........................text.../........................... ..`.rdata..............................@..@.data....,.......&..................@....rsrc...............................@..@.reloc...6.......8..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):82496
                                                                                                                                              Entropy (8bit):6.597347722250847
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:ez2dfBusTTkMffX+xR5kdt94u+508AqDfJOqsbCkq24maADX:kE5u+kkX+P+dt9O08JJOZXX4nADX
                                                                                                                                              MD5:5F85F7F2DFAC397D642834B61809240F
                                                                                                                                              SHA1:ECA28E8464208FA11EF7DF677B741CDD561483D9
                                                                                                                                              SHA-256:B71E00ADB77D87882D58993A5888955BDD62C57D364F60AAA0FA19D32A69C9DA
                                                                                                                                              SHA-512:2BFE9FCE450E57EA93DEEAA85A746CB17BA946EEFF866F10D67C74F7EA038B16910E0D8EF29E9F358AF7DAABD45E3983C370FEF82A9647546819DCDE3AEE45BC
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-..C..C..C.....C..3..C.v...C..3..C..B.X.C.....C..3..C..3...C..3..C..3..C.Rich.C.........PE..L....HjW............................1.............@.................................cE....@.................................\...x....`..H............*..@....p..h.......................................@............................................text............................... ..`.rdata...C.......D..................@..@.data....0... ......................@....rsrc...H....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):19008
                                                                                                                                              Entropy (8bit):6.372096409611824
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:PTjlu57T5J5eFeYW7TPVlN3B+ASZQ4NNR7F3qnYPLr7om0:PnUd5eFeDfd5Sj7oC7om0
                                                                                                                                              MD5:4023E25F92B5F13E792901BF112A8EA2
                                                                                                                                              SHA1:31ADCD411905832B89EA55DEC8B9C83AF3C7D3EA
                                                                                                                                              SHA-256:432AEDAC59FA161FED5A5D95CA5F8CFD1D73A35ABE8A7090D137100F727B687B
                                                                                                                                              SHA-512:AD0E6F8071EB09E843989E637BACA988DD7706D84FC26DB7C2E18BBE03A78A6C5BFE4F1B28289B5929B2B86C53FB6C3DAE42523DC8EDE8057A8F431AEA77BB20
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~fQ.~fQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ.~gQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQRich.~fQ................PE..L....PjW...........!.........................0.....o.........................p.......8....@..........................8......43..P....P...............2..@....`.......1..............................P1..@............0.......2..@....................text............................... ..`.rdata..T....0......................@..@.data........@.......&..............@....rsrc........P.......*..............@..@.reloc..J....`......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):186944
                                                                                                                                              Entropy (8bit):6.612459610032652
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:XsSFQQB7SGWV2xrkvql6QPJD7mGVqjLypDTaDE5zwmFxy7HglbZrdIG:XJ97PxYAPJ/RV0tDCzw+xy0ldOG
                                                                                                                                              MD5:E9373908186D0DA1F9EAD4D1FDAD474B
                                                                                                                                              SHA1:C835A6B2E833A0743B1E8F6F947CFE5625FE791F
                                                                                                                                              SHA-256:E2FBD6C6334D4765FF8DFF5C5FE3DF8B50015D0BF9124142748FADB987B492FF
                                                                                                                                              SHA-512:BFDC236D462DAC45FD63C112E40558ED4E11E76FB4D713926A679FD573F67FA16451231A03178926B76BD267F092A33A3B6760CF4812DE2679BB9505B83F8261
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.+.#.x.#.x.#.x.mGx.#.x..Ax.#.x..ux3#.x.[Lx.#.x.[\x.#.x.#.x #.x.Utx.#.x..tx.#.x..Dx.#.x..Ex.#.x..Bx.#.xRich.#.x................PE..L....PjW...........!................K........ .....o................................,j....@................................. ...d.......................@............"...............................f..@............ ..P...L|.......................text...\........................... ..`.rdata...m... ...n..................@..@.data....5...........z..............@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):145984
                                                                                                                                              Entropy (8bit):6.69725055196282
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:S2yRKm4/j/dKLnjHy7OMD+MqS1RYio7+oD33GnUV0fem2M:S2ytqlYnjHehDzqiq+oD33OUV8Vx
                                                                                                                                              MD5:4294D39CC9E5F23754D41B9DDE710112
                                                                                                                                              SHA1:1BAA1E136F18108AB4E31EC005DEC54FC3F23A7C
                                                                                                                                              SHA-256:DE3EEDED01B35DC7C29B0B758211BB1DB73CCFFB9298D281DAF56924ED9E93CB
                                                                                                                                              SHA-512:E88DFF129DD35445B32A2DBCAB97CF752E9ACDF82FF88B184FA6D3B461D55BD2D195794802C5BA5E7EFFA086DC89E0C2CEF0C8B0BFA29AC70B75CFB1B4B0584C
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:.j.i.j.i.j.i..5i.j.i..8i.j.i...i.j.i..:i.j.i.j.i.j.i...i.j.i..=i.j.i..<i.j.i..;i.j.iRich.j.i................PE..L....PjW...........!.........P......)..............o.........................`............@.........................."..X.......P....@..............."..@....P..........................................@............................................text...N........................... ..`.rdata...9.......:..................@..@.data........0......................@....rsrc........@......................@..@.reloc..4....P......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):16448
                                                                                                                                              Entropy (8bit):6.482296988184946
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:n11I27Bf0jeZy+hiqEyRoPV527rBnYPLr7/U:nrJfYqodYJC78
                                                                                                                                              MD5:4BDF31D370F8A893A22820A3B291CC1D
                                                                                                                                              SHA1:BD27656B42F881EEE1940CFE15CF84C1938B57BA
                                                                                                                                              SHA-256:C98DFAC99CC1E05D5F86B2577031A7624DCC13D0A8344B2855F166335177BC16
                                                                                                                                              SHA-512:51623274C13DA71AD01DBAD7950444B512F08C3DC04E27F0321DF02E9F3C4DFB308DEF35F58524CCCCE79ED2A8859D85C16DC0D9BEA378E5538E23602D35AA76
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.m..d>..d>..d>.b.>..d>...>..d>..e>..d>...>..d>...>..d>...>..d>...>..d>...>..d>...>..d>Rich..d>........................PE..L....PjW...........!.........................0.....o.........................p......n.....@.........................P8..:....4..<....P...............(..@....`.......0...............................3..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):30784
                                                                                                                                              Entropy (8bit):6.609051738644882
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:mk87qhVj8sqgP7CRLMOPfkGo7UdJs0flkg2uG8RPGHTR5ny5pnYPLr7z:mk87qhVjaMOPJdJFflLJR+V03C7z
                                                                                                                                              MD5:7BD914407C6D236B27865A8C63147B7F
                                                                                                                                              SHA1:9B49E48705341D30E3F92B85652E924C7985E415
                                                                                                                                              SHA-256:549849DC910261D817670B192715430395993E811D0FD3103651237D7F18929D
                                                                                                                                              SHA-512:624DC95F696BEA311726EAFB0017F363C8703B95A2E08DE984C642867888CF5B9172326C2E2567ED4A2EA28F806B633840552C80BE49EB6CF2A8FC4A0C259117
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Nu.h &.h &.h &...&.h &...&.h &...&.h &.h!&_h &...&.h &...&.h &...&.h &...&.h &...&.h &Rich.h &........PE..L....PjW...........!.....8...(.......A.......P.....o.................................G....@.........................P^.......V..P....................`..@...........`Q...............................U..@............P..D............................text...66.......8.................. ..`.rdata.. ....P.......<..............@..@.data...$....p.......V..............@....rsrc................X..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):27712
                                                                                                                                              Entropy (8bit):6.6264206752006825
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:hgWe1DWI+mB7JkJKe3xVF2XNbuHEqe8yIGn3zY9pcQ/oGmEsg0sqkgiHmNs2Qd6X:qWbEK1Ms2dYJG
                                                                                                                                              MD5:6280201C1918EA3293919BB282D2B563
                                                                                                                                              SHA1:3F6F5299A435E2A0C36BE8AAD4CB2FCAACD0897D
                                                                                                                                              SHA-256:0711127A297E4CC1927D77013FC040CAA26930C34A4C7B4D7631BCE9C8041B74
                                                                                                                                              SHA-512:A4C4507ED4FDEC038FAFA62970161E7B75FF9A2ABBDF854ED55483144DCDC0FC9D21235FDDDF1B38303723F9C615AE388397C4D17B5391D8827A5B40AC52C5FC
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q...q...q.......q.......q.......q...q...q....=..q....<..q.......q.......q.......q..Rich.q..........................PE..L....PjW...........!.....6...$.......?.......P.....o................................p;....@.........................0Y.......S.......p...............T..@.......0....Q...............................R..@............P...............................text...f4.......6.................. ..`.rdata.......P.......:..............@..@.data...L....`.......J..............@....rsrc........p.......L..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):178240
                                                                                                                                              Entropy (8bit):6.793245389378621
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:gWosiKTxga2KtpdhEnGF5PNyR0BxDxxKF5HkEWnuYsauj9Fom1QB:3RRKAtpdhEn/0BzwFpvYm0z
                                                                                                                                              MD5:BF299F73480AF97A750492E043D1FADD
                                                                                                                                              SHA1:C93C4A2DAE812F31603E42D70711D3B6822F9E8E
                                                                                                                                              SHA-256:0334E3B7AE677116B92516172D0CA905723DAF847D8B3B0DC3FC118EDC703D51
                                                                                                                                              SHA-512:7265783F0DD653DBC4693D5EFEB156281620C5421F29910F14C22B75A936233E9E897087E64B641335795484837F28F113EE9F380027698A898F19115FD0F648
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..di..di..di.k.i..di.k.i..di...i..di.k.i..di..ei..di.k.i..di.k.i..di.k.i..di.k.i..diRich..di................PE..L...pPjW...........!.....^...F.......g.......p.....o.................................Z....@.............................d....x..P.......h...............@....... ...`q..............................pw..@............p..H............................text....\.......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....rsrc...h...........................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15936
                                                                                                                                              Entropy (8bit):6.474237923131844
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:Gps45cnQ6DmSHhV8r0eeU4Szi6nYPLr70aG:Gpsnn4S/8rxeUvC7RG
                                                                                                                                              MD5:9A4CF09834F086568DF469E3F670BF07
                                                                                                                                              SHA1:594C4E0394475A6299C79E3A063C7D5AE49635F3
                                                                                                                                              SHA-256:709E9E544434C52285A72F29AD6B99CE1E7668545F10AD385C87ABF34D2052BB
                                                                                                                                              SHA-512:CD551E7944461F3288B880B9D161F19F97EB4599A3A46CC93C4172B5112960FB0C040B9996F13CF0761FB85A283E2F20944135EC59660C807A59B29CDDC44586
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......@....@.................................4#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15936
                                                                                                                                              Entropy (8bit):6.477340414037824
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:Gps45cnk6LlmSHhV8i+ceek4SzS+nYPLr7wd:Gpsnn5AS/8jZek7C7wd
                                                                                                                                              MD5:4DE6BFE6EA98BC42A5358ED8307107B2
                                                                                                                                              SHA1:8F687E60784FD9046A361DC1DC85D43051CBD577
                                                                                                                                              SHA-256:7C07D167AA4A23AB64A205301663C87E578FF6B31985DF8B51AF80CA6999176F
                                                                                                                                              SHA-512:8091AADEACAD1DAC5191EBB996D1E4BE25A19C10A4E76F79AB7EA2A592711FD39AAD7E89D7DEE09385296AA7A649AABFA7C325C4A627AFE1C009C906709EDB5A
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`............@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15936
                                                                                                                                              Entropy (8bit):6.477747126356611
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:GpsJ5cn66FmSHhV8Teeek4SzSgnYPLr7mpB:GpsUngS/8TDekdC7yB
                                                                                                                                              MD5:CA17B8CBD623477C5D1D334B79890225
                                                                                                                                              SHA1:2BFC372A28EDE40093286CDA45003951A2CE424F
                                                                                                                                              SHA-256:A7AC47AC8518E2D53575E12521B3A766A5E2EE4133C6C6AB9AE1C3C6777F5E77
                                                                                                                                              SHA-512:D9DDF3E67B9A4E0197D271243623D4DF8A26A35EC2F5195AB316E910E133BA09C70F6D28E7CA69184E4ABABCF063C014D7A6E6EA48F82382B316864A945175C5
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`....... ....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15936
                                                                                                                                              Entropy (8bit):6.476844183458217
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:Gpsw5cnL6U0mSHhV89+ee84SzSFnYPLr7KTdK:Gps/nHpS/89je80C7KQ
                                                                                                                                              MD5:B4AD335E868693F009B7644E2ED555C1
                                                                                                                                              SHA1:ECCB9711CF78BCD5BD78231A838B1852764B301C
                                                                                                                                              SHA-256:CCA46A54A1A9CE78F7FFC49D195C4AB970AD540B5FCB2B6D9BF57EEDF38EC28D
                                                                                                                                              SHA-512:04A4670345B47C5B256220A85FFC68A1DD6DFE8D44838A4C634EB0EBC469EFC307B0BCF838AA1244634A315F365518B1633586B872C6D459EE80374D14234CA4
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......{.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):185920
                                                                                                                                              Entropy (8bit):6.517453559791758
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:pmxoFzYbnERrNyf0VCyqp2pswAG8wJfV1cnrQKUCc9rBTq/bKQcUMZ:koFJcQCyuZG8wdKcLgbDcU6
                                                                                                                                              MD5:D4246AF96E1FFA5E63C55E6F0A63ED82
                                                                                                                                              SHA1:30F319CEBD7BCCCFC3637231D07F45BD5A79B03E
                                                                                                                                              SHA-256:84576AAC88D08E864645415D8A81F4B8F04C881B7624973C952BA6BCB94F4C8C
                                                                                                                                              SHA-512:92EDFE62BE5BDDC47EC51B01F8FE71C69691423ABECBB358A972766ACCDC8F9365C064FD0A7833C8853EDD5DED51791A7662584DB5F54BE3586AC2787160FA6A
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AE.m.$z>.$z>.$z>.\.>.$z>...>.$z>...>.$z>...>.$z>.${>T$z>...>"$z>...>.$z>...>.$z>...>.$z>Rich.$z>........................PE..L...pPjW...........!.................%.......0.....o......................................@..........................P..h...LK..d.......................@.......$... 1...............................I..@............0...............................text............................... ..`.rdata..H#...0...$... ..............@..@.data....h...`...\...D..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):33344
                                                                                                                                              Entropy (8bit):6.5580840927675945
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:5TuVpsEkV3/azbYJHf2ZdCwhxKdv0tCFC7dRb:5YQV3/az8x2HCSScC4dRb
                                                                                                                                              MD5:EFF31A13A4A5D3E9A5BD36E7349D028B
                                                                                                                                              SHA1:8E47BE8C1CE4DFD73B7041679E96EA4A17DDB4C0
                                                                                                                                              SHA-256:307B816892FDD9BAD9E28953E1BBB4BCE35C8F8CA783C369D7EB52A22BCC4229
                                                                                                                                              SHA-512:72148C757624868D3866C40B31149CCA171737D82ADBCDF2C8FB03A9D8F3C1CEA2B2FC5137DD11DAAD2328D3AF8FAE43568DCCD843664BC43323F9357B67B6A0
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\j.29.29.29w..9.29...9.29...9.29..9.29...9.29.39..29...9..29...9.29...9.29...9.29Rich.29........PE..L...pPjW...........!.....,...>......H6.......@.....o................................T.....@..........................T.......K.......................j..@...........pA..............................XJ..@............@..P............................text...^+.......,.................. ..`.rdata...-...@.......0..............@..@.data...@....p.......^..............@....rsrc................`..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):574528
                                                                                                                                              Entropy (8bit):6.508068830472597
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:NtKMEr1LBBgPcvhwhtRtL+tKJZetu4zxLukaMevlOjPMat4+8NMutQaLqqiINw3X:NtKMEr1VBgPcvhwhtRtL+tkZezxLuQeS
                                                                                                                                              MD5:5E1B7D0ACCB4275DEAB6312AA246CB3E
                                                                                                                                              SHA1:488A5CB9D9C0CF27824DF32B9B76D4F67F6FB485
                                                                                                                                              SHA-256:9FC49B3F6FD11A2B2B92748C24F21721D1011B1920D092E38AF4021102125543
                                                                                                                                              SHA-512:5A875DD4731E862F753EBB987593DC61D39DD3D3D13CDED284DE27DD09AFA946FA96824AC194EC0DD45AA2CE0D56637A5522F49F28F3C89B7F5248D389B1B62E
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8i.8i.8i.@..8i....8i.8h.8i....8i....8i.....8i....8i....8i....8i.Rich.8i.........PE..L...pPjW...........!...............................o.....................................@......................... ..."......<.......................@...........................................p...@............................................text............................... ..`.rdata..B...........................@..@.data...,...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):455328
                                                                                                                                              Entropy (8bit):6.698367093574994
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                                                                                                                                              MD5:FD5CABBE52272BD76007B68186EBAF00
                                                                                                                                              SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                                                                                                                                              SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                                                                                                                                              SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):773968
                                                                                                                                              Entropy (8bit):6.901569696995594
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                                                                              MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                                                                              SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                                                                              SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                                                                              SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):970912
                                                                                                                                              Entropy (8bit):6.9649735952029515
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                                                                                                                                              MD5:034CCADC1C073E4216E9466B720F9849
                                                                                                                                              SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                                                                                                                                              SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                                                                                                                                              SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):79936
                                                                                                                                              Entropy (8bit):6.675027571633986
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:ygRdVzzmTj2iu+wk5eQjBE55W+hYRwZZ3GFjJJ5n5WF:yIfmHsM5j6VqJJ55WF
                                                                                                                                              MD5:691B937A898271EE2CFFAB20518B310B
                                                                                                                                              SHA1:ABEDFCD32C3022326BC593AB392DEA433FCF667C
                                                                                                                                              SHA-256:2F5F1199D277850A009458EDB5202688C26DD993F68FE86CA1B946DC74A36D61
                                                                                                                                              SHA-512:1C09F4E35A75B336170F64B5C7254A51461DC1997B5862B62208063C6CF84A7CB2D66A67E947CBBF27E1CF34CCD68BA4E91C71C236104070EF3BEB85570213EC
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.._e.}.e.}.e.}.~'..d.}.~'..g.}.....f.}.~'..c.}.e.|..}.l...b.}.l...d.}.~'..D.}.~'..d.}.~'..d.}.~'..d.}.Riche.}.................PE..L...pPjW...........!.........l.....................o.........................`......-.....@.............................1............0............... ..@....@...................................... ...@...................l...`....................text............................... ..`.rdata...L.......N..................@..@.data........ ......................@....rsrc........0......................@..@.reloc..*....@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):51264
                                                                                                                                              Entropy (8bit):6.565433654691718
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:a+BEJER/xSW/EoB8VBQZbKYawLysHFhIAqQbQMD8YpwQ+Qi4v8qUYVC7R:a+BEJERvQGbKnwusjIAq08YDi4UqUYoR
                                                                                                                                              MD5:95EDB3CB2E2333C146A4DD489CE67CBD
                                                                                                                                              SHA1:79013586A6E65E2E1F80E5CAF9E2AA15B7363F9A
                                                                                                                                              SHA-256:96CF590BDDFD90086476E012D9F48A9A696EFC054852EF626B43D6D62E72AF31
                                                                                                                                              SHA-512:AB671F1BCE915D748EE49518CC2A666A2715B329CAB4AB8F6B9A975C99C146BB095F7A4284CD2AAF4A5B4FCF4F939F54853AF3B3ACC4205F89ED2BA8A33BB553
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J!...@..@..@...@..@...u..@...B..@..@..@..8M..@...t..@...E..@...D..@...C..@.Rich.@.........PE..L...pPjW...........!.....V...Z......9_.......p.....o................................X.....@..............................+..L|..........................@.......t....r...............................{..@............p...............................text...TT.......V.................. ..`.rdata...F...p...H...Z..............@..@.data...(...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):17472
                                                                                                                                              Entropy (8bit):6.403594687791098
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:A3PK394shTLHzW8KMw3X+PVR6y/FNdoEUtnYe+PjPriT0fwoBpp6Z:BThTrzPPQOPV5NNdoEwnYPLr7xc
                                                                                                                                              MD5:94CAADA66F6316A9415A025C68388A18
                                                                                                                                              SHA1:57544E446B2B0CFBA0732F1F46522354F94B7908
                                                                                                                                              SHA-256:D1C4FB91296D643AEE6AB9CD66CC70ACBE2667AD572D969A06FFEAA2A8859FAF
                                                                                                                                              SHA-512:AC29E7C722A266DCB633953EF2A7E33DF02059AC7876FF94828464B5B74B5BC321C5D2D2851F3CBBFE1328D18F3CD9A49E5EFFE7E4E8AC2BEB3A0E4AAA53AD87
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w....@..w..O9K..w....O..w...w...w....M..w....x..w....y..w....H..w....I..w....N..w..Rich.w..........PE..L...qPjW...........!................)........0.....o.........................p......w.....@..........................7.._....3..<....P...............,..@....`.......0...............................2..@............0...............................text...>........................... ..`.rdata..O....0......................@..@.data...X....@......."..............@....rsrc........P.......$..............@..@.reloc.......`.......(..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):16448
                                                                                                                                              Entropy (8bit):6.380289288441742
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:GpsCgvnvId6YmSHhV85AeencGtnYPLr7Vz:GpsDngGS/851ebC7Vz
                                                                                                                                              MD5:7DA6AA3CC4763C6F9C20B43E6C9A9547
                                                                                                                                              SHA1:3F28CF8E6AAD199DCC621F2A2C8AD50126813B05
                                                                                                                                              SHA-256:F7375AD07F0BE6FD75E822A9ECFF5ACA073DB03B95894C05C7657BEC7AF59AF4
                                                                                                                                              SHA-512:7948EAA11B4026F9975B6CC4225A4C0B617341299364196F3825EEF4484A6EEB529319BF4F6D19436689083C36BF1F6B9880574764612FC900C8CC1D73EED1BB
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......1.....@..................................#..P....@..H............(..@....P....... ..............................h"..@............ ...............................text............................... ..`.rdata..*.... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15936
                                                                                                                                              Entropy (8bit):6.4779230305378315
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:Gpsk5Bn46zmSHhV8yYAeeU4Sz5uwnYPLr73ki:GpsungS/8yY1eUuwC79
                                                                                                                                              MD5:E9AA62B1696145A08D223E7190785E25
                                                                                                                                              SHA1:A9A0CB22A28A3843CF6CCBC9578B1438F0A7B500
                                                                                                                                              SHA-256:EA9DF3432EF31B6864112AF1CEC94E6BE33B92A9030369B9F99225113BCA6EF8
                                                                                                                                              SHA-512:516FA102922980DF592DD08A840DA9073B6568F5E52847968C59995F2BD067AC6D2668D0272AE017D0C71AF627766A8676AE1EB1BC520B76F1F9C5CEEB4BA840
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......#....@.................................D#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):773968
                                                                                                                                              Entropy (8bit):6.901569696995594
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                                                                              MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                                                                              SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                                                                              SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                                                                              SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                                                                              Malicious:false
                                                                                                                                              Antivirus:
                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\npjp2.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):172096
                                                                                                                                              Entropy (8bit):6.3747906238754855
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:1WkHL+UE3r2l5p2WqjgFWcWpPa6QoCzOb/UcODMM4cBqg8UyJNd5uGZzfYtRD+Em:YdNq5YkFuPYzOb/UcODMM4cBqg8UyJNR
                                                                                                                                              MD5:FB658E2F5E185FE5762B169A388BA0BD
                                                                                                                                              SHA1:386235AB2F7AD35E82CD9AC97E9B56E1E308BC90
                                                                                                                                              SHA-256:A91E68C76A90A02D9EDF75E5141C248B3AA5DD612E37883D27065D78A782AF20
                                                                                                                                              SHA-512:B0EAB6F2572552298CD221AF9E71CA7C02375D92E14F7EBD783F5DC9247964F72E658DBFC4273BD3C36DF57199171263F1A4969F133823965448C552BB514EEC
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-n.C=.C=.C=...=..C=a..=..C=...=..C=...=..C=.B=..C=...=..C=...=.C=...=.C=...=.C=...=.C=...=.C=Rich.C=........................PE..L...rPjW...........!.....J...@.......-.......`.....o......................................@.............................A............ ...h..............@.......h....c..................................@............`..H............................text....H.......J.................. ..`.rdata..!....`.......N..............@..@.data...X!..........................@....rsrc....h... ...j..................@..@.reloc...".......$...d..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15936
                                                                                                                                              Entropy (8bit):6.477211573452372
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:Gps25Bnb61mSHhV8nOeet4SzvBQnYPLr7D8/:Gpson1S/8nTetJSC7+
                                                                                                                                              MD5:ED3F3D8E4C382BF8095B9DE217511E29
                                                                                                                                              SHA1:CAE91B9228C99DCC88BAC3293822AC158430778C
                                                                                                                                              SHA-256:800F41B877AA792A8469C4DBB99838E7A833B586EC41BD81DA81EAA571F7FAC1
                                                                                                                                              SHA-512:023855267C6CC6BD5230E7A922310328E8DC0521C041C038C579035C9B1E70EAC168695B56357793505375E0B134FAD040BB284C6B02B3190EE7F6FCAEC33FE9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`...........@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_common.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):52800
                                                                                                                                              Entropy (8bit):6.433054716020523
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:Rk2X5KQaT9nNrmTTY99ccAlGGzGRulFJWpiDO:RkgUhpmA99ccOGGzGRuPJWpgO
                                                                                                                                              MD5:6D05EAD2F6B95C4AFFCFB1B27DC0C188
                                                                                                                                              SHA1:0D04A67505D006493F252985AC294B534D271EF2
                                                                                                                                              SHA-256:6330591A151E565B5EAB2D174DF8E2F6523A8F403E4E8D8C8DC58D0945881F19
                                                                                                                                              SHA-512:DBE98FA16162636039853E9A82CADBE4E6D5A4E6E282A3FBBC122229C314C91E7C445FEB83921EBFE024DC09BC6AA76682F903036A2D2BEA363F1D09DD571B10
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q..D5.w.5.w.5.w..J..7.w.5.v...w.8..6.w.8..6.w.8..9.w.8..7.w.H..2.w.H..4.w.8..4.w.H..4.w.Rich5.w.........................PE..L...pPjW...........!...............................o................................/&....@....................................<.......................@...............................................@............................................text.............................. ..`.rdata..X...........................@..@.data...D...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_d3d.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):116288
                                                                                                                                              Entropy (8bit):5.7845827860105885
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:UbqmeUF67oaebwU3ta+uHMg9glgFvcfgfgzgG4g9XTXDXp+RuXGXlXdY9vXTXvXQ:8qmeUF67ZeUUVjcIA
                                                                                                                                              MD5:5AADADF700C7771F208DDA7CE60DE120
                                                                                                                                              SHA1:E9CF7E7D1790DC63A58106C416944FD6717363A5
                                                                                                                                              SHA-256:89DAC9792C884B70055566564AA12A8626C3AA127A89303730E66ABA3C045F79
                                                                                                                                              SHA-512:624431A908C2A835F980391A869623EE1FA1F5A1A41F3EE08040E6395B8C11734F76FE401C4B9415F2055E46F60A7F9F2AC0A674604E5743AB8301DBADF279F2
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........tm....X...X...X.G.X...X.G.X...X.G.X...X.G.X...XR..X...X...X...X.l.X...X.l.X...X.G.X...X.l.X...XRich...X........PE..L...pPjW...........!................=..............o................................|.....@.........................0...K...|...d.......................@....... ......................................@...............4............................text.............................. ..`.rdata..X...........................@..@.data...............................@....rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_sw.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):86592
                                                                                                                                              Entropy (8bit):6.686302444148156
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:/QsPinZd9lmzFRQnJ9sSpkWgVenAe7C3xWxNO3A4:lPE9lEmtpkj7eqWxNCA4
                                                                                                                                              MD5:5E6DDF7CF25FD493B8A1A769EF4C78F7
                                                                                                                                              SHA1:42748051176B776467A31885BB2889C33B780F2D
                                                                                                                                              SHA-256:B9BEACA57BFF23C953917C0B2037351EF3334E6A9DE447DCA6542FE5C815BF9F
                                                                                                                                              SHA-512:C47F742F064B99E5B9C2BDEAC97472D9D8C9466C9071E9799AF79F820199D9B30B198C33EF635F07A972B77475AFEA9E7417AA6335D22A7380E7B0E552869C18
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!3.ueRr&eRr&eRr&...&gRr&eRs&ERr&h..&fRr&h..&oRr&h..&hRr&h..&gRr&.+.&nRr&.+.&dRr&h..&dRr&.+.&dRr&RicheRr&........PE..L...qPjW...........!................~..............o................................O.....@........................../..B...D4..<....p...............:..@.......\...................................0...@...............|............................text...4........................... ..`.rdata..*w.......x..................@..@.data...$....@....... ..............@..._RDATA.......`.......(..............@..@.rsrc........p.......0..............@..@.reloc..\............4..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\resource.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):14912
                                                                                                                                              Entropy (8bit):6.381906222478272
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:kNncquU+hyD13XLPVlD6o+N9F5os7USnYe+PjPriT0fwXF27:kNcWp7PVl67/nYPLr7s27
                                                                                                                                              MD5:3C9DC0ED8ADD14A0E5B845C1ACC2FF2E
                                                                                                                                              SHA1:25C395ADE02199BEDCEE95C65E088B758CD84435
                                                                                                                                              SHA-256:367C552FBA3DA5F22791CF8F22B983871639ECD2EF7F5B1880021FE4C4F65EE4
                                                                                                                                              SHA-512:4DD5F68180D03B6621E46732F04B47F996B96F91F67845538D1B303E598CCFDB5E4F785A76DE7DFCB8918125FDB06B9068C4EAB06984B5AA9224DCE90190BA1A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z>Mg._#4._#4._#4.'.4._#4..4._#4..4._#4..4._#4._"4>_#4..4._#4..4._#4..4._#4..4._#4Rich._#4................PE..L...pPjW...........!......................... .....o.........................`.......>....@..........................%......\"..d....@..............."..@....P..D.... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc.......P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15936
                                                                                                                                              Entropy (8bit):6.466364086630595
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:Gpss5cnn6vmSHhV8TI1ee84SzK8nYPLr7HuY:Gps7nnS/8Tte8tC7HuY
                                                                                                                                              MD5:12B6E1C3205A8B17AC20E00A889DFC43
                                                                                                                                              SHA1:42458CFA7135858ACEF10803B87A208FA7E66413
                                                                                                                                              SHA-256:EAEA20A794EC6BB15808EF278376A87CF91F9BE15FE6A7DE92014AC4BF75555D
                                                                                                                                              SHA-512:174703820636DED2BA081420A8D1E37D67FDA6C13AC406C2F08E16DCF0C7B7D9642E37BC888802B50ED3438D6029C4FECCD7C151B82CF9A91F13F36C4A0B2019
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......r.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15936
                                                                                                                                              Entropy (8bit):6.475930674615241
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:GpsFG5BnK6xmSHhV8TCeeX4SzREnYPLr7Ggp:Gpsen0S/8TveXUC7jp
                                                                                                                                              MD5:31C0CED43A07A2DFF3AFC557EBABBE0F
                                                                                                                                              SHA1:9100A7393B919EB35C79CE16A559D783219E2F20
                                                                                                                                              SHA-256:B93D0D62436D89C84C66ABBDCF817084A6BA01F7E10053C8F343DF5D53D37536
                                                                                                                                              SHA-512:716818BBF6E4F21C2A627259F1D35E8375EFEF9C3B197B3AF6E10A4A1735CC643141C32270DF7F6FE25733517BE38CAA09205B98119996237E8EAE6A7D0825A7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......84....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15936
                                                                                                                                              Entropy (8bit):6.475447140204412
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:Gps85BnF26emSHhV8QM1eet4SzvBonYPLr7I:GpsGnFjS/8QBetJWC7I
                                                                                                                                              MD5:43C1D1D0E248604CB3B643C0BDF4EC9A
                                                                                                                                              SHA1:7BEE9DEB1E43F0FECF0FC57BDFD3F79CF048151F
                                                                                                                                              SHA-256:165BFF317674BE33F2920320F3EF0957539E5BF149B673C2073DF48FF93A6D94
                                                                                                                                              SHA-512:CAA9B14DF20FFF92CFC4F9A8557804FBD4CC02831824CD53AEAC7D0EE7918BBD50E22A69AB5FFC9E92A468A5201DF263707D373D60378817DC5FEFDE1ABC48BF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......t....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\splashscreen.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):177216
                                                                                                                                              Entropy (8bit):6.909590121652277
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:L9Wyo+Jyru3w8WqWnJjOUrI7vh+Dug9PVWU+kmaVE9TBfQiJ8:BWyPsi34i+DugFj+kmaVE9TB4/
                                                                                                                                              MD5:8DC2356E3FF3A595AEDE81594A2D259A
                                                                                                                                              SHA1:A05E05E9EA8FB0C8928112CA931EB4F5E977B92A
                                                                                                                                              SHA-256:B9DE5D3ABBC0AC956E7F590E4C8507FF570B6C353374BB80F413B5846CE322FE
                                                                                                                                              SHA-512:D5C83EBDB7192DD361856B236A07AFD4FF95E68E0036396D68A3407ED680D4A36EC857AB101DBA5F583AA67CC45A2835178DAC84A68472C7F619EFA674FE51F0
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................8h....z.l.....8j.....8_......_......g.......h....8^......8o.....8n.....8i....Rich...........................PE..L...pPjW...........!...............................o......................................@.........................`...........P.......................@...........`...................................@...............D...|...@....................text............................... ..`.rdata..]...........................@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssv.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):473152
                                                                                                                                              Entropy (8bit):5.475991416072106
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:ngmgmb+p19k+j4QJKFDSha+IJ6NyLu/wtAWvrMZp5WMuBzj:n17bsj4QJlha+XNyLu/iAWvhBzj
                                                                                                                                              MD5:79CFE207E05F771E29847573593F6DE1
                                                                                                                                              SHA1:34DFA813802C6F5A57A557BF72B2B306F8042E90
                                                                                                                                              SHA-256:AEB27727F428116069944BB92B477D7487C9DEB3921E1005814536459E35222F
                                                                                                                                              SHA-512:2C71A827BB156BD012BE20B30D701D5123D8B6C7889D4F4A47A483D3477C25BF224E7F205CA9FCCB08DA0A2EF28AF6433D018A0E555BCE911C31A5F462F41578
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@.....@..@..@..4@..@.u2@..@.u.@..@../@..@..?@..@..@:.@k..@..@.u.@\.@.u7@..@.u6@..@.u1@..@Rich..@........PE..L...pPjW...........!.....^..........r .......p.....o.........................p............@.........................@D.......+...........s........... ..@.... ..H6...t..................................@............p.......).......................text...\\.......^.................. ..`.rdata.......p.......b..............@..@.data....I...P...*...8..............@....rsrc....s.......t...b..............@..@.reloc...H... ...J..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):52800
                                                                                                                                              Entropy (8bit):6.367562931371078
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:0UD9dxWf4b4UoY6sUsaJ2sQ7O+phclByW3T9KMDbgz2dN6lDb/9/YMw0c3D6QsTY:0IofovBbS9KMvHR0cz6QsTPOXm2BT9j7
                                                                                                                                              MD5:F434A8AC7F1C8C0E2587B9A9F30E397B
                                                                                                                                              SHA1:BD62E10E44117A60EB4180412112593D9460299D
                                                                                                                                              SHA-256:6A994B389B8F7109238DE6F230B1B540186ED2EC8D081C7601C6996863AA4DC8
                                                                                                                                              SHA-512:9896DAC36BD4F7289C7701B75AD8EB9F7ACD233384075A3FBA6E6F2F38E420F37C1A29317EEEA3C4DDBA1791F6F17187DD5BDFDD9F98F095E7D4DF20C0D5EA3E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hi.m...>...>...>..u>...>.Fq>...>..w>...>..C>...>.pj>...>.pz>...>...>...>c~B>...>..B>...>..s>...>..t>...>Rich...>........PE..L....HjW.................f...R.......i............@.................................._....@.....................................x.......................@.......X...@...............................P...@...................`........................text....e.......f.................. ..`.rdata...5.......6...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunec.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):123968
                                                                                                                                              Entropy (8bit):6.699694377005066
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:jWi/SLhxEJKv0O4+zwtKg3HquHB2u0YUdRXGCDilgKptxG0ULtt1vtxgl0IlgqA2:+vdtg6ZYUniPe5vtxgl0IlgqA2
                                                                                                                                              MD5:0BAB62A0CF67481EA2A7F3CAFD7C5144
                                                                                                                                              SHA1:D6B010C815F4D9C675DF918B615FE0AAE45249EA
                                                                                                                                              SHA-256:FC57682FDBCA50FAEBFC6B4F5D199FC407A541C110C15F0C850503006D32301A
                                                                                                                                              SHA-512:0128813DE247246BF4AECE1B222B6611E5AE1EDE01A1B339CFE0F98184739D7A066DAE4F1A271F544BB39F9B79F053F4B96F2E471B9444C29855CF52FB7835CB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..@=..=..=..4.1.?....:.<..&G>.>..=.....&G<.:..&G..>..&G.....&G9.<..&G8.<..&G?.<..Rich=..................PE..L...qPjW...........!.........................0.....p......................................@.........................p...:...\...<.......................@............0..................................@............0...............................text............................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..>...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunmscapi.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):25664
                                                                                                                                              Entropy (8bit):6.488681310308951
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:GxZ2v7Oc56lspQEgde9M3z27lFOJIjkzIPV5yKlWFKbKwnYPLr7Wo5L:Xr5PQEOe9MD4lFhjk8ddeKWwC7dL
                                                                                                                                              MD5:039AD8A7A4B14C321F156878838A2340
                                                                                                                                              SHA1:6AD9D2FBA988193D16E7B3278C0D0757AB99B3EF
                                                                                                                                              SHA-256:ED3AD7EBA989FB31C2ABC3220694D1446D33659782CB1B333318EC54A577389D
                                                                                                                                              SHA-512:7D5B8C191A7D0C4FEDB831DE197A3CB5DC0564AD3F2E57EEE8C506B2308B656D2F0FE086D508FAB8F03CA0E1B0574E708728373DFA3116C9B9FC5DFDB72FEE46
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.............................;......V...............:..........................Rich....................PE..L...rPjW...........!.....(..."......h2.......@.....p.................................3....@.........................`O.......G..d....p...............L..@...........PA..............................8D..@............@..4............................text....&.......(.................. ..`.rdata..8....@.......,..............@..@.data...`....`.......B..............@....rsrc........p.......D..............@..@.reloc..^............H..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\t2k.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):195136
                                                                                                                                              Entropy (8bit):6.80727029211823
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:fmtIwyq6lFq857zCYLFYEVothL10xYOXjV5qECVTHLy71vJ2qIcWYEfQQxIYh5t+:mIwyqM7qYLVVIqhfqfTm1W+Tws
                                                                                                                                              MD5:E1904A4B2D6F657B9FEF053893FE3C41
                                                                                                                                              SHA1:59AC965A1029AE936DDD5AE623A9A025D49737EC
                                                                                                                                              SHA-256:5929E3510F67FEAE073B8995BFC542FD7A0626F57D2FBC829EFC95206DF8F85F
                                                                                                                                              SHA-512:C0A60928299EA2E6DC8AD1E3DE9CEF77C8E520585F8D73BD7F56E33705D1A2AEC04AE9C01A8069AE5A0D71F28AEF42F4A260CF4D5BB44A95DCEB70E5C8DB8FEA
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`.zS$...$...$...-..&...?>..'...?>..!...$.......?>.. ...?>......?>..%...?>..%...?>..%...Rich$...................PE..L...pPjW...........!.....f...........p.............p......................... .......]....@.............................f...\...P.......................@...............................................@............................................text....e.......f.................. ..`.rdata..v[.......\...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):16448
                                                                                                                                              Entropy (8bit):6.392776971200692
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:GpssZwnvNmc6DDmSHhV8Ogee1cGPnYPLr7fl:GpssqnFm16S/8OVeLC7fl
                                                                                                                                              MD5:7624A9B769CDCF3A75FE5A9FEAADD61F
                                                                                                                                              SHA1:9269968968CD63D6E1ECC14F78B9A630FCC26FBE
                                                                                                                                              SHA-256:41F9A804C888A58DECDE2B63A544DBFF536B40D87CECED197E1A14050858C0DA
                                                                                                                                              SHA-512:1AF7BB30E1FC7600AD0A209DB4E077DAB9CEAA5C4332F8B1353ED0DB7EA71B4A9B7D126E756B634D3FB22618E39AFC5ED52263C88E9F7646EAABB0D9240E382B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......n.....@..................................#..P....@..\............(..@....P....... ..............................."..@............ ...............................text............................... ..`.rdata..J.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):65600
                                                                                                                                              Entropy (8bit):6.461111208462538
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:lVeogiQWo3IzLIoDY9p6K/sdDAZ5e1x3afX:veDib4oDu4K/sdDAZ5CxEX
                                                                                                                                              MD5:806580640A68234A711D3BB0642130A7
                                                                                                                                              SHA1:1EDF20DAAC15FE90E9891E95130D0DD70D005B62
                                                                                                                                              SHA-256:CCCC2A9F54E4F5961DD45DAA1F6C97ECFB156EA8E0DF82277A2C109EA4D2E036
                                                                                                                                              SHA-512:0AAC087449DEECBB1CFAEE5C3144500CDC4C1D209D1F1F7D8EB41DD7870504BF71D0CC9AE7761BFC609F42273B7FB3CA7801AA54FB0E92BC71C41CC5CAECD31C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.H%..H%..H%..A]).J%...k".I%..S.$.L%..S...D%..S.&.O%..H%..w%..S...A%..S.!.I%..S. .I%..S.'.I%..RichH%..........PE..L...pPjW...........!.........L.....................p......................... .......<....@.........................`...........d.......................@...........................................P...@............................................text............................... ..`.rdata..q-..........................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exe

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):159296
                                                                                                                                              Entropy (8bit):6.019927381236816
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:9vFy5zbJEQFFB9AYeb11tzTQrTBfYEaf9zQ6NlUlh5:7iFry3b11twTBgEaf9zQ6Nc
                                                                                                                                              MD5:C15F0FE651B05F4288CBC3672F6DC3CE
                                                                                                                                              SHA1:FFCE84FE532B41F31CDDC41C84024FAFE6BC30E6
                                                                                                                                              SHA-256:869DC4D40444F10325057B0CC3BB7EA48942DD712DF8A1AE331A554FF0397F1A
                                                                                                                                              SHA-512:E9E27C4C68972E3250B380C1A5D5EB02BEC03028D389234A44A7D56974BFA233D177173F929BDB6FF877AE17A529D85D384684B0037E260A0143F7A95A0204C6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ar.:%..i%..i%..i,kKi'..i.]@i&..i>.Di&..i%..in..i>.Fi ..i>.ri8..i>.si,..i>.Bi$..i>.Ei$..iRich%..i........PE..L....DjW..........................................@..................................c....@..................................p..<....................V..@........... ...............................@6..@............q...............................text............................... ..`.rdata.............................@..@.data........P.......(..............@....idata..D....p.......8..............@....rsrc................B..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\verify.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):39488
                                                                                                                                              Entropy (8bit):6.751057397220933
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:Okt1MVMrA9/Klzwz9UyCgMUt9onPs3h3nVt83OndMY7dmMpAnC70N:Oo1oMQ/CrPa3VWO+gdmMW6q
                                                                                                                                              MD5:DE2167A880207BBF7464BCD1F8BC8657
                                                                                                                                              SHA1:0FF7A5EA29C0364A1162A090DFFC13D29BC3D3C7
                                                                                                                                              SHA-256:FD856EA783AD60215CE2F920FCB6BB4E416562D3C037C06D047F1EC103CD10B3
                                                                                                                                              SHA-512:BB83377C5CFF6117CEC6FBADF6D40989CE1EE3F37E4CEBA17562A59EA903D8962091146E2AA5CC44CFDDDF280DA7928001EEA98ABF0C0942D69819B2433F1322
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.d....]...]...]...]...].H.]...].H.]...].H.]...]...]_..].H.]...].H.]...].H.]...].H.]...]Rich...]........................PE..L...pPjW...........!.....N...4.......W.......`.....p................................*k....@.................................<x..P.......................@...........Pa...............................v..@............`..<............................text....L.......N.................. ..`.rdata..e!...`..."...R..............@..@.data...(............t..............@....rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\w2k_lsa_auth.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):21568
                                                                                                                                              Entropy (8bit):6.4868701533420925
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:uVI9/tEAHVvfiqiW9LEiGTHb6hVXbS7fLsD5bGGNET7T7T7T7JyFoynPV5hgGLVt:uVI9/yA9f1iW9LEiGTHb6hVXbS7QbGG9
                                                                                                                                              MD5:7C2959F705B5493A9701FFD9119C5EFD
                                                                                                                                              SHA1:5A52D57D1B96449C2B40A82F48DE2419ACA944C3
                                                                                                                                              SHA-256:596F89E7E5D9AC2B1F97FA36A20A7405C1CC41A9FCBA96DB089ADA4550131B24
                                                                                                                                              SHA-512:B7B48BD14701F75B9018BEDEE5A4CFCEBDAC342F83339FB3F1EFB7855598474C9D1CC993B5D4ADD3326140435087D2BD7CBBC18BC76C64EAD6234A9A7D57C552
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..3..`..`..`.E.`..`.E.`..`.E `..`...`..`..`2.`.E!`..`.E.`..`.E.`..`.E.`..`Rich..`........................PE..L...pPjW...........!.........".......#.......0.....p.................................h....@.........................@B.......<..x....`...............<..@....p.......0...............................;..@............0...............................text............................... ..`.rdata..6....0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc..&....p.......8..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\wsdetect.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):163904
                                                                                                                                              Entropy (8bit):6.508553433039132
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:onzJtwzsrYx6cY+90AiVrM5muIqltkt7maRoM/X1fJqO0NJT:onttwzsrYxTaVVY5muIq3mx/X1fcb
                                                                                                                                              MD5:A63387A1BFDF760575B04B7BFD57FF89
                                                                                                                                              SHA1:9384247599523D97F40B973A00EE536848B1D76F
                                                                                                                                              SHA-256:5DF5B7E6EFCC345DDC8448AFC707B666F5F696F554B00ACA64D8E23EDBC176BF
                                                                                                                                              SHA-512:CB3A6A394424345FFA076E0BE58F284A0E4DB6FBFCE02D93FB4871D350A7FA1E673175AE988C26453DB1C983C0D06A01DD413DE47031BB4BF308CAAF3513C36F
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T.^.T.^.T.^..)^.T.^../^.T.^...^&T.^.".^.T.^.,2^.T.^.,"^.T.^.T.^MT.^...^.T.^..*^.T.^..+^.T.^..,^.T.^Rich.T.^................PE..L...rPjW...........!...............................p......................................@.................................D........p..P............h..@.......d...................................P...@.......................@....................text............................... ..`.rdata...d.......f..................@..@.data...`@... ..."..................@....rsrc...P....p.......(..............@..@.reloc..~/.......0...8..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\zip.dll

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):69696
                                                                                                                                              Entropy (8bit):6.89860109289213
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:ZCghp1EJqcGdjandlraksIOwIOpVnToIft4tpgO6:/142jUhimp9TBft4tqO6
                                                                                                                                              MD5:CB99B83BBC19CD0E1C2EC6031D0A80BC
                                                                                                                                              SHA1:927E1E24FD19F9CA8B5191EF3CC746B74AB68BCD
                                                                                                                                              SHA-256:68148243E3A03A3A1AAF4637F054993CB174C04F6BD77894FE84D74AF5833BEC
                                                                                                                                              SHA-512:29C4978FA56F15025355CE26A52BDF8197B8D8073A441425DF3DFC93C7D80D36755CC05B6485DD2E1F168DF2941315F883960B81368E742C4EA8E69DD82FA2BA
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H....................2.................4.....................5.............................Rich............PE..L...pPjW...........!.........h.....................p.........................0......V.....@.................................L...d.......................@.... ..X...0...................................@............................................text............................... ..`.rdata..wV.......X..................@..@.data...............................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\dn-compiled-module.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):807536
                                                                                                                                              Entropy (8bit):7.990358464082814
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:12288:3aao4bP4Rwj9pDm4QnRq+khVdEamm5S6ufzD7zWegDwTWeFtPlIqw:3/lsRwnanA1mr6IWegsr4
                                                                                                                                              MD5:C6E560C9673A3BC83D15F47DC932550D
                                                                                                                                              SHA1:59010ADB70E2A4DE555E1E0823FDE4673BC55437
                                                                                                                                              SHA-256:21CE1829F992F60110EBE2B5678B9F36A762612E21D1A4E8408E1966DA36D0B9
                                                                                                                                              SHA-512:9A2A4FC1DD752AC6B0E8AB4D8D0DA486E9DCB18EA9D012C943F7704E5ECA111922287A00AD955A7309F36FE5D01C0DB5C2CD0D4395B2DA9E839BB3276D1F581D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........CY................META-INF/....PK..........CYc..\...h.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..y...R.KRSt.*A.-......u....4....sR......K..h.r.r..PK..........CY.................packages/PK..........CY................action/PK..........CY................behaviour/PK..........CY................behaviour/custom/PK..........CY................bundle/PK..........CY................bundle/jurl/PK..........CY................bundle/windows/PK..........CY................bundle/windows/api/PK..........CY................bundle/windows/result/PK..........CY................bundle/zip/PK..........CY................facade/PK..........CY................installer/PK..........CY................installer/forms/PK..........CY................installer/modules/PK..........CY................php/PK..........CY................php/compress/PK..........CY................php/framework/PK..........CY................php/gui/PK..........CY................php/gui/framework/PK.....

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\dn-php-sdk.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):13202
                                                                                                                                              Entropy (8bit):7.737712617961208
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:LhR1Ygxt7I20RiT2dI03cIH8W6Bc4/kyOLZAy0ZH6AfkA8sFayhbD3D3KRe:1RNRI24AKBcW6BIyYreXf/iyhPD3KU
                                                                                                                                              MD5:3E5E8CCCFF7FF343CBFE22588E569256
                                                                                                                                              SHA1:66756DAA182672BFF27E453EED585325D8CC2A7A
                                                                                                                                              SHA-256:0F26584763EF1C5EC07D1F310F0B6504BC17732F04E37F4EB101338803BE0DC4
                                                                                                                                              SHA-512:8EA5F31E25C3C48EE21C51ABE9146EE2A270D603788EC47176C16ACAC15DAD608EEF4FA8CA0F34A1BBC6475C29E348BD62B0328E73D2E1071AAA745818867522
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................JPHP-INF/..PK........3.\K................JPHP-INF/sdk/..PK........3.\K..e.....\... ...JPHP-INF/sdk/ArithmeticError.phpe..j.0...@.Ac...n]..C..+8....)Xr....t.`cI.......i.K..t.V..F..)@...l.[B...G^b.E=I.a.2J..'..%.b. ^.......z........S ........v......d.h4...1NN]..,..t...~..yo&...G.....<@A...5. .\..ET.w;.S...w.....a..61...[.O....k....PK........3.\K.J.......... ...JPHP-INF/sdk/array-functions.php.Y]o.0.}G.?..M....M[.U.j.h.=F&..q2.0.u.}Nb ....:.@7p....p...Y...\]^v;.e.)C.....z.z.G...z1.P....h...U..H...jc.O..@4..U.._..K..C....6...q;..v.t;.})q....Q..eE..5wg+.l.c..V.......T{qJ..(53.cXn..<..#.k.....RI.A..8...D$..0..0]os...|...OR...p......]..`0.f.8.q....p...H....E..4>{...5.Xf.....5...Wms...>....LH..$,`C......T..#.#K..4".....f.-!h..MAle.m.a..2.....AZ......iT.Z.....Vu.J.a......p..4.6B..I..D9GY....}.L"Mh.....$...M.

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\gson.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):231952
                                                                                                                                              Entropy (8bit):7.8987047381149225
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:2DiL6hR+wm60gqZjJhqo2M04r7bv1XMrMxw1rl1rwj+Bmd6dYBmkW1eIjEmFdbl6:bq0jSi2Qi1B1Cay6dYBUwmPxLe3
                                                                                                                                              MD5:5134A2350F58890FFB9DB0B40047195D
                                                                                                                                              SHA1:751F548C85FA49F330CECBB1875893F971B33C4E
                                                                                                                                              SHA-256:2D43EB5EA9E133D2EE2405CC14F5EE08951B8361302FDD93494A3A997B508D32
                                                                                                                                              SHA-512:C3CDAF66A99E6336ABC80FF23374F6B62AC95AB2AE874C9075805E91D849B18E3F620CC202B4978FC92B73D98DE96089C8714B1DD096B2AE1958CFA085715F7A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK...........H................META-INF/PK...........H..Q?....p.......META-INF/MANIFEST.MF.R]..0.|...`....$.8...SQ.C.....Kp... ..u>0.U..9.....Y....M..J3)2.....+A9..A..M.x.R.....q.SD].l{)w.......\..........=...N.n36..F.FM.../.b.6.A.D...l.Z].x4M'.t<.R7z..w.k}._.S@.g.z..81%E..dh.l.a.G.."'........n......Je.h6lM.(..r.{_.T&.....[....Z...N_. G.c............T6.z.z]m...N.s+..........R.Zg.`.Qg.a...a+e.J..W..%.P....7.I...$..wi.{...*...{...=.N......Q@.`v..$..G..........M./m3.....6.O.9...T.P.[X........~Lc.{Q$.QXHe=k...D.pE.nH...PK...........H................com/PK...........H................com/google/PK...........H................com/google/gson/PK...........H................com/google/gson/annotations/PK...........H................com/google/gson/internal/PK...........H................com/google/gson/internal/bind/PK...........H............#...com/google/gson/internal/bind/util/PK...........H................com/google/gson/reflect/PK...........H................com/google/g

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-app-framework.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):106006
                                                                                                                                              Entropy (8bit):7.823795646704166
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:CPj4aLCBcnn4xGrpR7H30x4VTNVNM43QHt0msLiWzO5SQJn4494m75CYl3U:ETCBmnoCptBNNVNzQ6e5SQW494mlZ2
                                                                                                                                              MD5:0C8768CDEB3E894798F80465E0219C05
                                                                                                                                              SHA1:C4DA07AC93E4E547748ECC26B633D3DB5B81CE47
                                                                                                                                              SHA-256:15F36830124FC7389E312CF228B952024A8CE8601BF5C4DF806BC395D47DB669
                                                                                                                                              SHA-512:35DB507A3918093B529547E991AB6C1643A96258FC95BA1EA7665FF762B0B8ABB1EF732B3854663A947EFFE505BE667BD2609FFCCCB6409A66DF605F971DA106
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K.................packages/..PK........3.\KpS..v............packages/framework.pkg.W.n.8.}....}..,.:m....c3.&.(Hr;....k..V..h.sH../.\..h... w.T6j....k.o..;L.....dBR.{/.I.P.t.H.:s...X.......#...-..CPm.....lT;..u........P..o.L.j..a.h...@.@..6`J....D9..IfT..U....d.B.]..........T.<.......nfs..k....P`..,..g........T[+@.em.cY...F.k.h..T.M.1....{.eg@+Q.._a.....(O.Z..y.UPu....;.M.......8O..d$....)...MlMc/..;.|....N.(.s.......1.c.n..... T+..._.g*@R9.. ...F...../...lg..>.....W...J.6.<.VT..iY.l....}......M.J.?.........YS....H.9rG.I.;....ZK...d'|....Ix....c.....ve._s......JOu..s....Z...)g........j.K.W.7.o .^....:!m...n...........*9Q'..8.<..3!.\.8.j...z.mn.....6.....].N/...x]..Ke....:.A.Z.......l..AaG3~..y.K8R..<#J?..P..._..k.H........ .]L8.......j......lYq..).......(.hCf...$$..l.....K...M3...Ll9....-.1.%.......v.....m...

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-core.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):475905
                                                                                                                                              Entropy (8bit):7.8713354167151675
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:pyfuv+DnikW2IfqFXKzNGNyyRmfD4vCgdiRST:pLWDnid2IfZGAyAfczdig
                                                                                                                                              MD5:7E5E3D6D352025BD7F093C2D7F9B21AB
                                                                                                                                              SHA1:AD9BFC2C3D70C574D34A752C5D0EBCC43A046C57
                                                                                                                                              SHA-256:5B37E8FF2850A4CBB02F9F02391E9F07285B4E0667F7E4B2D4515B78E699735A
                                                                                                                                              SHA-512:C19C29F8AD8B6BEB3EED40AB7DC343468A4CA75D49F1D0D4EA0B4A5CEE33F745893FBA764D35C8BD157F7842268E0716B1EB4B8B26DCF888FB3B3F4314844AAD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........[K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK..........[K................org/develnext/jphp/core/..PK..........[K................org/develnext/jphp/core/common/..PK..........[K0:..).......G...org/develnext/jphp/core/common/ObjectSizeCalculator$ObjectWrapper.class.RMo.@.}k;q.\....o.$....F.@.*".p.*.'6.*qp.`;.EH........%.$...q...B.V..r.....{o.....o...* ..yh8"..:..p.'u.b....pb.rk...q.g.H.K...._f.....1h..+.f[./........OH......]Y.....af..V.G#.2.M..a..Q$..h.a..u...~l.F......0..~..v........ \..)..{c.E..~.A...K;...U>J-..<.o..VkM.,..Fi...CG.....^..I%.y,..3p.gt.e...#....d(..'.J?#..q.E..jmj....\...;...Q,...]..n.qm{[{.............T..(P.G.......3.i}..*....t.xD...'..ja.6.J@.IV.?(c..|.r.....6.~..>A-ko.Q'..(.whtlB..AS'./#..P|J..1?... ....mRWj.S.CF7X.t.......I)[/..T...ze.k.WT..,.L.

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-desktop-ext.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):17374
                                                                                                                                              Entropy (8bit):7.682654493549437
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:Paj1PXNyyQwsCxm7VXh3il27I8pdo63XNrqlY3ylWn4iczt3Z:e1/BQwsCxIVXhuF8pKaXNdXn4icz9Z
                                                                                                                                              MD5:B50E2C75F5F0E1094E997DE8A2A2D0CA
                                                                                                                                              SHA1:D789EB689C091536EA6A01764BADA387841264CB
                                                                                                                                              SHA-256:CF4068EBB5ECD47ADEC92AFBA943AEA4EB2FEE40871330D064B69770CCCB9E23
                                                                                                                                              SHA-512:57D8AC613805EDADA6AEBA7B55417FD7D41C93913C56C4C2C1A8E8A28BBB7A05AADE6E02B70A798A078DC3C747967DA242C6922B342209874F3CAF7312670CB0
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................org/..PK........3.\K................org/develnext/..PK........3.\K................org/develnext/jphp/..PK........3.\K................org/develnext/jphp/ext/..PK........3.\K................org/develnext/jphp/ext/gui/..PK........3.\K............#...org/develnext/jphp/ext/gui/desktop/..PK........3.\K............+...org/develnext/jphp/ext/gui/desktop/classes/..PK........3.\K.|wk.......6...org/develnext/jphp/ext/gui/desktop/classes/Mouse.class.SmO.A.~...^O....J..P..QQ.."&M*.0|2!.c)...n..../&F.....(..-.A..}f.yff......2..0e.&.m.B!....ha..<C.#..~..P....0VZ.+T.]W....&.^.r.b.....r.|.E....m..Z.+...R...V..k^.......<.....z_F.K. ....!|%..{`.Q.%..[..].(..}..XeHQ........h...S.i.!....*.a.i.(..F6..m.I...R...Yp.2[....C..))%.f...]..Mt7..Sm6...D.D......'.K3);i{.7..ER..5..'N'..73ip?&^.hoZ.up.....,.e.wq..}.W..`.+..g.%....|...S.....*......&t.

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-gui-ext.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):704689
                                                                                                                                              Entropy (8bit):7.834558665203789
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:sSn9gd/GXLtKb+Ozu5idmEfcHOPJZ7bw1kXn0yZLJZsDDpJSWB5qSEhQ:sMw/GXUb+euCVIOxRQIZOnuK
                                                                                                                                              MD5:6696368A09C7F8FED4EA92C4E5238CEE
                                                                                                                                              SHA1:F89C282E557D1207AFD7158B82721C3D425736A7
                                                                                                                                              SHA-256:C25D7A7B8F0715729BCCB817E345F0FDD668DD4799C8DAB1A4DB3D6A37E7E3E4
                                                                                                                                              SHA-512:0AB24F07F956E3CDCD9D09C3AA4677FF60B70D7A48E7179A02E4FF9C0D2C7A1FC51624C3C8A5D892644E9F36F84F7AAF4AA6D2C9E1C291C88B3CFF7568D54F76
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........gt]K................META-INF/..PK........0.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK......../.\K................org/..PK......../.\K................org/develnext/..PK......../.\K................org/develnext/jphp/..PK......../.\K................org/develnext/jphp/ext/..PK........gt]K................org/develnext/jphp/ext/javafx/..PK........gt]K............#...org/develnext/jphp/ext/javafx/bind/..PK........gt]K....V.......>...org/develnext/jphp/ext/javafx/bind/BoundsMemoryOperation.class.V[W.U..N..a....B[.Z...h-.....E.h.-.j..$.Hf..$....|...P}.k.e.k..\.33..&..b......g_f.....K.w..a.3.f..).W.0.va._(.R.....).5.......$.Z.#).*V.\U.&..)S*6.|....V..$.S..0.cKAZA..s.-1.......3N.3.IX6_.....bn.h%.p.fa.t-....[e........k....K...U3[3.,;c<p*v......\.),.`8..g.f...|,.8!.......:.w%..m..K./.0..."+%..U...l,!..Vla....1gW-.....ol..f./.Y.....x".(."..^.....i.k'zc.........e.9.@..0hs.4/.\...UW..?.m.X..%..O.s...N..S..{....0.;.f).owu.....yZ...[.h....

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-json-ext.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):17135
                                                                                                                                              Entropy (8bit):7.7352982443766
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:fSw3uFslDvQGOoqdoUFKgvXj9jmHo5+FejOcEDffWPvy:KwJlrQGOdoUFKgvTmn6y
                                                                                                                                              MD5:FDE38932B12FC063451AF6613D4470CC
                                                                                                                                              SHA1:BC08C114681A3AFC05FB8C0470776C3EAE2EEFEB
                                                                                                                                              SHA-256:9967EA3C3D1AEE8DB5A723F714FBA38D2FC26D8553435AB0E1D4E123CD211830
                                                                                                                                              SHA-512:0F211F81101CED5FFF466F2AAB0E6C807BB18B23BC4928FE664C60653C99FA81B34EDF5835FCC3AFFB34B0DF1FA61C73A621DF41355E4D82131F94FCC0B0E839
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........K.\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK........K.\K................org/develnext/jphp/json/..PK........K.\K............ ...org/develnext/jphp/json/classes/..PK........K.\K........5...5...org/develnext/jphp/json/classes/JsonProcessor$1.class..[S.@.....B..E.^.A..\B.C..Uf..":.8!Y.t..$...|.M?./:.....x...C.H3._.....nv......,6...(C"..$.R.c.......*..C.a.a.a.a.a.a.a.a.a.!.eXaXU.5m.?..H.1....i...r..v`.%.wt...Y...#^.t...6.9Ks]N.t..E......O-.......%..M^.G...tFA[.,....../k..{.....U..e.....d..kq.o{f....jf.......o.A..M..P.Om.r\..ns....k1..]._...c.+.;...u.,)R...u...6.!-.Q...h_.C....(,..O..!.M.r...;.... ....io.)^....5*".F!6L[..Fe.J....C..yuO....H............#.uE..}..;.W.\,..5rn=.|&......#<...C..Z..Ok...T..r".L\).]1.a(.J.9..[.$.1E.Y/j?.^:..{4.@S`....%.o...

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-runtime.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1177648
                                                                                                                                              Entropy (8bit):7.91949701328009
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:cP4MBZrpGi4exQ9qdXVd/F/3yy7mgviLzIM:czHMi4eKCd/BzaLcM
                                                                                                                                              MD5:D5EF47C915BEF65A63D364F5CF7CD467
                                                                                                                                              SHA1:F711F3846E144DDDBFB31597C0C165BA8ADF8D6B
                                                                                                                                              SHA-256:9C287472408857301594F8F7BDA108457F6FDAE6E25C87EC88DBF3012E5A98B6
                                                                                                                                              SHA-512:04AEB956BFCD3BD23B540F9AD2D4110BB2FFD25FE899152C4B2E782DAA23A676DF9507078ECF1BFC409DDFBE2858AB4C4C324F431E45D8234E13905EB192BAE8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................php/..PK..........\K................php/runtime/..PK..........\K................php/runtime/annotation/..PK..........\K.~..........0...php/runtime/annotation/Reflection$Abstract.class.PMK.@...W.Xm...b...s..h..%FA<m..l7!....<...Q.[D.P....y..........8h:.u.'.>..4..H.@.WE..b}>..)p...f..e.XQW..H.g..;....O...O..E...Ts6n...b..Knp....?....n.d:!....|O.=.eB,*..#...z......@'yK..'..]~..u.Ieh..9.....J.,#.....S....._&p.vv[@....{.(q-....-F.sUB..6,|A.P.-[.a.....v...PK..........\K.RG=........+...php/runtime/annotation/Reflection$Arg.class.S[SRQ......./].L-%..X.[N..M.8........l.a....C?........p8k}.Z....?~.x...v-.-....W.`X..x...].<..o..JZ.....?...U.....6.W....=.....;P....P$.....:.-a..5.*.J8..N.z........1......m.e}...Z..Y.N...6...N.2..\4.CZS..Q..,..*......*W...i"S5.$...........Qz.r...Cf(. .fo....dZ.lH.M\.q?`.............vh

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-xml-ext.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):20151
                                                                                                                                              Entropy (8bit):7.765220504812666
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:dti5BMxSo4LgAAsJilYcmwPbEM0Av7wGkJXbhS1OaVKD6U2:DqoCgqyIMZwRJLQO5eU2
                                                                                                                                              MD5:0A79304556A1289AA9E6213F574F3B08
                                                                                                                                              SHA1:7EE3BDE3B1777BF65D4F62CE33295556223A26CD
                                                                                                                                              SHA-256:434E57FFFC7DF0B725C1D95CABAFDCDB83858CCB3E5E728A74D3CF33A0CA9C79
                                                                                                                                              SHA-512:1560703D0C162D73C99CEF9E8DDC050362E45209CC8DEA6A34A49E2B6F99AAE462EAE27BA026BDB29433952B6696896BB96998A0F6AC0A3C1DBBB2F6EBC26A7E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........wkVK................org/..PK........wkVK................org/develnext/..PK........wkVK................org/develnext/jphp/..PK........wkVK................org/develnext/jphp/ext/..PK........wkVK................org/develnext/jphp/ext/xml/..PK........wkVK............#...org/develnext/jphp/ext/xml/classes/..PK........wkVKmw.>........@...org/develnext/jphp/ext/xml/classes/WrapDomDocument$Methods.class.R]S.@.=......R...!y!3.}..L...;".5.iS...f..O.....r.l...f$.9{..~.....'.W.q...9...}.NS.U/a...y......e.D".,.%h.pk....|.`BOh.P>..J.|.N...>...C..H...4./....E\.t....M.g..<...|..yC..`...1..k;.l.Vu.u..+.P...ro....N~...g..>..#..X.%...U.........n.fB.C..yw.KQ..;.g}..4..UmW.*E.d...T..P.|....Li..g..2..........8.5.%..Ez..[dw.M.H....pv..I6..p.&A..<gypE......r...i..9.{.@?...?|..Pw.........U.s..h...A....,..cp.K........W,...m..cp...........c<.....cK..;$x.....PK........w

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-zend-ext.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):97358
                                                                                                                                              Entropy (8bit):7.9345189846943915
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:yZwgOueuKZ4THgWvLnhgmmJFgVn+nhEA1ODIrSrUricEDMrV+LAB:yZwgwuKmTDFgmmoVn+mAUhrUicRoAB
                                                                                                                                              MD5:4BC2AEA7281E27BC91566377D0ED1897
                                                                                                                                              SHA1:D02D897E8A8ACA58E3635C009A16D595A5649D44
                                                                                                                                              SHA-256:4AEF566BBF3F0B56769A0C45275EBBF7894E9DDB54430C9DB2874124B7CEA288
                                                                                                                                              SHA-512:DA35BB2F67BCA7527DC94E5A99A162180B2701DDCA2C688D9E0BE69876ACA7C48F192D0F03D431CCD2D8EEC55E0E681322B4F15EBA4DB29EF5557316E8E51E10
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........bkVK................org/..PK........bkVK................org/develnext/..PK........bkVK................org/develnext/jphp/..PK........bkVK................org/develnext/jphp/zend/..PK........ckVK................org/develnext/jphp/zend/ext/..PK........bkVK............!...org/develnext/jphp/zend/ext/json/..PK........bkVK.l.R........4...org/develnext/jphp/zend/ext/json/JsonConstants.class..]o.0......c]...k....!..@..u.4).[mWQ.F,S.Ti:!..K\!q...G!.M.^............;...j.2.8.O..@....dG.....A`...$......A...5..;B[.._.c.B......B`].u...[.J.D.,...f.A=.d..pv.lJ..h...t.s.cX.y...8?...b.g.[..Z.z..<...&..z....j...xiX..s...,...0J.\c..$PQ$..ym.m...x.;&.GwD....u.........".L .:.......~.@....f...tt.$.?..R6.?..I(x&f..pB...'..Ap....c...O.. .h.&q..p........O.~P.e..n..?..p....._a..E".Fi8.dh2...$...h..i..8I}.e.....C..YX....<....._F.*..|E.5.....zW..@.Tx.....+..@..

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\jphp-zip-ext.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):13213
                                                                                                                                              Entropy (8bit):7.627776815487544
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:yXmigootuYzXKKk6BL8UUJY0eP6nHY2AJ4qxivXRp2gFyjSonqKLRM7RbEZ:Km0WzX7k6eJB06HZYwRzFyj0uRM7RbEZ
                                                                                                                                              MD5:20F6F88989E806D23C29686B090F6190
                                                                                                                                              SHA1:1FDB9A66BB5CA587C05D3159829A8780BB66C87D
                                                                                                                                              SHA-256:9D5F06D539B91E98FD277FC01FD2F9AF6FEA58654E3B91098503B235A83ABB16
                                                                                                                                              SHA-512:2798BB1DD0AA121CD766BD5B47D256B1A528E9DB83ED61311FA685F669B7F60898118AE8C69D2A30D746AF362B810B133103CBE426E0293DD2111ACA1B41CCEA
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........1.\K................META-INF/..PK........1.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........1.\K................org/..PK........1.\K................org/develnext/..PK........1.\K................org/develnext/jphp/..PK........1.\K................org/develnext/jphp/ext/..PK........1.\K................org/develnext/jphp/ext/zip/..PK........1.\K............#...org/develnext/jphp/ext/zip/classes/..PK........1.\K..tp....B...6...org/develnext/jphp/ext/zip/classes/PZipException.class.SMo.@.}...../Z.@.iC(.X.....B....*U.....6[.k.vL......B.:.JPER.ffg.}3+....'.....5k....l.f^k..7.W.n.D.7...P&....84.2i.=....4.b..._.Z...R;<T.9W.....T.ok.E7......d)......cq.2..u...{...:../.D%b...:...R.........I....../TMx7a..b..|.Y..m.u8.~.G/.......P...cO...v.{fu.V...].hV..0...8x.......Qq{.%..,.G..i.FVP....w;h..,"....S..pf.1....Q....2f..'<..#.....6....fD.CBs:...K.B.OD..".?.+..l.>ms...y...;.[........YT8Z..8.5.qP.*..,..h./.-.K.....i..S....{...8Z....wpo...-.X..4p

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\accessibility.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):155
                                                                                                                                              Entropy (8bit):4.618267268558291
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:nSkoZgZLXnuWxVEsTwVAAiuKIn7IRAdSPGGzJ0vwQAnfMaAHCRyvy:nBcAPWEwVAkIiSPhwwpkaAHCIa
                                                                                                                                              MD5:9E5E954BC0E625A69A0A430E80DCF724
                                                                                                                                              SHA1:C29C1F37A2148B50A343DB1A4AA9EB0512F80749
                                                                                                                                              SHA-256:A46372B05CE9F40F5D5A775C90D7AA60687CD91AAA7374C499F0221229BF344E
                                                                                                                                              SHA-512:18A8277A872FB9E070A1980EEE3DDD096ED0BBA755DB9B57409983C1D5A860E9CBD3B67E66FF47852FE12324B84D4984E2F13859F65FABE2FF175725898F1B67
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# Load the Java Access Bridge class into the JVM..#..#assistive_technologies=com.sun.java.accessibility.AccessBridge..#screen_magnifier_present=true....

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\calendars.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1438
                                                                                                                                              Entropy (8bit):5.214662998532387
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:QVDpdQYHLOVhl86bePCkHUMCLC9TFcgg+DR+Oby:MQ4LOVh2WGfUMCLC9Zcgg2Ru
                                                                                                                                              MD5:92BA2D87915E6F7F58D43344DF07E1A6
                                                                                                                                              SHA1:872BC54E53377AAC7C7616196BCCE1DB6A3F0477
                                                                                                                                              SHA-256:68F0CF30429A42A6FE78B1DE91970E5C78FD03D1599BEB080C1C196D5C59E4C0
                                                                                                                                              SHA-512:A964E2CEB4D601FAF28ECF13FB11777B70708C21CF9EA23721E462B6E911051108B8A42EBF6447FA49CB61D7FA2D79475F50EE791F1121616371E2B02FAB71B6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..# Japanese imperial calendar..#..# Meiji since 1868-01-01 00:00:00 local time (Gregorian)..# Taisho since 1912-07-30 00:00:00 local time (Gregorian)..# Showa since 1926-12-25 00:00:00 local time (Gregorian)..# Heisei since 1989-01-08 00:00:00 local time (Gregorian)..calendar.japanese.type: LocalGregorianCalendar..calendar.japanese.eras: \...name=Meiji,abbr=M,since=-3218832000000; \...name=Taisho,abbr=T,since=-1812153600000; \...name=Showa,abbr=S,since=-1357603200000; \...name=Heisei,abbr=H,since=600220800000....#..# Taiwanese calendar..# Minguo since 1911-01-01 00:00:00 local time (Gregorian)..calendar.taiwanese.type: LocalGregorianCalendar..calendar.taiwanese.eras: \...name=MinGuo,since=-1830384000000....#..# Thai Buddhist calendar..# Buddhist Era since -5

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\charsets.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3091908
                                                                                                                                              Entropy (8bit):6.633254981822853
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:puZi4j4TQkgaSOHEhjy2twRYEc1sJzlbguMuD:puZiW4smxGocuJlbgq
                                                                                                                                              MD5:0B3923ABB0D48FDAE7A2306717967B39
                                                                                                                                              SHA1:0882294FFEC2769023AA36FF9CC53562F8E26020
                                                                                                                                              SHA-256:E88AEC2A49F07CAC9471D9E4C113FA189600B57245685814D043C20EA8A8B471
                                                                                                                                              SHA-512:CF622081B290140CE8419B30FB25442F7204C9A37E1490030A4D656F66C509946F48C50CC7794DA51007EFB202805605FE3C2AC3534D63FBF928EA35CE16A040
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........s..H................META-INF/....PK........s..H<:S1D...D.......META-INF/MANIFEST.MFManifest-Version: 1.0..Created-By: 1.7.0_07 (Oracle Corporation)....PK...........HUi..............sun/nio/cs/ext/Big5.class.......4."..........t....t............................................................................................................................................................................................................................................................................................................................................................................~.........b2cSBStr...Ljava/lang/String;...ConstantValue...b2cStr...[Ljava/lang/String;...b2c...[[C...b2cSB...[C...b2cInitialized...Z...c2b...c2bIndex...c2bInitialized...<init>...()V...Code...LineNumberTable...historicalName...()Ljava/lang/String;...contains...(Ljava/nio/charset/Charset;)Z...StackMapTable...newDecoder..#()Ljava/nio/charset/CharsetDecoder;...newEncoder..#()Ljava/nio/charset/Ch

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\classlist

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):84355
                                                                                                                                              Entropy (8bit):4.927199323446014
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjD:qxn5rxLyMzbf5OK3CJNG51g86A
                                                                                                                                              MD5:7FC71A62D85CCF12996680A4080AA44E
                                                                                                                                              SHA1:199DCCAA94E9129A3649A09F8667B552803E1D0E
                                                                                                                                              SHA-256:01FE24232D0DBEFE339F88C44A3FD3D99FF0E17AE03926CCF90B835332F5F89C
                                                                                                                                              SHA-512:B0B9B486223CF79CCF9346AAF5C1CA0F9588247A00C826AA9F3D366B7E2EF905AF4D179787DCB02B32870500FD63899538CF6FAFCDD9B573799B255F658CEB1D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:java/lang/Object..java/lang/String..java/io/Serializable..java/lang/Comparable..java/lang/CharSequence..java/lang/Class..java/lang/reflect/GenericDeclaration..java/lang/reflect/AnnotatedElement..java/lang/reflect/Type..java/lang/Cloneable..java/lang/ClassLoader..java/lang/System..java/lang/Throwable..java/lang/Error..java/lang/ThreadDeath..java/lang/Exception..java/lang/RuntimeException..java/lang/SecurityManager..java/security/ProtectionDomain..java/security/AccessControlContext..java/security/SecureClassLoader..java/lang/ClassNotFoundException..java/lang/ReflectiveOperationException..java/lang/NoClassDefFoundError..java/lang/LinkageError..java/lang/ClassCastException..java/lang/ArrayStoreException..java/lang/VirtualMachineError..java/lang/OutOfMemoryError..java/lang/StackOverflowError..java/lang/IllegalMonitorStateException..java/lang/ref/Reference..java/lang/ref/SoftReference..java/lang/ref/WeakReference..java/lang/ref/FinalReference..java/lang/ref/PhantomReference..sun/misc/Cleaner

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\cmm\CIEXYZ.pf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):51236
                                                                                                                                              Entropy (8bit):7.226972359973779
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:2Qnt0y7xFNksbeCqY39JJ8GmaNo68GmaNo68GmaNoW:JOy7xXjtqYNfHxNo6HxNo6HxNoW
                                                                                                                                              MD5:10F23396E21454E6BDFB0DB2D124DB85
                                                                                                                                              SHA1:B7779924C70554647B87C2A86159CA7781E929F8
                                                                                                                                              SHA-256:207D748A76C10E5FA10EC7D0494E31AB72F2BACAB591371F2E9653961321FE9C
                                                                                                                                              SHA-512:F5C5F9FC3C4A940D684297493902FD46F6AA5248D2B74914CA5A688F0BAD682831F6060E2264326D2ECB1F3544831EB1FA029499D1500EA4BFE3B97567FE8444
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...$KCMS....spacXYZ XYZ .........2..acspSUNW....KODA.ODA............................................................................A2B0.......4B2A0.......4cprt.......Gwtpt...T....desc...h....K070........K071........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~.................................................................................................................................................................................................................................................................................................................................. !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmm

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\cmm\GRAY.pf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Sun KCMS color profile 2.0, type KCMS, GRAY/XYZ-mntr device, KODA/GRAY model, 632 bytes, 27-7-95 17:30:15, embedded, relative colorimetric, PCS Z=0xd32b "KODAK Grayscale Conversion - Gamma 1.0"
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):632
                                                                                                                                              Entropy (8bit):3.7843698642539243
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:51AP3fJgXQ531yqQac/lkgz42WlHlYujlOl9Fhl:vA2XQCqpUlkgzulHiXl3hl
                                                                                                                                              MD5:1002F18FC4916F83E0FC7E33DCC1FA09
                                                                                                                                              SHA1:27F93961D66B8230D0CDB8B166BC8B4153D5BC2D
                                                                                                                                              SHA-256:081CAAC386D968ADD4C2D722776E259380DCF78A306E14CC790B040AB876D424
                                                                                                                                              SHA-512:334D932D395B46DFC619576B391F2ADC2617E345AFF032B592C25E333E853735DA8B286EF7542EB19059CDE8215CDCEA147A3419ED56BDD6006CA9918D0618E1
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...xKCMS....mntrGRAYXYZ ._..........acspSUNW....KODAGRAY.......................+....................................................cprt.......?desc........dmnd.......`wtpt........kTRC........dmdd.......dtext....COPYRIGHT (c) 1997 Eastman Kodak, All rights reserved...desc.......'KODAK Grayscale Conversion - Gamma 1.0..................@...............~.......................~.......~..............desc........KODAK..................@..................................................,...,....XYZ ...............+curv............desc........Grayscale..................@..................................................,...,....

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\cmm\LINEAR_RGB.pf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:color profile 2.0, type KCMS, RGB/XYZ-mntr device by KODK, 1044 bytes, 2-2-1998, PCS Z=0xd32c "linear sRGB"
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1044
                                                                                                                                              Entropy (8bit):6.510788634170065
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:zwuau/7De0/q98EAsBIMD/WvaKIV4R0/lCAEdD0WlV9AEdwKKt/n3knR3lfR/NHD:zw7ePB/rEAsBIkVuUlAYKu/nUnKw
                                                                                                                                              MD5:A387B65159C9887265BABDEF9CA8DAE5
                                                                                                                                              SHA1:7913274C2F73BAFCF888F09FF60990B100214EDE
                                                                                                                                              SHA-256:712036AA1951427D42E3E190E714F420CA8C2DD97EF01FCD0675EE54B920DB46
                                                                                                                                              SHA-512:359D9B57215855F6794E47026C06036B93710998205D0817C6E602B2A24DAEB92537C388F129407461FC60180198F02A236AEB349A17430ED7AC85A1E5F71350
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:....KCMS....mntrRGB XYZ ............acsp........KODK...........................,KODK................................................cprt.......Hdesc...8....rXYZ........gXYZ........bXYZ........rTRC........gTRC........bTRC........wtpt........text....Copyright (c) Eastman Kodak Company, 1998, all rights reserved..desc........linear sRGB............l.i.n.e.a.r. .s.R.G.B.....linear sRGB........................................................XYZ ......m...6.....XYZ ......e........!XYZ ......#B...^...Kcurv........................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..........................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\cmm\PYCC.pf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Sun KCMS color profile 2.0, type KCMS, 3CLR/Lab-spac device, 274474 bytes, 6-11-1996 7:50:04, PCS X=0xf6b3 Z=0xd2f8 "Std Photo YCC Print"
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):274474
                                                                                                                                              Entropy (8bit):7.843290819622709
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:nJleRNRyAnAqNaADEJHeeeeevoAuaiqwV6sg0pUjRVgYgI:nJleRNRpN0j3qhjRC9I
                                                                                                                                              MD5:24B9DEE2469F9CC8EC39D5BDB3901500
                                                                                                                                              SHA1:4F7EED05B8F0EEA7BCDC8F8F7AAEB1925CE7B144
                                                                                                                                              SHA-256:48122294B5C08C69B7FE1DB28904969DCB6EDC9AA5076E3F8768BF48B76204D0
                                                                                                                                              SHA-512:D23CE2623DE400216D249602486F21F66398B75196E80E447143D058A07438919A78AE0ED2DDF8E80D20BD70A635D51C9FB300E9F08A4751E00CD21883B88693
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..0*KCMS....spac3CLRLab .........2..acspSUNW....KODAnone............................................................................A2B0... ...4B2A0...T..f4cprt..-....Gdmnd..-....ndmdd...@...zwtpt........desc.......nK013../@....K019../L....K030../.....K031..0.....K070..0.....K071..0 ....mft2.....................................................K.S.8.....l.....0...3.........U.. .!h".$.%\&.'.)5*y+.,..5/o0.1.3.4E5v6.7.8.:*;S<z=.>.?.A.B,CLDkE.F.G.H.I.K.L!M7NLO`PsQ.R.S.T.U.V.W.X.Y.[.\.].^._%`,a2b8c=dAeEfHgJhLiMjMkMlLmKnIoFpCq@r;s7t1u,v%w.x.y.z.z.{.|.}.~...............p.b.S.C.3.#..............~.j.U.@.+.............t.\.C.*...........r.W.;...........p.R.3..........w.V.6.........l.J.'........v.R.-.......t.N.(.......f.?........v.N.%........U.+.......U.*......z.N."......n.@.......Z.+......o.@.........P. .......\.+.......d.1...........................z.p.f.[.Q.G.=.3.). ........................ .!.".#.$.%.&{'s(k)d*]+U,N-G.@/9021,2%3.4.5.6.7.8.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\cmm\sRGB.pf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Microsoft color profile 2.1, type Lino, RGB/XYZ-mntr device, IEC/sRGB model by HP, 3144 bytes, 9-2-1998 6:49:00 "sRGB IEC61966-2.1"
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3144
                                                                                                                                              Entropy (8bit):7.026867070945169
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:+FflsXlf/lulel4wlwx+6MjnNsvIYWiR5QkyTJbZPHXZ9u6gbVwyKzJgWjU:aN26MT0D5MdtbZPAVwzV0
                                                                                                                                              MD5:1D3FDA2EDB4A89AB60A23C5F7C7D81DD
                                                                                                                                              SHA1:9EAEA0911D89D63E39E95F2E2116EAEC7E0BB91E
                                                                                                                                              SHA-256:2B3AA1645779A9E634744FAF9B01E9102B0C9B88FD6DECED7934DF86B949AF7E
                                                                                                                                              SHA-512:16AAE81ACF757036634B40FB8B638D3EBA89A0906C7F95BD915BC3579E3BE38C7549EE4CD3F344EF0A17834FF041F875B9370230042D20B377C562952C47509B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._.....

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\content-types.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):5824
                                                                                                                                              Entropy (8bit):5.074440246603207
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:6M5VfH+uEMmPDkZeujdJfZUB8BB/+PhPXsOQ71GAXf5lZuU1EbWF7Ycx/AQ12a8T:6M6p4ZeWd1ZUB8BBGPhPXsOQ71GAXBly
                                                                                                                                              MD5:95AE170D90764B3F5E68C72E8C518DDC
                                                                                                                                              SHA1:1939B699D16A5DB3E3F905466222099D7C29285A
                                                                                                                                              SHA-256:A2B31E9CBCEAB296A5E1CF056EFD953CED23B888CD929B0BBE6EB6B53D2BF861
                                                                                                                                              SHA-512:87E970BEAC8141C757D622FC8B6D84FE173EA4B134AFD8E2F979714C1110C3D92F3CE5F2B9DC74804DD37D13AB2A0EDF0FCA242F61CF8ED065AE81B7331F8816
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#sun.net.www MIME content-types table..#..# Property fields:..#..# <description> ::= 'description' '=' <descriptive string>..# <extensions> ::= 'file_extensions' '=' <comma-delimited list, include '.'>..# <image> ::= 'icon' '=' <filename of icon image>..# <action> ::= 'browser' | 'application' | 'save' | 'unknown'..# <application> ::= 'application' '=' <command line template>..#....#..# The "we don't know anything about this data" type(s)...# Used internally to mark unrecognized types...#..content/unknown: description=Unknown Content..unknown/unknown: description=Unknown Data Type....#..# The template we should use for temporary files when launching an application..# to view a document of given type...#..temp.file.template: c:\\temp\\%s....#..# The "real" types...#..application/octet-stream: \...description=Generic Binary Stream;\...file_extensions=.saveme,.dump,.hqx,.arc,.obj,.lib,.bin,.exe,.zip,.gz....application/oda: \...description=ODA Document;\...file_extens

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\currency.data

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4122
                                                                                                                                              Entropy (8bit):3.2585384283455134
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:BlWxFFGFSupi94blATFxjGph5vLC6/w37ZXQTbVm/eVzOBJ:BlWJEi94blAT+ph5vLkApmGqr
                                                                                                                                              MD5:F6258230B51220609A60AA6BA70D68F3
                                                                                                                                              SHA1:B5B95DD1DDCD3A433DB14976E3B7F92664043536
                                                                                                                                              SHA-256:22458853DA2415F7775652A7F57BB6665F83A9AE9FB8BD3CF05E29AAC24C8441
                                                                                                                                              SHA-512:B2DFCFDEBF9596F2BB05F021A24335F1EB2A094DCA02B2D7DD1B7C871D5EECDA7D50DA7943B9F85EDB5E92D9BE6B6ADFD24673CE816DF3960E4D68C7F894563F
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:CurD..........................@C..,M...................... K...C..PF..4@...........R...........C......TF...........M..DL...C.......S..........<M...c...................C...C...A..........hK...C...M.......... O......8...PC...C..........@E...............E..............`.......pX...O...........B...C.......O...D..............,J..........................................@J..............XO..........................................0C...........................O...........................................M.......A...............................................................C...O...................................................................O..........TK...........R...O..............8C...........................P.................. C..............................................`C..........PK...............J......0F..pE...................................Q...............................R.......Q...........c...Q...................................................................................C

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2282861
                                                                                                                                              Entropy (8bit):7.951223313727943
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:ABSxAmHHJwEu4l3Dyz7oQHeNHJJ2aAvfZc:ABEtHHaEuI3Dy3oQH2pFAvW
                                                                                                                                              MD5:2388C4C8D5F95E0379A8997C7C2492F4
                                                                                                                                              SHA1:906BF87EB1D8881ABADBF93A3C4BBA7887CA2A01
                                                                                                                                              SHA-256:A1FD508EACF76645EB0885B243B5DD14239F1E039E8B53ED038226DF91A30539
                                                                                                                                              SHA-512:2CCE11A5F97DF842964B55408FCF1EC84C0CD561E664ABA3A51275EAFE59D7C920FCFD954C527DA4D53ACB191200CC64BF8150A33BCB9B038F36ADB2CC69B1A1
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/oracle/PK...........H................com/oracle/deploy/PK...........H................com/oracle/deploy/update/PK...........H................com/sun/PK...........H................com/sun/applet2/PK...........H................com/sun/applet2/preloader/PK...........H............ ...com/sun/applet2/preloader/event/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/appcontext/PK...........H................com/sun/deploy/association/PK...........H............#...com/sun/deploy/association/utility/PK...........H................com/sun/deploy/cache/PK...........H................com/sun/deploy/config/PK...........H................com/sun/deploy/jardiff/PK...........H................com/sun/deploy/model/PK.....

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\ffjcext.zip

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):14156
                                                                                                                                              Entropy (8bit):5.649187440261259
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:E84SHTDIbZI+R9ufdITe3MPu20DguN9P5YOinvYrJJ0JKP/U8HtK8NJO8lJi8VJb:kld6uQZ9P5dTC7IjZUkPmpaemFqKs8n
                                                                                                                                              MD5:91052ADB799AEF68EA76931997C40CE4
                                                                                                                                              SHA1:19255B8E335C22A171C26148099191708C99EE7A
                                                                                                                                              SHA-256:61D1382375238F90E2E4EE2AF985D978F1409E01B38080E710DF4ACB2897E63B
                                                                                                                                              SHA-512:39BAA49A1CEF533E5D3FFF1A86BC72CB346A6BF1928A9D8B505EBA09A4AB1506400234DE78BDFD925821F0A690B8887BD004A18CC64337DEB666CC2509DEE5DA
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........$..H............'...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/UT....GjW.GjWux.............PK........#..H................{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/UT....GjW.GjWux.............PK........#..H............6...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/UT....GjW.GjWux.............PK........#..H............>...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/UT....GjW.GjWux.............PK........#..H...V........H...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.jsUT....GjW.GjWux.............const gJavaConsole1_8_0_101 = {...id.: "javaconsole1.8.0_101",...mimeType: "application/x-java-applet;jpi-version=1.8.0_101",...install.: function() {...window.addEventListener("load",this.init,false);..},...init.: function() { ...if (navigator.mimeTypes[gJavaConsole1_8_0_101.mimeType]) {....var toolsPopup = document.getElementById("menu_ToolsPopup");.....toolsPopup.addEventListener("popupshowing",gJavaConsole1_8_0_101.enable,false)

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2917
                                                                                                                                              Entropy (8bit):4.838706790124659
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:KaDMJ9TmsHDmDDCDP2un8YzgKe1E13Tstub22tTeF/Qi/WRtAXikTzgaENZzT3JI:KaD+9TmAe29vBotubbt2Oz+ENlbJI
                                                                                                                                              MD5:2EB9117D147BAA0578E4000DA9B29E12
                                                                                                                                              SHA1:3D297ECF3D280D4AA3D1423E885994495243F326
                                                                                                                                              SHA-256:B8D9C69FF7F4832A9B365D4A43CF66DFF9847051752B13EEDF024CAA9C1EF46B
                                                                                                                                              SHA-512:C3F7730767941B3C8F6F53D4686E9F898D1907D978F6D1FA35BA02C3FCD8306335406A5F9ABAA844F27F7AFD9E548810BECB9EC3E6B84888EA5EAC57B6ED6FDB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internal error, unknown message..error.badinst.nojre=Bad installation. No JRE found in configuration file..error.launch.execv=Error encountered while invoking Java Web Start (execv)..error.launch.sysexec=Error encountered while invoking Java Web Start (SysExec) ..error.listener.failed=Splash: sysCreateListenerSocket failed..error.accept.failed=Splash: accept failed..error.recv.failed=Splash: recv failed..error.invalid.port=Splash: didn't revive a valid port..error.read=Read past end of buffer..error.xmlparsing=XML Parsing error: wrong kind of token found..error.splash.exit=Java Web Start splash screen process exiting .....\n..# "Last WinSock Error" means the error message for the last operation that failed...error.winsock=\tLast WinSock Error: ..error.winsock.load=Couldn't load winsock.dll..error.winsock.start

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_de.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with very long lines (1345), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3338
                                                                                                                                              Entropy (8bit):4.919780187496773
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:WvaqyL1nlrDtzh5+VN9JrnjXyv6jq/YgKe1h/KZkCUdr5pAvA1t2CPTOsdIamy:txrj5Snk6+wuir25pAvAv2ITOsd9
                                                                                                                                              MD5:FF9CFEE1ACFCD927253A6E35673F1BB7
                                                                                                                                              SHA1:957E6609A1AF6D06A45A6F7B278BE7625807B909
                                                                                                                                              SHA-256:E130FBD5FA378A380F46F42981F2C97BC152059C27120204AB4DA47079D31513
                                                                                                                                              SHA-512:F42601092436D7AF30CCD81126185232D9D643B195D3D4619AEC451E3E2A60E33E6378E770DD1A4CDF7AB20CB749371665A992CA73D2842A7102F3FB34B6B9EB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=interner Fehler, unbekannte Meldung..error.badinst.nojre=Ung\u00FCltige Installation. Keine JRE in Konfigurationsdatei gefunden..error.launch.execv=Fehler beim Aufrufen von Java Web Start (execv) aufgetreten..error.launch.sysexec=Fehler beim Aufrufen von Java Web Start (SysExec) aufgetreten..error.listener.failed=Startbildschirm: sysCreateListenerSocket nicht erfolgreich..error.accept.failed=Startbildschirm: accept nicht erfolgreich..error.recv.failed=Startbildschirm: recv nicht erfolgreich..error.invalid.port=Startbildschirm: Reaktivierung eines g\u00FCltigen Ports nicht m\u00F6glich..error.read=\u00DCber Pufferende hinaus gelesen..error.xmlparsing=XML-Parsefehler: Falscher Tokentyp gefunden..error.splash.exit=Prozess f\u00FCr Startbildschirm von Java Web Start wird beendet.....\n..# "Last WinSock Error" mean

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_es.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with very long lines (1475), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3632
                                                                                                                                              Entropy (8bit):4.776451902180833
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:KHelXJn5woLUosi30hrleaRSfvlBY0CQ1Z:KHelNTAxFtlE/71Z
                                                                                                                                              MD5:72BDAE07C5D619E5849A97ACC6A1090F
                                                                                                                                              SHA1:9FC8A7A29658AC23A30AB9D655117BB79D08DC3B
                                                                                                                                              SHA-256:821A3452ECB9F29BCEC16C0B39FB668C2CC30C7F7283B34BFC5400040723892B
                                                                                                                                              SHA-512:67F0D1D60012B5598864B68612AA488AF1B5876FF5F347CD98ABCF1E3C0D267CF0354D5085BF12B0A09C6EF124FD0117CD16FCC032DA2B195D45BAB19740BB78
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=Error interno, mensaje desconocido..error.badinst.nojre=Instalaci\u00F3n incorrecta. No se ha encontrado JRE en el archivo de configuraci\u00F3n..error.launch.execv=Se ha encontrado un error al llamar a Java Web Start (execv)..error.launch.sysexec=Se ha encontrado un error al llamar a Java Web Start (SysExec) ..error.listener.failed=Pantalla de Presentaci\u00F3n: fallo de sysCreateListenerSocket..error.accept.failed=Pantalla de Presentaci\u00F3n: fallo de accept..error.recv.failed=Pantalla de Presentaci\u00F3n: fallo de recv..error.invalid.port=Pantalla de Presentaci\u00F3n: no se ha activado un puerto v\u00E1lido..error.read=Lectura m\u00E1s all\u00E1 del final del buffer..error.xmlparsing=Error de an\u00E1lisis de XML: se ha encontrado un tipo de token no v\u00E1lido..error.splash.exit=Saliendo del proceso d

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_fr.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with very long lines (1575), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3441
                                                                                                                                              Entropy (8bit):4.832330268062187
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:KE2CXpRLJDNXQC6tNaEGBlu9hUv5//zEvDiwkISAyHgKe1p6KF/uoYuh1LNRtS0f:KERXlp6tN1VHq1Kt1S4x8Xi
                                                                                                                                              MD5:FFE3CC16616314296C3262B0A0E093CD
                                                                                                                                              SHA1:198DD1C6E6707C10AE74A1C42E8A91C429598F3B
                                                                                                                                              SHA-256:3941736BEF6A8E53D002B6B67ECE4793C2F3F34BCC1ECB271684EB3F73FC4103
                                                                                                                                              SHA-512:CD3A9329F405CA14E11CDBB74D467B31A31530CBF00537B16FB23AEBC6C07EB268E9624FDBC997AA0CF4852DAC288E1D011E2FC392D71E25DBDF52E359BA9D4E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erreur interne, message inconnu..error.badinst.nojre=Installation incorrecte. JRE introuvable dans le fichier de configuration..error.launch.execv=Erreur lors de l'appel de Java Web Start (execv)..error.launch.sysexec=Erreur lors de l'appel de Java Web Start (SysExec) ..error.listener.failed=Accueil : \u00E9chec de sysCreateListenerSocket..error.accept.failed=Accueil : \u00E9chec d'accept..error.recv.failed=Accueil : \u00E9chec de recv..error.invalid.port=Accueil : impossible de r\u00E9activer un port valide..error.read=Lecture apr\u00E8s la fin de tampon..error.xmlparsing=Erreur d'analyse XML : type incorrect de jeton..error.splash.exit=Le processus d'affichage de l'\u00E9cran d'accueil de Java Web Start est en cours de fermeture...\n..# "Last WinSock Error" means the error message for the last operation that

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_it.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with very long lines (1392), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3255
                                                                                                                                              Entropy (8bit):4.7050139579578145
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:KTi+qOaVUVVMsD/B0FN5+eADELDHxhdpHgKe1uo265eLaqMQ6URhmwgFs+ur60:KJBa2VtzeDLDRhd5A26+7RhZgR0
                                                                                                                                              MD5:BF5E5310B2DCF8E8B3697B358AD4446D
                                                                                                                                              SHA1:C746AC1F46F607FA8F971BEA2B6853746A4FB28D
                                                                                                                                              SHA-256:CC9AD73957535011EE2376C23DE2C2597F877ACEBA9173E822EE79AAD3C4E9E6
                                                                                                                                              SHA-512:B6C61D38B0ACC427B9B2F4C19DABD7EACBE8EEA6B973FD31B3555C4C5B3FFAF1CA036B730359346F57223B44CCE79E04A6D06BBC13C6F7DD26ED463776BB6DCC
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=errore interno, messaggio sconosciuto..error.badinst.nojre=Installazione errata. Impossibile trovare il JRE nel file di configurazione..error.launch.execv=Errore durante la chiamata di Java Web Start (execv)..error.launch.sysexec=Errore durante la chiamata di Java Web Start (SysExec) ..error.listener.failed=Apertura: sysCreateListenerSocket non riuscito..error.accept.failed=Apertura: accept non riuscito..error.recv.failed=Apertura: recv non riuscito..error.invalid.port=Apertura: impossibile identificare una porta valida..error.read=Tentativo di lettura dopo la fine del buffer..error.xmlparsing=Errore durante l'analisi XML: trovato un tipo di token errato..error.splash.exit=Uscita dal processo di schermata iniziale di Java Web Start in corso...\n..# "Last WinSock Error" means the error message for the last oper

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_ja.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with very long lines (2924), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):6381
                                                                                                                                              Entropy (8bit):4.5983590678211135
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:Mu7cepcgD8do+O2D+k8/RJFGQcHGqo72hzEflA44CAmIbIC3j5pN/o8woJe:PctgYqhTYzG2O
                                                                                                                                              MD5:D830FC76BDD1975010ECE4C5369DADF8
                                                                                                                                              SHA1:D8CC3F54325142EFA740026E2BC623AFE6F3ACB5
                                                                                                                                              SHA-256:11E886336BA51A9044AB1A87C60CEEE34C29BB724E06A16968D31531A7001064
                                                                                                                                              SHA-512:7B867A50A811FBD7FFDAD0B729CA4501E16386EE5C4940A4CF9A805767CC0D10F7E3BDFD6A60204D79292D778D93E3BD915368AC0E9453BBB1010ADFD9655F0F
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u30A8\u30E9\u30FC\u3001\u4E0D\u660E\u306A\u30E1\u30C3\u30BB\u30FC\u30B8..error.badinst.nojre=\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u304C\u6B63\u3057\u304F\u3042\u308A\u307E\u305B\u3093\u3002\u69CB\u6210\u30D5\u30A1\u30A4\u30EB\u5185\u306BJRE\u304C\u3042\u308A\u307E\u305B\u3093..error.launch.execv=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(execv)..error.launch.sysexec=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(SysExec) ..error.listener.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: sysCreateListenerSocket\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.accept.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: accept\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.recv.fai

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_ko.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with very long lines (2601), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):5744
                                                                                                                                              Entropy (8bit):4.781504394194986
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:GhymCk3kjLqgz9RkfrsEW/p9M32i0HkZr+ywc8b8+/moD7yct070DL70Dm:Dm5kLfIErMbT/44in
                                                                                                                                              MD5:64DE22212EE92F29BCA3ACED72737254
                                                                                                                                              SHA1:C4DBC247043578CCF9CD8DAB652D096703D5B26E
                                                                                                                                              SHA-256:292696C94D5FD0BF2FF4AF9E4D363BFCBE888D2E65BD18A20CF71081FB1C9B0D
                                                                                                                                              SHA-512:CA33C75B66D8B5316B1C3ED41A9A14DD8611A3BB9B26EFDC7F468250696D515CF1E966831975C9ABDC33E9A1C59167FE79BA547592D2A04997E1342433E7B628
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\uB0B4\uBD80 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC54C \uC218 \uC5C6\uB294 \uBA54\uC2DC\uC9C0\uC785\uB2C8\uB2E4...error.badinst.nojre=\uC124\uCE58\uAC00 \uC798\uBABB\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uAD6C\uC131 \uD30C\uC77C\uC5D0\uC11C JRE\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4...error.launch.execv=Java Web Start(execv)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4...error.launch.sysexec=Java Web Start(SysExec)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. ..error.listener.failed=\uC2A4\uD50C\uB798\uC2DC: sysCreateListenerSocket\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.accept.failed=\uC2A4\uD50C\uB798\uC2DC: \uC2B9\uC778\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.r

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_pt_BR.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with very long lines (1319), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3317
                                                                                                                                              Entropy (8bit):4.869662880084367
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:3c6BeKTDcUsLYg9tStwmx+supWBxKy0HgKe1u6K0NCMc6MTNTjtA7NZdlw7ZHAW:3c6fbEf1mxPuUBxKy4va+mZdlw7Z7
                                                                                                                                              MD5:4078691AB22C4F0664856BE0C024A52F
                                                                                                                                              SHA1:6247FC05DE429F65DC4E1356C4715DC51F43B98F
                                                                                                                                              SHA-256:6869B27B12B99C9D169B3E018284BE0F7631DBDF2DDD5F4EA5B1A458736FDFDF
                                                                                                                                              SHA-512:BB02765F69E23C732C790EB994800C83BB8EFE7FF8CE0BCDC475EC5A29CEF5A33A5513AB1A7DC9F0F066B807A0980C41EC0037710873A32BD2952DBED79D24CA
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erro interno, mensagem desconhecida..error.badinst.nojre=Instala\u00E7\u00E3o incorreta. Nenhum JRE encontrado no arquivo de configura\u00E7\u00E3o..error.launch.execv=Erro encontrado ao chamar Java Web Start (execv)..error.launch.sysexec=Erro encontrado ao chamar Java Web Start (SysExec) ..error.listener.failed=Tela Inicial: falha em sysCreateListenerSocket..error.accept.failed=Tela Inicial: falha na fun\u00E7\u00E3o accept..error.recv.failed=Tela Inicial: falha na fun\u00E7\u00E3o recv..error.invalid.port=Tela Inicial: n\u00E3o reativou uma porta v\u00E1lida..error.read=Ler ap\u00F3s o final do buffer..error.xmlparsing=Erro durante o parsing de XML: tipo incorreto de token encontrado..error.splash.exit=Saindo do processamento da tela inicial do Java Web .....\n..# "Last WinSock Error" means the error message

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_sv.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with very long lines (1386), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3441
                                                                                                                                              Entropy (8bit):4.927824210480987
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:KYD1QNsQZ/lmo8ZuLgdBGpv3JRJ/7coh91XlK7Q/vm2QAfO:9D1+sCmapce1KGm2QIO
                                                                                                                                              MD5:81BBDEA4DC9803A6EB78CE7D5CA018ED
                                                                                                                                              SHA1:9AAF012276AD89CE7273CF5F0BE4C95B72D906AB
                                                                                                                                              SHA-256:565B8FF1F31784378884D9D7468FFDFDDA5B001ACB5BB393A5006AC19BE4E67A
                                                                                                                                              SHA-512:310017DD27C91C492188737494DA04CAB241D0BF4E91326AFB4A3F98CBFF78A6C0BBC14EC7E883597E9D506FAA80BA4E9A25B5F46BFD2543850323061E829A84
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internt fel, ok\u00E4nt meddelande..error.badinst.nojre=Felaktig installation. Ingen JRE har hittats i konfigurationsfilen..error.launch.execv=Ett fel intr\u00E4ffade under starten av Java Web Start (execv)..error.launch.sysexec=Ett fel intr\u00E4ffade under starten av Java Web Start (SysExec) ..error.listener.failed=V\u00E4lkomstsk\u00E4rm: sysCreateListenerSocket utf\u00F6rdes inte..error.accept.failed=V\u00E4lkomstsk\u00E4rm: kunde inte accepteras..error.recv.failed=V\u00E4lkomstsk\u00E4rm: kunde inte mottaga..error.invalid.port=V\u00E4lkomstsk\u00E4rm: \u00E5terskapade inte en giltig port..error.read=L\u00E4ste f\u00F6rbi slutet av bufferten..error.xmlparsing=XML-tolkningsfel: fel typ av igenk\u00E4nningstecken hittades..error.splash.exit=Java Web Start - v\u00E4lkomstsk\u00E4rmen avslutas .....\n..# "Last

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_zh_CN.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with very long lines (1857), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4104
                                                                                                                                              Entropy (8bit):5.04197285715923
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:Me7R8zl0Zf4z3X4Gv2hEpeStEKADydYL1WfK0eSm91j7:1R8pOfWHJvOJT1WPtK1j7
                                                                                                                                              MD5:823D1F655440C3912DD1F965A23363FC
                                                                                                                                              SHA1:50B941A38B9C5F565F893E1E0824F7619F51185C
                                                                                                                                              SHA-256:86663DED105B77261C0556468A93BC8666A094B918299A61AF0A8E30F42019C7
                                                                                                                                              SHA-512:1EBF989D2121CF05FFC912B9B228C4D4523763EB1A689EC74568D811C88DCF11032FFC8007BB24DAF7D079B580662B77D94B4B8D71A2E891EF27979FF32CD727
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u9519\u8BEF, \u672A\u77E5\u6D88\u606F..error.badinst.nojre=\u9519\u8BEF\u5B89\u88C5\u3002\u914D\u7F6E\u6587\u4EF6\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u8C03\u7528 Java Web Start (execv) \u65F6\u9047\u5230\u9519\u8BEF..error.launch.sysexec=\u8C03\u7528 Java Web Start (SysExec) \u65F6\u9047\u5230\u9519\u8BEF..error.listener.failed=\u542F\u52A8\u5C4F\u5E55: sysCreateListenerSocket \u5931\u8D25..error.accept.failed=\u542F\u52A8\u5C4F\u5E55: \u63A5\u53D7\u5931\u8D25..error.recv.failed=\u542F\u52A8\u5C4F\u5E55: recv \u5931\u8D25..error.invalid.port=\u542F\u52A8\u5C4F\u5E55: \u672A\u6062\u590D\u6709\u6548\u7AEF\u53E3..error.read=\u8BFB\u53D6\u8D85\u51FA\u7F13\u51B2\u533A\u7ED3\u5C3E..error.xmlparsing=XML \u89E3\u6790\u9519\u8BEF: \u53D1\u73B0\u9519\u8BEF\u7684\u6807\u8BB0\u7C7B\u578B..error.s

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_zh_HK.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3784
                                                                                                                                              Entropy (8bit):5.17620120701776
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                                                                                                                              MD5:4287D97616F708E0A258BE0141504BEB
                                                                                                                                              SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                                                                                                                              SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                                                                                                                              SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\messages_zh_TW.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3784
                                                                                                                                              Entropy (8bit):5.17620120701776
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                                                                                                                              MD5:4287D97616F708E0A258BE0141504BEB
                                                                                                                                              SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                                                                                                                              SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                                                                                                                              SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\splash.gif

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:GIF image data, version 89a, 320 x 139
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):8590
                                                                                                                                              Entropy (8bit):7.910688771816331
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:91m4OqvVyG+LMIcBc2qPjHmxJCCG/h97dIYhOX:9/OqdivcqzjH3tfDE
                                                                                                                                              MD5:249053609EAF5B17DDD42149FC24C469
                                                                                                                                              SHA1:20E7AEC75F6D036D504277542E507EB7DC24AAE8
                                                                                                                                              SHA-256:113B01304EBBF3CC729A5CA3452DDA2093BD8B3DDC2BA29E5E1C1605661F90BE
                                                                                                                                              SHA-512:9C04A20E2FA70E4BCFAC729E366A0802F6F5167EA49475C2157C8E2741C4E4B8452D14C75F67906359C12F1514F9FB7E9AF8E736392AC8434F0A5811F7DDE0CB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:GIF89a@................................................FFF...T..W..V..Is.Kv.W..W..U..Hr.P|.O{.Mx.Gq.Jt.Fo.Fp.V..U..Gp.T..Lw.P|.R..Q~.S..S..Nz.Lw.Hq.Ju.X..V..Lx.It.U..Hs.Ny.Nz.P}.R~.S..R~.R..Q}.Q}.My.Lv.It.O{.Ku.My.Oz.Gp.Gq.Hr.....................WWW.........Ry.uuu............i......ggg...]..................{..y..d..........Sz................s............i...............c............v.....X........r...........]........^........p.....z.........r..Y..l..m...............]................Mu........Qw.Nw.........v.....b..j.......V}.]........d.....k........v........Lu....S|.U{.Oy................W........Lv.U..R}.....Nv.Gp.Nx.Ks....Jr....Hq......V~.T..S~.Z.....Gq.O{.......W..Qz.......Lw.Z.....T...........S~....Lt.Kv....V.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\splash@2x.gif

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:GIF image data, version 89a, 640 x 278
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15276
                                                                                                                                              Entropy (8bit):7.949850025334252
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:onqkbSDLFgIBL0IgyZCE/oIuuemXclVO/HemZ8GbRdziHm6tIclW3ZYvvebtssZn:lKMLWkpgy8sdsnOmEyPLaYoauAdI
                                                                                                                                              MD5:CB81FED291361D1DD745202659857B1B
                                                                                                                                              SHA1:0AE4A5BDA2A6D628FAC51462390B503C99509FDC
                                                                                                                                              SHA-256:9DD5CCD6BDFDAAD38F7D05A14661108E629FDD207FC7776268B566F7941E1435
                                                                                                                                              SHA-512:4A383107AC2D642F4EB63EE7E7E85A8E2F63C67B41CA55EBAE56B52CECFE8A301AAF14E6536553CBC3651519DB5C10FC66588C84C9840D496F5AE980EF2ED2B9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:GIF89a..............................................FFF...W..V..Is.Hr.W..W..U..P|.T..Kv.O{.V..Mx....S..Fp.Jt.Lw.Gp.Gq.Lw.U..T..R..Q~.Fo.Nz.R~.R..Q}.My.Ju.It.Oz.Gp.Nz.Gq.V..Ny.Hq.P|.P}.S..S..S..Q}.Ku.Ku.Hr.Lx.X..Mx.It.U..Is.Hs.T..O{.R~.T..O{.Kv.My.Lv..........i...........]..WWWu...........ggguuut.......................................Ry.......{..............b..........................^..l.................X}....a..{.....c..................v..m........T{.f.....l........X.........................j..U|...........`........j..g..U~........^.....Qz.Jr.Nw.p.....v.....p.....Gp....r..Mt.......y..q.....]..Nv............Tz.Y.....[.....Pw....Ox..............X.....Y..X..W..V..S|............Mx....Mv.Kt.U..Hq.Lv.W.....Mu.i..Q{.Gq.Lt.S~.T..U..Kv................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\splash_11-lic.gif

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:GIF image data, version 89a, 320 x 139
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):7805
                                                                                                                                              Entropy (8bit):7.877495465139721
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:S88k2wenvMs3iHrSI3yy73VWOcaJpGvrrXqJBcqgbf5bD0jmzDBoqCN2IWsyh:SFHhs73n73V4airrXq41Ll3vBmN2YU
                                                                                                                                              MD5:9E8F541E6CEBA93C12D272840CC555F8
                                                                                                                                              SHA1:8DEF364E07F40142822DF84B5BB4F50846CB5E4E
                                                                                                                                              SHA-256:C5578AC349105DE51C1E9109D22C7843AAB525C951E312700C73D5FD427281B9
                                                                                                                                              SHA-512:2AB06CAE68DEC9D92B66288466F24CC25505AF954FA038748D6F294D1CFFB72FCC7C07BA8928001D6C487D1BF71FE0AF1B1AA0F35120E5F6B1B2C209BA596CE2
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:GIF89a@...................................{...........c.....P|.l.....].............Ry.........S{.i.....U~........................uuuV..b........T.....WWW}..R~.......Hr.v..T|.It..........n.............e..f.....].........Hq.`........Y.....i..r.._..l...........]..Y.....v..................s..f.....z.....\........Jr.r.....................i..e.....p.....Y..m........Z..Sz.Ow....Y..Nx.{..w..Jr.T..R}....Pw.Lt.s..`..W..W..Lv...........................................FFF...W..V..Is.Kv.W..W..U..Hr.O{.Mx.Jt.Gq.Fp.Gp.Lw.Fo.U..T..Q~.R..P|.Lw.S..S..Ju.Nz.V..X..V..U..Ny.Hs.My.Ku.My.Q}.R~.P}.Q}.R..S..S..O{.Oz.Lx.Nz.Lv.It.Gp.Gq....ggg.....................S...............S|....Gp........Mw.S~.Px.Nz.Pz.......Lt.Kv.a.....V.....r.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\deploy\splash_11@2x-lic.gif

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:GIF image data, version 89a, 640 x 278
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):12250
                                                                                                                                              Entropy (8bit):7.901446927123525
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:Zzv4QPei/ueMFJ2M4xSGb/xGEyddpTa7Kv9I1BDc3KR3q6xmwJePYueHjAPZKGMr:5vTWvmxSGbkpTaYe1dc3KR3q7wJsOHmu
                                                                                                                                              MD5:3FE2013854A5BDAA488A6D7208D5DDD3
                                                                                                                                              SHA1:D2BFF9BBF7920CA743B81A0EE23B0719B4D057CA
                                                                                                                                              SHA-256:FC39D09D187739E580E47569556DE0D19AF28B53DF5372C7E0538FD26EDB7988
                                                                                                                                              SHA-512:E3048E8E0C22F6B200E5275477309083AA0435C0F33D1994C10CE65A52F357EE7CF7081F85C00876F438DFA1EE59B542D602287EC02EA340BFDF90C0C6ABD548
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:GIF89a.......{.....k......{...........P|.b..V......................Hr.Hq.......................]...........X...........f.............i............R~....u..It.u.....l..T~.......Qz.......^..Q~....i.......b.............Qx.Y..Y.....q..p.....v..............a..U|......T..Y........................^..n........f.....Tz.e..j..f..Ox.p..Y~.Ov.......y..Z..h.....l.....W.....w.....R|.p.....X~.a........Pw.Ks.Ir.......^.....Kt.FFF\........Ox...........W..U..Nw.Mu.W..V..Is.V..Hr.R~.W..W..U..T..O{.Kv.Gp.S..Mx.Lw.Fp.Lw.U..T..Jt.R..Gq.Fo.Ju.My.R..Q}.R~.Nz.Oz.It.Nz.V..V..Gp.Ny.Ku.P|.Ku.Gq.P}.S..Q}.S..S..Is.Lx.U..O{.Hs.T..O{.My.Mx.Kv.Lv............iii...YYY.............xxx........._.....U..Gp.U..Lv.Mw....Oz......S|.S}.Hq.\..Kv....Mv.P{.W..T........Mw.T.....Nz.q..Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\access-bridge-32.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):187736
                                                                                                                                              Entropy (8bit):7.79606817499301
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:9Mxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBgvH6:ONduOJv29amxGiDtonI87aGBgva
                                                                                                                                              MD5:13794986CA59819F6AF7BD70022D7F8F
                                                                                                                                              SHA1:6C5609CD023EB001DC82F1E989D535CD7AD407EE
                                                                                                                                              SHA-256:AF555DD438214DCD68D55EBDDCC0A05BF47DEF0EFD9920E3955D11CC2623628E
                                                                                                                                              SHA-512:2E3C4E76FD911EFF5F6983D6D7FBB0F998E5FB0BFE11921A83AC9F19BFB0C28B157354F1AC790094C354845025AB42F5A921FDDF2A780497431F3912D7D3E518
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........z..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\access-bridge.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):187727
                                                                                                                                              Entropy (8bit):7.7958934328326075
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:aMxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBPlHl:nNduOJv29amxGiDtonI87aGBPlF
                                                                                                                                              MD5:82C16750374D5CCA5FDAA9434BAF8143
                                                                                                                                              SHA1:9B49F07BFB6F4AE73EB9B2FADCAE46E02E31F023
                                                                                                                                              SHA-256:1F0966EBD65544669395E9F490A3D397DCF122D5261566734BB422C68CFE64B8
                                                                                                                                              SHA-512:12A32FBE2A0A824EC33BD6D0A22066C0CB74D13EEBC16622FFE420CD48B4EB5878C981384DEBE30285D6231B3224E5CD2380C22D8C18624E52E5C74B62221661
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\cldrdata.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3860522
                                                                                                                                              Entropy (8bit):7.9670916513081735
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:98304:PI1SwP9utPgTIb0bxSxwF1nNZVdEILeH9IIyYNO4Inwz:PI1HYgkoxSxI9fs4UVIwz
                                                                                                                                              MD5:AE86774D28F1C8270A9BCBD12A9A1865
                                                                                                                                              SHA1:7806C70550F435C2C87D2D15E427E5A9F97774E4
                                                                                                                                              SHA-256:0402FBCB23D381DEDE4DF4228F2D100D8693C5B3BAB885AB5EB98BCC0A269786
                                                                                                                                              SHA-512:2EA1E0372A087915FFFCCA2DEFC817C37BD038B02824BFEC1DA4E881A4C908A93AEB37DAA38840F75BCEAFD02EC09088FE648B0305DA0407E93407EAC770BE63
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.q.B........E..%.).N. e.z.......E..9....E..E.%@...\.\.PK...n..N...Z...PK...........H................sun/text/resources/cldr/aa/FormatData_aa.classmPMO.@.}........(.@..xB....!b,1i8..6X..I.5._.'.....(..".9.yy3.f?..?..`?...*6T.5l....aG......=...mqN.......t...:6g.;`^....d.L..\0.|.b...w&.....c.;...8%H...........RqA.......b. ..p./G......B0..K.Sx6...>4\....Zy.!..".R.N....T....=..c~d.7...3(5.<.....a;F....\....a8@..a.@..d^.]YV"k....U...2'#...rX.K...ue...O....bZ.:CB...jZ.]3...2M.s....3}.ct%.GV..PK...]..d.......PK...........H................sun/text/resources/cldr/af/FormatData_af.classuV.x[W.>...a[y......R.+-..K].I.4..(...b.=....a.h...({..B!...{.U......w../...y...?.;w>.u..w..A.......xE.nFxe.nAx...^.p+.k.^..z.7 ...M.oFx..[...v.3..!.....Bx7.{.nGx/....@x?...."..A..!|....G.>..1..#|....B......A.,...>..../"|...._A.*........o"|.....A...........".

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\dnsns.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):8286
                                                                                                                                              Entropy (8bit):7.790619326925194
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:tX5jIgU7WbMCc0XmHTEIWB7EH+mqcEb+wYtvEmkbKdG:tXZU7WbMoWTFWBAH+BCrEmkh
                                                                                                                                              MD5:7FA7F97FA1CC0CC8ACC37B9DAE4464AE
                                                                                                                                              SHA1:C143646A6DBE2EBDB1FBF69C09793E7F07DBC1F5
                                                                                                                                              SHA-256:36820223C5B9A225DC3FF7C1C3930BDB112F1D9AAB2BEE954FF1A1C1828E2C54
                                                                                                                                              SHA-512:AD9A0E358BE7A765B4A554E6BBE35BDD61A52BCAC9F21915D84C2A1929780150DFDCF0E43121D0E844082B1BB92873ED848ACF9B38FF3C7D826E5D0F5D32C26C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$1.class.S]O.A.=......./@."e.,(>AH.` )..g.......l../j....LD..F_.M.xw.j.....s.{g.~.........d.n...9.0e.N..i.E.......~A.&.H..7....[<.7|....]f_.....r.)W....*~(B....nM..F.Z!.z.....Ye.(...B.3..2.AM0......pO..x.!.#.0U.I.G..Tu.&..L.......e.![.U..;...-.2.6.<.02P..9...R.......la...*.H....!.."-..H..E].Z.k^.W:p.J^s. .x .c..7j>.A..T...TfG...f....!.6zm.p.F..-.q.K.....1.!.w.C+,2..J....0.!C...0Lw...@..s[.cmp%I-.5..o...1.D].]q..4..-.t1...m.q.3.;\....D.+/..../...N....uv...R.|<<.2M...4...O.yz.F*A...).3{.....7....]..g.i..9&m.[.......K_.}.,;)}F..VR.w........|I.+..B.a...F.-C....h......Y...N...t..D.:.<..d..u`..r..B...PK..K.".u.......PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$2.class.

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\jaccess.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):44516
                                                                                                                                              Entropy (8bit):7.905075370162141
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:2YVL1eqfgKbWnXuZ/QvfBPJr+A6tkZQnWn109KqM9jE4z:2KL1eWgfnXuEfJQAdQnWn10kqg3z
                                                                                                                                              MD5:1A33FF1FDD789E655D5E2E99E9E719BD
                                                                                                                                              SHA1:AE88E6000EBD7F547E3C047FC81AE1F65016B819
                                                                                                                                              SHA-256:A23A9A653A261C640703B42839137F8C4BF7650665E62DBDD7D538171BD72516
                                                                                                                                              SHA-512:0451393D805414D6633824F3D18B609F7495324FAB56DF4330E874A8995BD9E0DA567D77DB682D7FD1544CD7E6A3D10745C23DB575035E391B02D6EE4C4362FD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............Z...com/sun/java/accessibility/util/AccessibilityEventMonitor$AccessibilityEventListener.class.Wkp.........5..5..A6`l..C\j.A...eb)..)dm....J+..h...I.&&...L.4.3.$.aH.q.....M...i..m......KNf4.y..~.9g.>.....[p.:....n..p....(........#.D'".ta/.>.D7.|.s.!..f.o......#\w?o...;q..]x....B...~.....t..4>?.#N.1$Aw........;..#j.HJ0%..p...M.5...V[.. ...*......P...).qZ)......a-i...H2.EM..H.2l.H.eX_.>..(..J_..Lj.Z\3G...,...C|.....T..$,.q.OX...[.u..Qg..6..:...iz.q.-.*...:sD@9j.2[..w..I3a.r....cXM..m..}P..J.WU.d`o.nhD.3.=).)..o2..F*...8^k...f)t.........G...e|.....C*K."#.F...,.m.q..I8)....$..x^......e..?..c.D..8..e..7...U..8..dl...rc.s.7d..3...x.....E`.....n/.8.qY......i.~BQ..\.1.K2~.K...s.C.YN...@.Lh...i....PwwW.W...2.z....<%..F..+..xW.e...K.W0...3......J..)S.

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\jfxrt.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):18192143
                                                                                                                                              Entropy (8bit):5.977388717447885
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:ZxJ9lXlkEhZWLyyQSgxv1/FGfnIWkRXe2p0F7tjRozGfVgMS55pU13JbL5xli3d6:ZhLk2bBSgnFGfnhAXLzAeylvi3dGT
                                                                                                                                              MD5:042B3675517D6A637B95014523B1FD7D
                                                                                                                                              SHA1:82161CAF5F0A4112686E4889A9E207C7BA62A880
                                                                                                                                              SHA-256:A570F20F8410F9B1B7E093957BF0AE53CAE4731AFAEA624339AA2A897A635F22
                                                                                                                                              SHA-512:7672D0B50A92E854D3BD3724D01084CC10A90678B768E9A627BAF761993E56A0C6C62C19155649FE9A8CEEABF845D86CBBB606554872AE789018A8B66E5A2B35
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK...........H................META-INF/....PK...........H..>.g...g.......META-INF/MANIFEST.MFManifest-Version: 1.0..Ant-Version: Apache Ant 1.8.2..Created-By: 1.8.0_40-b27 (Oracle Corporation)....PK..........H................com/PK..........H................com/sun/PK........j..H................com/sun/deploy/PK........j..H................com/sun/deploy/uitoolkit/PK........j..H................com/sun/deploy/uitoolkit/impl/PK...........H............!...com/sun/deploy/uitoolkit/impl/fx/PK...........H............$...com/sun/deploy/uitoolkit/impl/fx/ui/PK...........H................com/sun/deploy/uitoolkit/impl/fx/ui/resources/PK...........H............4...com/sun/deploy/uitoolkit/impl/fx/ui/resources/image/PK........}..H................com/sun/glass/PK...........H................com/sun/glass/events/PK...........H................com/sun/glass/ui/PK...........H................com/sun/glass/ui/delegate/PK...........H................com/sun/glass/ui/win/PK..........H................com/su

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\localedata.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1178848
                                                                                                                                              Entropy (8bit):7.964832897711047
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:qLvFVMHxMyEg7+dYmx0nqEdgq2C942bjAHcOveMdDLtHHicwqJM5SznKMWKdk/H2:cF9rYmxQ5tOcOdFwqSYzn0DfYHs4jOBK
                                                                                                                                              MD5:24857AD811CEDA70BD0F087FD28B5B6E
                                                                                                                                              SHA1:707305EB10B1464D40BDEABADE77B80B984A621A
                                                                                                                                              SHA-256:321D646AD29A5B180CA98BB49E81C2C732523B7E5145A3C568766CEC06B2B1CD
                                                                                                                                              SHA-512:A10A340BDB2DE2D0D14ED804F04313D1D4CBD64EF0513A9E54B7FA95FFB05F2123C9095A4B2BFFA4DDF3ADEA9A67E978D26D115A8F5677AE1BD0EE67C416FA5A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........u..H................META-INF/......PK..............PK........u..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............,...sun/text/resources/ar/CollationData_ar.classm..O.A...Y[("...E..Q.....z....M.1A.f....m.n.G|._.WP@.R^T.D._.......b.N.H.....<..!._....!...j...#bCD.U..*.1"6ED.#*[..xp....;.:"....Q..O.'..:....3..5.~.J.~2.8.a.......e/....S....A.#.c.l...<n.ljM%.^.O%.y.w.K.;jD.X...._......,.B'\.;'.K.{...x.G..cL...9^`..x.W..0F....!...P.8&0.)..[..+.e.T.\.+w."g.YW.E...]....[....c....}.(.b..m1n..<`..[,..-&m...C.....W....}..k>y..x.....X K.fY..1.1..L.z.;.K.....n}..4...f0..|6.}..0..X."..+=.........n...6.Y.............l.o..%..w.8Ks..gq......3t/8C.........~<..<.3<....%....0F...(r..1..\5s..UO..jf..L..f...........................!.!.!.!.!.!.a..............................n&..... ..3.76.....#....l.OD......G.../..J.W..*...k5.V..........?.V..6...F...t.....X...X.

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\meta-index

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1511
                                                                                                                                              Entropy (8bit):5.142622776492157
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:EV677x6CFRf08P86xX+4jz98ht4QLlJVzDOFw5DOFFVzDOFvVzDOFz5qlV/FRARV:EE796OfT0OZjzGs6lDitfitigXFqX6Kp
                                                                                                                                              MD5:77ABE2551C7A5931B70F78962AC5A3C7
                                                                                                                                              SHA1:A8BB53A505D7002DEF70C7A8788B9A2EA8A1D7BC
                                                                                                                                              SHA-256:C557F0C9053301703798E01DC0F65E290B0AE69075FB49FCC0E68C14B21D87F4
                                                                                                                                              SHA-512:9FE671380335804D4416E26C1E00CDED200687DB484F770EBBDB8631A9C769F0A449C661CB38F49C41463E822BEB5248E69FD63562C3D8C508154C5D64421935
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..! access-bridge-32.jar..com/sun/java/accessibility/..! access-bridge.jar..com/sun/java/accessibility/..! cldrdata.jar..sun/text..sun/util..# dnsns.jar..META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor..sun/net..! jaccess.jar..com/sun/java/accessibility/..# localedata.jar..sun/text..sun/util..# nashorn.jar..jdk/nashorn..META-INF/services/javax.script.ScriptEngineFactory..jdk/internal..# sunec.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunjce_provider.jar..com/sun/crypto/..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunmscapi.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunpkcs11.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# zipfs.jar..META-INF/services/java.nio.file.spi.FileSystemProvider..com/sun/nio/..# jfxrt.jar..META-INF/INDEX.LIST..com/sun

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\nashorn.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2018860
                                                                                                                                              Entropy (8bit):7.9328569913001905
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:fBkB7GOrPDSz0fHaIU1KDWtHkLs0amlyYu:fBkoOruSHa/4y/FmA
                                                                                                                                              MD5:F3E3E7769994C69DFF6E35EF938443CA
                                                                                                                                              SHA1:758F42C0A03121AD980DC98BE82DCAF790679E79
                                                                                                                                              SHA-256:CF0268FF39D19876BD42BF59E2CE93BB9AA57E5EE98C212BAE0184BD87F2D35A
                                                                                                                                              SHA-512:AB4801E8538B9B84124D2B8C36E64232F16DA686C5FA565C5DE2091C910806A850464F5CCC79C9320DF6F8CB943633FC38FEA63F9E0593A44E3541F15F126951
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........o..H................META-INF/......PK..............PK........o..H................META-INF/MANIFEST.MFm....0.E.&...:..q.0.....W.g(>Z.v..E4,...{o..>1&y...w.0JsV....<..A..M.bs.. ......F|.Y... .Bt.K9...N%.).s.D.qVC.......c?......'..B,k...&.......i?^0...o...PK..\K:x........PK........i..H............6...jdk/internal/dynalink/beans/AbstractJavaLinker$1.class.S.N.Q..N[.mY.".....T......7.%....A...t..n..m........k51.....2..H.51....o..|..9?~~;....9..J.Y.g...5......M%.4......z....=..v.OF"..7.#....-.e......nU...G^ K.a/.BF.....y.....*C.C.^..!.R.eH.....j....aK.M...3].....=..;'.;]j*..>C....#*.:..Z.(.N...JvEX.I.e..A..."j...C....t.C.q..:..>.J1}...z`..v...[.. .QTa..kXeX..'.1O.c..1...x..W..a.....3.Gl.VG8.C.tE5P...rN.&.v.....F.V.{.say.0^~m.....e....VW.B..x.h..u.i.K..F..j.[;;..Z.z.^f.8.q~.nR.n....Q.2..$.)B.$..|.;.....'.&. .j|@.E....FP#....A-..."...b.n.".H/c..Ho..s.I./.X..p...}..]F....SP.L.u."@..$o.9.b.'.!.;X~6..PK..]./.<...H...PK........i..H............K...jdk/internal

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\sunec.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):39771
                                                                                                                                              Entropy (8bit):7.92713480980539
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:ah0EOq/w9b3jpSo40ROLB2CUrQbNVkJBtw6pcZWztpQeA4Uz7NWnZVNB3gX083/z:aJOyw9b3joo4hLB2CUr2yBw6pcMtpS44
                                                                                                                                              MD5:A269905BBB9F7D02BAA24A756E7B09D7
                                                                                                                                              SHA1:82A0F9C5CBC2B79BDB6CFE80487691E232B26F9C
                                                                                                                                              SHA-256:E2787698D746DC25C24D3BE0FA751CEA6267F68B4E972CFC3DF4B4EAC8046245
                                                                                                                                              SHA-512:496841CF49E2BF4EB146632F7D1F09EFA8F38AE99B93081AF4297A7D8412B444B9F066358F0C110D33FEA6AE60458355271D8FDCD9854C02EFB2023AF5F661F6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........r.F................META-INF/MANIFEST.MF..I..H....Q..C.f.X..*b......lz..$..dK6..7U....N.5...... .GT.......[.{a...8#(FI......%Ao==...U%%.QOIjL....'.o../..q.q.!....k..)}..4...@J..~\....@..z0._.*....L....=..z.=?)..%... n......HoY.>?........]....Nz..,..c./........6$.@....1.2.X...`:G.j.S..IP.-X...0..8jk...|.....YF.b..u.9...F\.j......y.*Q.'..2.i.S.D...z.j...a..a..L.o..+v. .!.h..8H...d..R.d1a...A.9........zC..Z_.p.`...).t. ...q.1.......\...RS."..11.C.Y..I...J.(.(x.m..N..('[..C.o....H..].<#.%....CZ....[....Y......g..=.2...........I....qm.-....(..BZF.r8=.C(F...I.."...$W....]...9..0b......]...5.M.....`"."k...k....T\....WZQ.>.8..KF..g[Y.c5.s...U..-c....!v..$.rG......1T....bb.s>..R.w....&8.*NX@o+...~,K..2..yI..._f^.l@..|.....U...^...#.P.u!.#..g@/d.<.../..:..V.[.6B.TG....>.D..R\.k....E.E.O4K..Z....f.,..f......hRW...) X......\M.#!)..H..b..f...w..R....w.=.........PC.#...K..|..d.S..Ms.]4q.....c..f......}.NF^.7d...|.*..^\n.l.D..V......

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\sunjce_provider.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):279427
                                                                                                                                              Entropy (8bit):7.90277234368113
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:E/Ieog0SgEOU8pqHbQpr16jWun5bT1aReAaTFMzpx2Xcpll+PrA3YaRBlLi:E/m9eJsppCLJTURe9TFMrQ0fkUK
                                                                                                                                              MD5:B04074A9FC78DC1409168E1E2D139647
                                                                                                                                              SHA1:54182C904A48364FC572E3A2631DF14823C29CEF
                                                                                                                                              SHA-256:BFAD3FB11E7115AAF34719488551BF3205B2FAFFB38681C7F6BDAD19BB7568C2
                                                                                                                                              SHA-512:E97CA3D53E867E957BF467688F83C53B2FD6FF1EA001B19F03A23096581DC8ADCEC7C1403D164D063B1A437E4BF6FA98E1543626849D4E17E31156CB012F9599
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........aZ.H................META-INF/MANIFEST.MF.|I..V..".?xP...p.#..7.G D.N.......~...)....ic.;..[.k.../3...5.5........O....x....6c4>...].u....h.~2.f,n.O|3.}.|<..._}..o........K..Z.=.$m....>...'....O?...G.>&..)no.......Z=...k..~...O.z....c.|(..9.=..|....q.vc....}..i.3.~.}x...~.?.+..._...}.......|..,.,..&`.s..=.....h...%.g.'~..i......p.;A..B..99{....E..k........)......^IW!.._....+..)....d._0...s......v..R.c.*]..0.C..Z}.....j..O%.I.....J.%..).Q..=..0.J.J...A......%T...$..h.#.N%N.e.ne...=DV.......+.....(..f...yn.P..-...f.ON..d=8-....B.^......S.+........$V`..uz....US..h.8.4^Y-;4.M.+i...dw.9.x..k.]...\u..j{<.....r.....y}.E.....X.~%....zF;.<....+-...X.I.I..]..N`.2.G....c~..J.r.o@..My.(.H,...b.e...5'e./...b;D~.%....};....J....1k5CrO..6....n.....>.t..0a.......,.J./;.q.y...w...J.t&s.2.sYk....1...5..._x.....Q..M.J...N.y3{....R..~.F..V......'z...{|..j5..../.;.NCGG\.....!M...Pfe/l..).zL..9.4....?..o.....}.F..M....~.L.q.] ..x.v..d.]G[...q$.E.o...r.(..

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\sunmscapi.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):32699
                                                                                                                                              Entropy (8bit):7.878192531974338
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:iLy1giOqjU0jNVmOTuDQJD/RpAczsikFfg0y+7aBTS73dyPoXvvKv2PtvHubyKhi:i4giOaU0jNVmOCADZpVsiUf3yua5S7t7
                                                                                                                                              MD5:2249EAC4F859C7BC578AFD2F7B771249
                                                                                                                                              SHA1:76BA0E08C6B3DF9FB1551F00189323DAC8FC818C
                                                                                                                                              SHA-256:A0719CAE8271F918C8613FEB92A7591D0A6E7D04266F62144B2EAB7844D00C75
                                                                                                                                              SHA-512:DB5415BC542F4910166163F9BA34BC33AF1D114A73D852B143B2C3E28F59270827006693D6DF460523E26516CAB351D2EE3F944D715AE86CD12D926D09F92454
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........)..H................META-INF/MANIFEST.MF....X.........ad2....@..%E..M.^.x.. O_dW.5Qi..8.....).aY=.!.Q....g..AM..&0....d.*./#..yM+......g.[.O..$....I?>X9..G......h.]...".y....do.O..2.Y.\^...}+....p2..u.]...V0}....&..a.C...-.....n.....M...M.F..,.....v@...>>|..["J...U7")..#b.oV.a...l.g..e.s..L.D..={.-gLEt.....!/... q....z.J...0.2e...=.....[]{..N...1....Z.....2...I.k...Sy..Qm...{....;.On..!.@..S.IZ..=......Lo.N4..|.j...!.l..G..}.Q....u....ADh.z.w.-..@%.@...!.".R.nHE.P]..J!..E.9Sw.LM7.&...[v..~.P...bp;.....:id.e..o.h..8.C....l...70..].gp..7.<.P.....Zj.....M......-.(@~...M^.....asJ.Y.1.e...(qW..h.c.Iu...-.A..?.5.Ex.S.oc6.).Qkr..+....|..._..H..!7..hs.r.;.z=.....*#.c....6...O+q.I.....|.4.V....Y.T.....4XO..4.>..1.$h..lu..l0..?...w.......o.u....6..)BG'..f......d.v...........<.i..Bj..d..L.....G.r@1.....0..d......'...........*.rK....5x..8.V..9(..Y.`'.k.N....3b.rx.p..c...M_j%..U.z.|Y.1\....d...-I.<g........-.h.*.F...me.F..p.c.o..

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\sunpkcs11.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):250826
                                                                                                                                              Entropy (8bit):7.951088517189604
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:dKtThM4XbBG7v3jUAbE0MEIynrI25ENN/kv1Pv:dKphM4X1G7PjlbE0MxHLbC
                                                                                                                                              MD5:2E33D8F1FBEB9239C6FFC0D36DE772D1
                                                                                                                                              SHA1:3F881E3B34693A96CD3D9E20D6AEABAE98757359
                                                                                                                                              SHA-256:938C497E97E893D0B9325522475AD9FB2C365A4AF832ED180B570C3E4E6FD559
                                                                                                                                              SHA-512:DB9A5B0F269BBFC9CB712D8BF170414D649CD72F0DEECCDC3A4D742430E2E29E203F7E462D2DF8F9EC2C82723A8A56FF8FD409CDCBE66547C798B15370B8DB65
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........mS.F................META-INF/MANIFEST.MF.{.........3.. l@ .G...D.#49A/...........Z.jTUj.{g.\.r..4y...n2.y.........s.UI.4S0=_...*....,..sn..N.p..m..C.....F|{..%Q.....m.v...6.Q.|a.k.?....}...../Q[.6..?.....*..v..P....>..O.:%.E..........o.uS..O..S..Jo....}../.........z.b.....?}_..%pL.y....h.aP.a...1....)..$..IH....v.-..q|..D.z8b..y.<...x..M.K]b=.+.0nSt.co(.-.............C.u..2.W..3...+.....9.d.......L..</..P..z+n..JR;V..K....>...D.....<.....=..+e....>L..`......g.....Os..Ly..T..a.`.}.......Z...R..S...c..z......x.U..)...J.........e..=rr..^K.....hY2.U....e........N.9..r).#!V[..`...B.......CW.}o.q......u7..h0?6.P.14N.-J.\.!u`....H..l...1'J=[.+.-.....X.9.@.......a{C.).Z..P(W.}O...%./..XG=...^..N.enV.F<..oW.|....CJ.....\x..g;v.L.Wf...N.#..*..!.L..:.MD.Vy.z.0.L..72...|.=..eB6(z....#:8D..ig....U....SO.t......0_...>S...}.L.ze....=...k&.[...U^p.$...(........m.z.....~.F..........h......z3<LO.y..4.......w.3.......,W8(..3UF.R.....J)J..q.....Z.d.;

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\ext\zipfs.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):68923
                                                                                                                                              Entropy (8bit):7.950933538093809
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:YNSe2yN5DbD630l1MIeEfqjGWb2LU2j6rnbisZp/u:Ne2yNhDVl1leEP/qn2sZk
                                                                                                                                              MD5:4D507E8D7BBF5ECEC8791CBA57B1CE17
                                                                                                                                              SHA1:A66C0D4648A06B9078252D090D596C91C591AA50
                                                                                                                                              SHA-256:C3993DF765AFF1068A656B28A7A4EDFFE7710AE3B6AA2EA056A6F9C3EDBDC210
                                                                                                                                              SHA-512:21B4E729B16947B31657DC5F7F5C75DCDA9F94B4A0ED414E11A6D02951137AC266D605855DDDA7C21BE0200EA07530962D1ECE2FAE009EAE5F2A1A365195C995
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........b..H................META-INF/......PK..............PK........b..H................META-INF/MANIFEST.MF..;..0...@...uhI.J6-...E.U..-..(I,..m.|Up=..;.B.:.19...Y.Y*8+M.....p,m...F.....?..zRQ..........l....C..]....cO..T.......ds...(.9,...[.~...;.....>....Y.*T6)4. .3..PK.../.?....L...PK........I..H............-...com/sun/nio/zipfs/JarFileSystemProvider.class.U]S.U.~NH.a.@..B.\.!.$.U[.X..J..H..G...$,Mv.....z....9...........Z.d..a.1.y...<..s.y...~....x&c......q..B.`B.......'b.4...'e.1%......i!f../aV.L......B,.XD..KX.......V..^..@....`SD..`[.C._0.'..p.2.EF...SV.3t-.&OW.Yn....i....vx..=..]}O.J.Y.2.m..q.Tmc.Z.....H.arW[[I.7.L...F.k.E&...../.z.J...,U. QD...%....v...".+s.-f.....e..3....."..bvu[..b..Ag.<I7U*.^J..j....~.W\.2....i.j..1C7..:..U.QM.UG.d.c`4.8.Pf..MA.E.;0...1.r..bX..$l>h..%..,h.*..."^=m.90]}.T.}'.&...B;m.-.9.\T....x.p.laD.....#..U.r..P..o...(.a.....`.E.....*1..4-......fT......H.*kN..1....r.Z"7.J+d....B5.'U...e.).!...rt...^.p3..k.8.j.:..k5T....".

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\flavormap.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4005
                                                                                                                                              Entropy (8bit):4.909684349537555
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:5Th0S7zmtRUioj/DUXBZZjM8mcWoe+YfVktH:5h0Iz6Uioj/YXLZjnmdoeDktH
                                                                                                                                              MD5:B0CE9F297D3FEC6325C0C784072908F1
                                                                                                                                              SHA1:DD778A0E5417B9B97187215FFC66D4C14F95FEF0
                                                                                                                                              SHA-256:6DA00C1CBE02909DCD6A75DA51D25DBF49BFD1D779C0B8E57B12E757229FC4A8
                                                                                                                                              SHA-512:4C774BCB9ADE996569C86DD46B3BDB046771AD1BCF9AABB9DB86854C83E18015CBE5DF73DA86EE98E26BA0393F548B1CC09DE60BDA4248EACC4FC833E23B8AB4
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# This properties file is used to initialize the default..# java.awt.datatransfer.SystemFlavorMap. It contains the Win32 platform-..# specific, default mappings between common Win32 Clipboard atoms and platform-..# independent MIME type strings, which will be converted into..# java.awt.datatransfer.DataFlavors...#..# These default mappings may be augmented by specifying the..#..# AWT.DnD.flavorMapFileURL ..#..# property in the appropriate awt.properties file. The specified properties URL..# will be loaded into the SystemFlavorMap...#..# The standard format is:..#..# <native>=<MIME type>..#..# <native> should be a string identifier that the native platform will..# recognize as a valid data format. <MIME type> should specify both a MIME..# primary type and a MIME subtype separated by a '/'. The MIME type may include..# parameters, where each parameter is a key/value pair separated by '=', and..# where each parameter to the MIME type is separated by a ';'...#..# Because SystemFla

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fontconfig.bfc

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:raw G3 (Group 3) FAX
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3670
                                                                                                                                              Entropy (8bit):4.40570512634857
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:IRsY7hGbXWvaBKvKY5csW4BxciETBT5Bxrws+LW/B56JF:At/vaBKvKY5fxci8jMWY
                                                                                                                                              MD5:E0E5428560288E685DBFFC0D2776D4A6
                                                                                                                                              SHA1:2AE70624762C163C8A1533F724AA5A511D8B208E
                                                                                                                                              SHA-256:AAE23ACC42F217A63D675F930D077939765B97E9C528B5659842515CA975111F
                                                                                                                                              SHA-512:C726CC2898399579AFA70ACACE86BEC4369D4541112243E51721568B4D25DCC6C66FA64AC475AFF9BA9DE07A630B24A9F221FA00426AD36845203BA809219E3C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...%.........6.Y.j.{.........+...........6.=.:.-.9.;.<.3...0.4./.2.8.1.5.7......................................................................................................................................... ............... .........................................................................................................................D.C.I.F.A.G.E.B.?.@.>.H...........................................................................................!.".#.$.%.&.'.(.).*.+.+.+.+.+.J.M.U.^.f.e.X.W.d.V.R.\._.`.a.Y.O.Z.P.S.K.Q.N.[.c.L.T.].b.g.j.}...r.q.l.{.z.....p.o.|.s.k.w.~.t.x.v.y.........h.u.i.m.........n.................................................................................................................................................!......."........... .................#.(.-.2.7.<.A.F.K.P.U.[.a.g.m.s.y......................................................... .(.5.;.H.U.d.v...............................*.4.?.H.T.].i.s.~.............................".7.@.J.R.R.^.i

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fontconfig.properties.src

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):10779
                                                                                                                                              Entropy (8bit):5.217016051711063
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:Pj2TlKg7RzPc/mOHUFN5HX/rS8QbWZjjfVpMbtxp8lcR9NN:Pj6Y8NcFzXbWZjj9pSMlcz
                                                                                                                                              MD5:0C1DB7410938A3634BD9928BA2F284CB
                                                                                                                                              SHA1:7EE31F22136E73A2A3D0AAB279199778BAAB06F5
                                                                                                                                              SHA-256:818A718788E5506EBB84F26DE82B6C60E08861876400E9ED3931346174D5D7FB
                                                                                                                                              SHA-512:EE267E59564A077713856A307382D40D0D8DF8E7EC2EF930723B076F5E38446D3B2600D10AC192262F9A3A86D9973CF13A9E90D180818C05A6C7896A5BD7AD19
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# ..# Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....# Version....version=1....# Component Font Mappings....allfonts.chinese-ms936=SimSun..allfonts.chinese-ms936-extb=SimSun-ExtB..allfonts.chinese-gb18030=SimSun-18030..allfonts.chinese-gb18030-extb=SimSun-ExtB..allfonts.chinese-hkscs=MingLiU_HKSCS..allfonts.chinese-ms950-extb=MingLiU-ExtB..allfonts.devanagari=Mangal..allfonts.dingbats=Wingdings..allfonts.lucida=Lucida Sans Regular..allfonts.symbol=Symbol..allfonts.thai=Lucida Sans Regular..allfonts.georgian=Sylfaen....serif.plain.alphabetic=Times New Roman..serif.plain.chinese-ms950=MingLiU..serif.plain.chinese-ms950-extb=MingLiU-ExtB..serif.plain.hebrew=David..serif.plain.japanese=MS Mincho..serif.plain.korean=Batang....serif.bold.alphabetic=Times New Roman Bold..serif.bold.chinese-ms950=PMingLiU..serif.bold.chinese-ms9

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaBrightDemiBold.ttf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,422.Lucida BrightDemiboldLucida Bright Dem
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):75144
                                                                                                                                              Entropy (8bit):6.849420541001734
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:H8Jwt1GIlZ6l0/9tRWhc0x/YxvsTjyIDXCrGU/tlDaKAgKrTLznvzDJIZmjFA0zG:Mwtze9xQcQ/LDaKAgK3LLvzFogbFt5WD
                                                                                                                                              MD5:AF0C5C24EF340AEA5CCAC002177E5C09
                                                                                                                                              SHA1:B5C97F985639E19A3B712193EE48B55DDA581FD1
                                                                                                                                              SHA-256:72CEE3E6DF72AD577AF49C59DCA2D0541060F95A881845950595E5614C486244
                                                                                                                                              SHA-512:6CE87441E223543394B7242AC0CB63505888B503EC071BBF7DB857B5C935B855719B818090305E17C1197DE882CCC90612FB1E0A0E5D2731F264C663EB8DA3F9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........pLTSH$....#.....OS/2p.{........Vcmap.U.z...T...jcvt 8.E.........fpgm..1.........glyf@>.7...l....hdmx..(:...t..1.head.?....T...6hhea.U........$hmtx..ys...... loca..\4........maxp.8......... name..#.........postM.IA.......prepbM.h.......W.............).......).....d. ............................B&H.. . .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaBrightDemiItalic.ttf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc.Lucida BrightDemibold ItalicLucida Bright Demibold Itali
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):75124
                                                                                                                                              Entropy (8bit):6.805969666701276
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:lww80sTGzcKHwxWL0T+qHi/sbA06PoNORsr5sOnD0OyuusGa7bs4J:lwL0i97WL0T+qHA9cOR05FD0Oyup74w
                                                                                                                                              MD5:793AE1AB32085C8DE36541BB6B30DA7C
                                                                                                                                              SHA1:1FD1F757FEBF3E5F5FBB7FBF7A56587A40D57DE7
                                                                                                                                              SHA-256:895C5262CDB6297C13725515F849ED70609DBD7C49974A382E8BBFE4A3D75F8C
                                                                                                                                              SHA-512:A92ADDD0163F6D81C3AEABD63FF5C293E71A323F4AEDFB404F6F1CDE7F84C2A995A30DFEC84A9CAF8FFAF8E274EDD0D7822E6AABB2B0608696A360CABFC866C6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........pLTSH.....#.....OS/2k.{........Vcmap.U.z...T...jcvt =jC.........fpgm..1.........glyf.......h...Jhdmx.......`..1.head..X.......6hhea...;.......$hmtx.b......... loca..\....0....maxp...:...D... name .7]...d....postM..A........prep.C.f....................).......).....d. ............................B&H..!. .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaBrightItalic.ttf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,773.Lucida BrightItalicLucida Bright Itali
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):80856
                                                                                                                                              Entropy (8bit):6.821405620058844
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:jw9ESkPFybxWj1V7zbPUoOPjp85rFqXpLboVklDNTc2Wt:jwZO0xWPTU7l85rFYpLbott
                                                                                                                                              MD5:4D666869C97CDB9E1381A393FFE50A3A
                                                                                                                                              SHA1:AA5C037865C563726ECD63D61CA26443589BE425
                                                                                                                                              SHA-256:D68819A70B60FF68CA945EF5AD358C31829E43EC25024A99D17174C626575E06
                                                                                                                                              SHA-512:1D1F61E371E4A667C90C2CE315024AE6168E47FE8A5C02244DBF3DF26E8AC79F2355AC7E36D4A81D82C52149197892DAED1B4C19241575256BB4541F8B126AE2
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........pLTSH...2..:L....OS/2p.|y.......Vcmap.U.z...T...jcvt F.;.........fpgm..1.........glyf.}.....@....hdmx?..p......1.head.A![.......6hhea.......P...$hmtx3..9...t... loca6..........maxp.......... name...p.......~postM..A...H....prep.......................).......).6...d. ............................B&H.... .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaBrightRegular.ttf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,421.Lucida BrightRegularLucida Bright Regu
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):344908
                                                                                                                                              Entropy (8bit):6.939775499317555
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:oBfQeUG2CCTufrmOufymM8hvFHp277tS9iZFYSATxNm:oNQ3vCCTcaFNJw7tSgYS82
                                                                                                                                              MD5:630A6FA16C414F3DE6110E46717AAD53
                                                                                                                                              SHA1:5D7ED564791C900A8786936930BA99385653139C
                                                                                                                                              SHA-256:0FAAACA3C730857D3E50FBA1BBAD4CA2330ADD217B35E22B7E67F02809FAC923
                                                                                                                                              SHA-512:0B7CDE0FACE982B5867AEBFB92918404ADAC7FB351A9D47DCD9FE86C441CACA4DD4EC22E36B61025092220C0A8730D292DA31E9CAFD7808C56CDBF34ECD05035
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........pLTSHN..U..=....~OS/2...S.......Vcmap..tO...T....cvt =|t>.......tfpgm..1....`....glyf.J.........Jhdmx]......D....head.WD...h...6hhea.j.........$hmtxW.6|........loca............maxp......4.... nameJO....4....rpost..g...8,..M.prep.].O.......T.............).......).....d. .............."....`........B&H..@. ...D.]...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................|...........~.............&.u.z.~.......................O.\.....................:.R.m.......... . . . . " & 0 : D t .!"!&!.".%....................3.b.r.t....... .............&.t.z.~.........................Q.^...................!.@.`.p........ . . . . & 0 9 D t .!"!&!.".%....................3.^.p.t.v.........W.......M......................................................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaSansDemiBold.ttf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:TrueType Font data, 15 tables, 1st "LTSH", 19 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansDemiboldLucida Sa
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):317896
                                                                                                                                              Entropy (8bit):6.869598480468745
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:R5OO1ZjNDE7/MsTJ30otegK4zJwz3UhG5jXsrg2HLzYv7cf0R7o7+WX/ov2DG:bOO11CEo9xzJwljXsrhHQ7cMuX/16
                                                                                                                                              MD5:5DD099908B722236AA0C0047C56E5AF2
                                                                                                                                              SHA1:92B79FEFC35E96190250C602A8FED85276B32A95
                                                                                                                                              SHA-256:53773357D739F89BC10087AB2A829BA057649784A9ACBFFEE18A488B2DCCB9EE
                                                                                                                                              SHA-512:440534EB2076004BEA66CF9AC2CE2B37C10FBF5CC5E0DD8B8A8EDEA25E3613CE8A59FFCB2500F60528BBF871FF37F1D0A3C60396BC740CCDB4324177C38BE97A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........pLTSH_R.a........OS/2...........Vcmapz.$L.......Zcvt ...y...8...hfpgm..1.........glyf......\....hdmx..0A.......hhead..&..:H...6hhea......:....$hmtx.,Z:..:.....loca.~'...T.....maxp......n.... name..=%..n....Kpost$.#...s$..[?prep......d...a..........................................)........2'............'........ ....................".".............0.%...............%...........)....................... ......0 ..............................) ) ) ) ...........................................2.2.2.2.).......................................................'"'"'"1....0.........................................................................................................'.....'...........)..,...&,....#............./&.....&.&.$.....$...$........'....... ....)...."...,.......+.....'....).,.....-)..)................... ..."..................,.........(.........,........................../..2.......+.........,.#) .....................+..).........0......+...............,.,.,......

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaSansRegular.ttf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:TrueType Font data, 18 tables, 1st "GDEF", 19 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansRegularLucida Sans Regu
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):698236
                                                                                                                                              Entropy (8bit):6.892888039120645
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:6obn11t7t7DxT+3+OQ64cctiOAq12ZX/DmfT6R83Sd8uvx7wSnyER4ky+SH/KPKQ:6oTJZzHniOAZ783Sd8uvx7wSnyER4kyI
                                                                                                                                              MD5:B75309B925371B38997DF1B25C1EA508
                                                                                                                                              SHA1:39CC8BCB8D4A71D4657FC92EF0B9F4E3E9E67ADD
                                                                                                                                              SHA-256:F8D877B0B64600E736DFE436753E8E11ACB022E59B5D7723D7D221D81DC2FCDE
                                                                                                                                              SHA-512:9C792EF3116833C90103F27CFD26A175AB1EB11286959F77062893A2E15DE44D79B27E5C47694CBBA734CC05A9A5BEFA72E991C7D60EAB1495AAC14C5CAD901D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:........... GDEF..|.......GPOS.......L...HGSUB.f.........LTSH...........uOS/2.#GQ...,...Vcmap..4........4cvt .y..........fpgm.!&.........glyf. ..........hdmx...M...(...\head..........6hhea...........$hmtx.S........-.loca'.c......-.maxp...Y....... nameW..r........post.&-.........prep.........................).......).....d. ...................{........B&H..@. ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..........................................................................................................".....".~...............E.u.z.~.......................O.\...............................:.R.m.............9.M.T.p.:.[.... . F p . . .!8!.!.".#.#.#!$i%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&.&.&.&.&<&@&B&`&c&f&k'.'.'''K'M'R'V'^'g'.'.'................ .3.....6.<.>.A.D.N.b.r.t......... .........P.......t.z.~

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaTypewriterBold.ttf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc.Lucida Sans TypewriterBoldLucida Sans Typewrite
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):234068
                                                                                                                                              Entropy (8bit):6.901545053424004
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:3BPS7w5KIMtYwqcO3GbA4MJcs2ME9UGQ2n9gM/oD:xVMtgcGGPMJcs4b9gM/4
                                                                                                                                              MD5:A0C96AA334F1AEAA799773DB3E6CBA9C
                                                                                                                                              SHA1:A5DA2EB49448F461470387C939F0E69119310E0B
                                                                                                                                              SHA-256:FC908259013B90F1CBC597A510C6DD7855BF9E7830ABE3FC3612AB4092EDCDE2
                                                                                                                                              SHA-512:A43CF773A42B4CEBF4170A6C94060EA2602D2D7FA7F6500F69758A20DC5CC3ED1793C7CEB9B44CE8640721CA919D2EF7F9568C5AF58BA6E3CF88EAE19A95E796
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........POS/2..........VcmapW......4....cvt .M/.........fpgm..1.........glyf|......@....head.c....L...6hhea...........$hmtx.e.........tloca..h..."....xmaxp......7.... name......7.....post1..%..;h..I.prep.......4... .............3.......3...1.f................+...x.........B&H.. . ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a....................................................................................................................................x...........~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k...................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?.... . . . &

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\fonts\LucidaTypewriterRegular.ttf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc.Lucida Sans TypewriterRegularLucida Sans Typewriter R
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):242700
                                                                                                                                              Entropy (8bit):6.936925430880877
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:VwzZsJcCrn271g+UGFDUnrrHqMyBtlc3+fzx5R1zeqZdDgfSkecUfEDpEXzSyPMx:GWcCrn2C46Ak+naqaucYEDpEX3gZoO9
                                                                                                                                              MD5:C1397E8D6E6ABCD727C71FCA2132E218
                                                                                                                                              SHA1:C144DCAFE4FAF2E79CFD74D8134A631F30234DB1
                                                                                                                                              SHA-256:D9D0AAB0354C3856DF81AFAC49BDC586E930A77428CB499007DDE99ED31152FF
                                                                                                                                              SHA-512:DA70826793C7023E61F272D37E2CC2983449F26926746605C550E9D614ACBF618F73D03D0C6351B9537703B05007CD822E42E6DC74423CB5CC736B31458D33B1
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........POS/2...s.......`cmap..Rh...<....cvt m......@...<fpgm..1....|....glyf..;}...8....head.,j..2L...6hhea......2....$hmtx.....2.....loca.PB...H(....maxp.z....].... namex.R...].....post...Q..ax..I.prep.UJ....\.................).......).....d. ..............{.............B&H..@. ...D.\...... ........=..... ......................................................................................... !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..................................................................................................................~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k.........................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?..

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\hijrah-config-umalqura.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):14331
                                                                                                                                              Entropy (8bit):3.512673497574481
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:W6Zh/3dzz8XIrN2r1CdaqRWtHwBWgvw0Jy/ArUsJzu0HI:W6jhGIwxCdaqWQBWgvw0JyorBJzu0o
                                                                                                                                              MD5:6E378235FB49F30C9580686BA8A787AA
                                                                                                                                              SHA1:2FC76D9D615A35244133FC01AB7381BA49B0B149
                                                                                                                                              SHA-256:B4A0C0A98624C48A801D8EA071EC4A3D582826AC9637478814591BC6EA259D4A
                                                                                                                                              SHA-512:58558A1F8D9D3D6F0E21B1269313FD6AC9A80A93CC093A5E8CDEC495855FCD2FC95A6B54FE59E714E89D9274654BB9C1CD887B3FB9D4B9D9C50E5C5983C571B8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# This properties file defines a Hijrah calendar variant...#..# Fields:..#..# <version> ::= 'version' '=' <version string>..# <id> ::= 'id' '=' <id string>..# <type> ::= 'type' '=' <type string>..# <iso-start> ::= 'iso-start' '=' <start date in the ISO calendar>..# <year> ::= <yyyy> '=' <nn nn nn nn nn nn nn nn nn nn nn nn>..#..# version ... (Required)..#..# id ... (Required)..# Identifies the Java Chronology..#..# type ... (Required)..# Identifies the type of calendar in the standard calendar ID scheme..# iso-start ... (Required)..# Specifies the corresponding ISO date to the first Hijrah day..# in the defined range of dates..#..# year ... (Required)..# Number of days for each month of a Hijrah year..# * Each line defines a ye

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\i386\jvm.cfg

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):657
                                                                                                                                              Entropy (8bit):4.993355967240905
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:QcwmIzDpneoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoe9B7aEiwoXH3Eoe4Q:QhDpemaoXHIB5foMS1JUqf07f
                                                                                                                                              MD5:9FD47C1A487B79A12E90E7506469477B
                                                                                                                                              SHA1:7814DF0FF2EA1827C75DCD73844CA7F025998CC6
                                                                                                                                              SHA-256:A73AEA3074360CF62ADEDC0C82BC9C0C36C6A777C70DA6C544D0FBA7B2D8529E
                                                                                                                                              SHA-512:97B9D4C68AC4B534F86EFA9AF947763EE61AEE6086581D96CBF7B3DBD6FD5D9DB4B4D16772DCE6F347B44085CEF8A6EA3BFD3B84FBD9D4EF763CEF39255FBCE3
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:# Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# List of JVMs that can be used as an option to java, javac, etc...# Order is important -- first in this list is the default JVM...# NOTE that this both this file and its format are UNSUPPORTED and..# WILL GO AWAY in a future release...#..# You may also select a JVM in an arbitrary location with the..# "-XXaltjvm=<jvm_dir>" option, but that too is unsupported..# and may not be available in a future release...#..-client KNOWN..-server KNOWN..

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\cursors.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1320
                                                                                                                                              Entropy (8bit):5.02145006262851
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:n3lG0Bf4dJ0qEAmG620WKG0WBph8T2AGjGg0kz8lrbfOi7:3E0Bf4qrzrlWzy+ckUfP
                                                                                                                                              MD5:01B94C63BD5E6D094E84FF3AD640FFBF
                                                                                                                                              SHA1:5570F355456250B1EC902375B0257584DB2360AE
                                                                                                                                              SHA-256:52845DEB58038B4375C30B75DD2053726872758C96597C7CC5D6CEF11F42A2BA
                                                                                                                                              SHA-512:816BE2271CF3ECF10EE40E24A288CE302B2810010BEF76EFC0CE5746591955921B70F19005335F485D61A7B216DCCE0B06750831720DD426D07709154D5FAC7A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..#..# Cursors Properties file..#..# Names GIF89 sources for Custom Cursors and their associated HotSpots..#..# Note: the syntax of the property name is significant and is parsed..# by java.awt.Cursor..#..# The syntax is: Cursor.<name>.<geom>.File=win32_<filename>..# Cursor.<name>.<geom>.HotSpot=<x>,<y>..#. Cursor.<name>.<geom>.Name=<localized name>..#..Cursor.CopyDrop.32x32.File=win32_CopyDrop32x32.gif..Cursor.CopyDrop.32x32.HotSpot=0,0..Cursor.CopyDrop.32x32.Name=CopyDrop32x32..#..Cursor.MoveDrop.32x32.File=win32_MoveDrop32x32.gif..Cursor.MoveDrop.32x32.HotSpot=0,0..Cursor.MoveDrop.32x32.Name=MoveDrop32x32..#..Cursor.LinkDrop.32x32.File=win32_LinkDrop32x32.gif..Cursor.LinkDrop.32x32.HotSpot=0,0..Cursor.LinkDrop.32x32.Name=LinkDrop32x32..#..Cursor.CopyNoDrop.32x32.File=win32_CopyNoDrop32x32.gif..Cursor.CopyNoDrop.32x32.HotSpot=6,2..Cursor.CopyNoDrop.32x32.Name=CopyNoDrop32x32..#..Cursor.MoveNoDrop.32x32.File=win32_MoveNoDrop32x32.gif..Cursor.MoveNoDrop.32x32.Ho

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\invalid32x32.gif

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):153
                                                                                                                                              Entropy (8bit):6.2813106319833665
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\win32_CopyDrop32x32.gif

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):165
                                                                                                                                              Entropy (8bit):6.347455736310776
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:CruuU/XExlHrBwM7Qt/wCvTjh2Azr8ptBNKtWwUzJ7Ful5u44JyYChWn:KP0URwMcx3UAzADBNwUlBul5TLYMWn
                                                                                                                                              MD5:89CDF623E11AAF0407328FD3ADA32C07
                                                                                                                                              SHA1:AE813939F9A52E7B59927F531CE8757636FF8082
                                                                                                                                              SHA-256:13C783ACD580DF27207DABCCB10B3F0C14674560A23943AC7233DF7F72D4E49D
                                                                                                                                              SHA-512:2A35311D7DB5466697D7284DE75BABEE9BD0F0E2B20543332FCB6813F06DEBF2457A9C0CF569449C37F371BFEB0D81FB0D219E82B9A77ACC6BAFA07499EAC2F7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:GIF89a.. ................!.......,...... ...vL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.. V..9'......f.T....w.xW.B.....P..;

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):153
                                                                                                                                              Entropy (8bit):6.2813106319833665
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\win32_LinkDrop32x32.gif

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):168
                                                                                                                                              Entropy (8bit):6.465243369905675
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:CruuU/XExlHrZauowM7Qt/wCvTjh2Azr8ptBNKtWwUzJZmQYRNbC1MIQvEn:KP0UpawMcx3UAzADBNwUlZaCzn
                                                                                                                                              MD5:694A59EFDE0648F49FA448A46C4D8948
                                                                                                                                              SHA1:4B3843CBD4F112A90D112A37957684C843D68E83
                                                                                                                                              SHA-256:485CBE5C5144CFCD13CC6D701CDAB96E4A6F8660CBC70A0A58F1B7916BE64198
                                                                                                                                              SHA-512:CF2DFD500AF64B63CC080151BC5B9DE59EDB99F0E31676056CF1AFBC9D6E2E5AF18DC40E393E043BBBBCB26F42D425AF71CCE6D283E838E67E61D826ED6ECD27
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:GIF89a.. ................!.......,...... ...yL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.6.'.....`1]......u.Q.r.V..C......f.P..;

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):153
                                                                                                                                              Entropy (8bit):6.2813106319833665
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\win32_MoveDrop32x32.gif

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):147
                                                                                                                                              Entropy (8bit):6.147949937659802
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:CruuU/XExlHrSauZKwM7Qt/wCvTjh2Azr8ptBNKtWXOh6WoXt2W:KP0UvEKwMcx3UAzADBNXOh6h9p
                                                                                                                                              MD5:CC8DD9AB7DDF6EFA2F3B8BCFA31115C0
                                                                                                                                              SHA1:1333F489AC0506D7DC98656A515FEEB6E87E27F9
                                                                                                                                              SHA-256:12CFCE05229DBA939CE13375D65CA7D303CE87851AE15539C02F11D1DC824338
                                                                                                                                              SHA-512:9857B329ACD0DB45EA8C16E945B4CFA6DF9445A1EF457E4B8B40740720E8C658301FC3AB8BDD242B7697A65AE1436FD444F1968BD29DA6A89725CDDE1DE387B8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:GIF89a.. ................!.......,...... ...dL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj.....-.kj..m.....X,&.......S..;

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):153
                                                                                                                                              Entropy (8bit):6.2813106319833665
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\javafx.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):58
                                                                                                                                              Entropy (8bit):4.4779965120705425
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:CEBqRM9LTAGQdLV6ETEBqRM9LHQIuHPy:CEAsnAbLlszQdy
                                                                                                                                              MD5:3C2B9CCAAD3D986E5874E8C0F82C37CF
                                                                                                                                              SHA1:D1DDA4A2D5D37249C8878437DBF36C6AE61C33D1
                                                                                                                                              SHA-256:D5BCD7D43E383D33B904CFF6C80ACE359DBE2CE2796E51E9743358BD650E4198
                                                                                                                                              SHA-512:4350CCA847D214479C6AE430EB71EE98A220EA10EC175D0AB317A8B43ABC9B4054E41D0FF383F26D593DE825F761FB93704E37292831900F31E5E38167A41BAB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:javafx.runtime.version=8.0.101..javafx.runtime.build=b13..

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\javaws.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):476286
                                                                                                                                              Entropy (8bit):7.905283162751186
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:k4VtaECp5plmgYhuWvHuR9Ta/+Aw7okxygk+W:kUChlHYHMaHw7XxW
                                                                                                                                              MD5:5D8C1723F3005BD63DBA2B478CE15621
                                                                                                                                              SHA1:AB26A6167789DCF81A0C40D121DC91005804C703
                                                                                                                                              SHA-256:B637B78CFC33C92D4838D5FABFD0647CE03C3EF69D86EF6A7E6F229510AAF3B5
                                                                                                                                              SHA-512:9830CCDFE913A492BB4E0015EE3E729BEA8EC1F22EDF48ED7CE2AEFD5376DF24F33948B9155E31EDFA9BC240544406FD2C43A34DD1366E4936B3318D3CA5ED1C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/javaws/PK...........H................com/sun/javaws/exceptions/PK...........H................com/sun/javaws/jnl/PK...........H................com/sun/javaws/net/PK...........H................com/sun/javaws/net/protocol/PK...........H............ ...com/sun/javaws/net/protocol/jar/PK...........H................com/sun/javaws/progress/PK...........H................com/sun/javaws/security/PK...........H................com/sun/javaws/ui/PK...........H................com/sun/javaws/util/PK...........H................com/sun/jnlp/PK...........H................javax/PK...........H................javax/jnlp/PK...........H~p4=........#...com/sun/javaws/BrowserSupport.class.RMO.1.}...].H @.|.|(...P..B.....

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jce.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):114950
                                                                                                                                              Entropy (8bit):7.912507028584016
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:5sNJO+ylt6se6sgU0w/XzGYWuSy15DudYLSfaxwpt5g1naZEqwoJ8sYcF+z/VSG8:aj8GHXZSy1pudYLdQe1ATtKVS+ws9O
                                                                                                                                              MD5:A39F61D6ED2585519D7AF1E2EA029F59
                                                                                                                                              SHA1:52515AC6DEAB634F3495FD724DEA643EE442B8FD
                                                                                                                                              SHA-256:60724D9E372FBE42759349A06D3426380CA2B9162FA01EB2C3587A58A34AD7E0
                                                                                                                                              SHA-512:AC2E9AB749F5365BE0FB8EBD321E8F231D22EAE396053745F047FCBCCF8D3DE2F737D3C37A52C715ADDFBDBD18F14809E8B37B382B018B58A76E063EFBA96948
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........gwHG................META-INF/MANIFEST.MF.Y....Y.C,j.m.,....z..I &1.m....b........D..+.$t......]....h.o......x...~..?..<@....7#n3.......m../\..u..>.....#......~.K..A..x ..../J...xa..,.._...G...?^...{...>.uj.AQ?^h....c_.pc..W....c.A..`....-.~ak.....^.&.......l.......X.kG.~yg..f......Z..b..L|......4....`..}........mG.o.....kU..*;W.HCU....e.....V..,...1Y.z<.n.A.j.....P..S.($,z........uD".9;..q...k.:p3pW......O...(....\.B...2...#.,.;w.q..k0r.el\F.^.!p..$.....}.9..lhf.P..:.E.&Lf..5.7....W.A.....[7.N}..+.J!.9.Gl.... ...rL.B}.Q.,.'.....@...W.ry[Ok&.......o...dp%..2.\.[2.........fB.p..Xd._.lA....xw..`.r..8...o.....ad}-..;...6....e...F.&e\....'...fA.Db.......%.@..^..U...*..q<.Z.K.T...."r.b...7@8.)4..~.4b....Y.q..u..N..|...e.#.I....4c{.....g.R....]......F.fo.F.u.).F.Z]..(.c|s....u.i..8..=..N%....]...)Xj\..t..w..ql..n.....2..u...|x$7YL.M.?..]..W...m^].~...{....I..{......[-..].f....Sc..c..6..kN.>....7x.k..a7S......8..e.w....*......&.;.

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jfr.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):560553
                                                                                                                                              Entropy (8bit):5.781566946934384
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f/m5NwaHkSIJHvWQ6Q7ooMcgH5lY7TQ5cD:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f3
                                                                                                                                              MD5:CCB395235C35C3ACBA592B21138CC6AB
                                                                                                                                              SHA1:29C463AA4780F13E77FB08CC151F68CA2B2958D5
                                                                                                                                              SHA-256:27AD8EA5192EE2D91BA7A0EACE9843CB19F5E145259466158C2F48C971EB7B8F
                                                                                                                                              SHA-512:D4C330741387F62DD6E52B41167CB11ABD8615675FE7E1C14AE05A52F87A348CBC64B56866AE313B2906B33CE98BE73681F769A4A54F6FE9A7D056F88CF9A4E1
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........t..H................META-INF/....PK........t..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........HB.<>^...^...8...com/oracle/jrockit/jfr/client/EventSettingsBuilder.class.......4....5.f..g....f..4.h..4.i..j....f..4.k..l....m..4.n..o....f..4.p..q..r....f....s....t....u....v..w..x..y....z..{....|....}....~.................................#.........................)...................................................eventDefaultSets...Ljava/util/ArrayList;...Signature..DLjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventDefaultSet;>;...settings..ALjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventSetting;>;...eventDescriptorType..2Loracle/jrockit/jfr/openmbean/

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jfr\default.jfc

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):20670
                                                                                                                                              Entropy (8bit):4.627043889535612
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:VOMjUVCEM0Ut0ZINFWbqsZSwOVzx8xyxxxbAJ1muS7khPdyPsXZd2ZhptEgReW82:VONVTVgF9SsTMLA
                                                                                                                                              MD5:47495DA4E7B3AF33F5C3ED1E35AC25AE
                                                                                                                                              SHA1:F6DE88A4C6AE0C14B9F875FB4BC4721A104CB0EE
                                                                                                                                              SHA-256:37D19EAC73DEEB613FBB539AE7E7C99339939EB3EFEC44E9EB45F68426E9F159
                                                                                                                                              SHA-512:74DBEB118575B8881D5B43270EF878162DBDC222AC6D20F04699B2B733427347ABC76D6E82BF7728FCC435129B114E4C75D011FC5DDDEAF5A59E137BBC81F2B9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Continuous" description="Low overhead configuration safe for continuous use in production environments, typically less than 1 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="fals

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jfr\profile.jfc

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):20626
                                                                                                                                              Entropy (8bit):4.626761353117893
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:VeMjUECOwMsUt0ZINFWbqeZSwOVza8ayaxabAJ1duSikhPdyPsXZd2ZhptEgReWL:VeNEg/gF/ZnixLy
                                                                                                                                              MD5:5480BEF2CA99090857E5CBF225C12A78
                                                                                                                                              SHA1:E1F73CA807EC14941656FBE3DB6E5E5D9032041D
                                                                                                                                              SHA-256:5FB0982C99D6BF258335FB43AAAE91919804C573DFD87B51E05C54ADB3C0392B
                                                                                                                                              SHA-512:65FE0D6DA17E62CF29875910EB84D57BC5BB667C753369B4F810028C0995E63C322FAD2EB99658B6C19E11E8D2A40CB11B3C09943EB9C0B88F45626579ECE058
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Profiling" description="Low overhead configuration for profiling, typically around 2 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="false">.. <or>.. <test name="

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jfxswt.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):33932
                                                                                                                                              Entropy (8bit):7.930702746433849
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:xYJfTGikW6VajSe/SA5vN9kqizE48ojVxQYuW+t:xY5TpkK/nFNIzptjVxYHt
                                                                                                                                              MD5:C401E00A5DE0DD9723885CEF9E2F5A44
                                                                                                                                              SHA1:B6735B93811517F062A20869D8A0B57FAEFF6A90
                                                                                                                                              SHA-256:C6574F4763696F2A83028DE143D9ED1C975062BA2D44CC5C91558751FB84BCD6
                                                                                                                                              SHA-512:595B950AD5BFF930654BF7FB996BA222D19B4F175821AB0FD6EC4F54D4B7D62B37757429051D1302BC438AB76350B4CD0A07BA712CAECC79DCDB0C60494B5AB2
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK...........H................META-INF/....PK...........H.E..Z...g.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..x...R.KRSt.*A.-...M.t....4....sR......K..5y.x..PK...........H................javafx/PK...........H................javafx/embed/PK...........H................javafx/embed/swt/PK...........Hj...........%...javafx/embed/swt/CustomTransfer.class.T[S.F.=.MX(..!............8..`h.d....." yd..........4....%..k.N..ka.83..[.....|+...........#.OD..1...1.1.S1....*>..I..TL.....Y..*.S.q.-KAja..6.M.Y7V|.v...e............+...u...Z.....Z......k...O.v.....x..f...M.v...~I....j.N.(.R.... ..n.%).l:.N..,J...-.%.os:.v.K..V.._p.u.l..e...S5...^.....3+.Yy.h.RtGR..y.)..~...g..R.;5K...{.G.*..X.JP....D....8..[3.g...'d.e#Z.|c.j.t..F.w..t.W.j.,K[q.^..E.=M.a..6d.Z..yV.....=..........:.WG.............RA.<......qT...,*.=.....t\......(aI.2.....!..Jp.,..<.x..n.S....N.K.e.W....N.-..`....hmQ.E.fGE..$..n...4I{.......l_.)......?.Z>...t

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jsse.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):633957
                                                                                                                                              Entropy (8bit):6.018176262975427
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:ABoQeW0HKwYGORU+ehqEmke1WEAibVR0GPs4j8GgflXhuuMAjYDTj:Uo40WGdNmpb3DP75
                                                                                                                                              MD5:FD1434C81219C385F30B07E33CEF9F30
                                                                                                                                              SHA1:0B5EE897864C8605EF69F66DFE1E15729CFCBC59
                                                                                                                                              SHA-256:BC3A736E08E68ACE28C68B0621DCCFB76C1063BD28D7BD8FCE7B20E7B7526CC5
                                                                                                                                              SHA-512:9A778A3843744F1FABAD960AA22880D37C30B1CAB29E123170D853C9469DC54A81E81A9070E1DE1BF63BA527C332BB2B1F1D872907F3BDCE33A6898A02FEF22D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........u..H................META-INF/....PK........u..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....E...E...+...com/sun/net/ssl/internal/ssl/Provider.class.......4...............................serialVersionUID...J...ConstantValue.,..c".J-...<init>...()V...Code...LineNumberTable...(Ljava/security/Provider;)V...(Ljava/lang/String;)V...isFIPS...()Z...install...SourceFile...Provider.java......................%com/sun/net/ssl/internal/ssl/Provider...sun/security/ssl/SunJSSE.1.......................................!........*...................)...*............."........*+......................./............."........*+...................3...4.)........................

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\jvm.hprof.txt

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Algol 68 source, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4312
                                                                                                                                              Entropy (8bit):4.756104846669624
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:6VprYJmprYJD9Y3t3qFKPG7hLxVJgdTsfbFfcwQoPv:6HrsursD9Y3t36KPG7HyoBQoX
                                                                                                                                              MD5:AD91D69A4129D31D72FBE288FF967943
                                                                                                                                              SHA1:CB510AFCDBECEA3538C3F841C0440194573DBB65
                                                                                                                                              SHA-256:235A50D958FAEDDE808D071705A6D603F97611F568EEC40D7444984B984A4B18
                                                                                                                                              SHA-512:600BEE4676D26E2CE5B9171582540021509A4D7888C9C7BADC14F0FAD07007E4CE2B4C007A8EB15BD0D977722B8B34442012EA972FFBD72797475A56CDFD86EE
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:.... - Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer..... - Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution..... - Neither the name of Oracle nor the names of its.. contributors may be used to endorse or promote products derived.. from this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS..IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,..THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR..PURP

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\logging.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2514
                                                                                                                                              Entropy (8bit):4.525846572478507
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:/GXieQT8cg6ZGBjn4stbaWUwO61xFMxO9:OXieW8nBjn4x613Mw9
                                                                                                                                              MD5:0AA5D5EFDB4F2B92BEBBEB4160AA808B
                                                                                                                                              SHA1:C6F1B311A4D0790AF8C16C1CA9599D043BA99E90
                                                                                                                                              SHA-256:A3148336160EA7EF451052D1F435F7C9D96EEB738105AC730358EDADA5BD45A2
                                                                                                                                              SHA-512:A52C2B784CF0B01A2AF3066F4BB8E7FD890A86CFD82359A22266341942A25333D4C63BA2C02AA43ADE872357FC9C8BBC60D311B2AF2AD2634D60377A2294AFDD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:############################################################..# .Default Logging Configuration File..#..# You can use a different file by specifying a filename..# with the java.util.logging.config.file system property. ..# For example java -Djava.util.logging.config.file=myfile..############################################################....############################################################..# .Global properties..############################################################....# "handlers" specifies a comma separated list of log Handler ..# classes. These handlers will be installed during VM startup...# Note that these classes must be on the system classpath...# By default we only configure a ConsoleHandler, which will only..# show messages at the INFO and above levels...handlers= java.util.logging.ConsoleHandler....# To also add the FileHandler, use the following line instead...#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler....# Default global

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\management-agent.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):381
                                                                                                                                              Entropy (8bit):4.99308306420453
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:5ji0B4r/Rjiszbdy/oocj+sqX2K5YZ5/CUMQxxi6m4xijgxmzbdGh/4:5ji0GJjiIq1cCvXPA/CUMQxoeocx2K/4
                                                                                                                                              MD5:B608D45DCDD7A4CAD6A63A89A002F683
                                                                                                                                              SHA1:F6E3BB7050C3B1A3BED9B33122C4A98E6B9A810D
                                                                                                                                              SHA-256:52CA96531445B437DCA524CB3714FCD8D70221D37A6B9C80F816713C3040DD0A
                                                                                                                                              SHA-512:407E7CA807826F0E41B085BCA0F54F0134E3B9AC16FA5480EDE02774067DAD46AA07D225BA2981DEC2A7297EA57721EAB8C54E8BED83D352EC6C00ABFDBBF626
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........t..H................META-INF/......PK..............PK........t..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r9....:.$..[).....&.%....E..r.\.E....y...r..PK.....k.......PK..........t..H..............................META-INF/....PK..........t..H...k.....................=...META-INF/MANIFEST.MFPK..........}.........

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\management\jmxremote.access

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4077
                                                                                                                                              Entropy (8bit):4.472483528668558
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:eii7cSoFKfgCe/D4dtQN+wvohSoVGPbPvRZUIpeDMy:eiiISokfXeEk+wQhnMPbnRZR7y
                                                                                                                                              MD5:41B36D832BE39A3CF0F3D7760E55FDCB
                                                                                                                                              SHA1:E706E9BE75604A13DFCC5A96B1720A544D76348B
                                                                                                                                              SHA-256:71A930CBE577CBABB4269650C98D227F739E0D4B9C0B44830DD3D52F5015BE1F
                                                                                                                                              SHA-512:41E6B8639C1CEB3D09D2FDEEEBA89FFA17C4ED8B1AD0DF1E5AB46C4BF178688D5504DC5A3C854226F7DA23DFA0EDAB0D035D6B56495829F43AAA2A7BABEC4273
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:######################################################################..# Default Access Control File for Remote JMX(TM) Monitoring..######################################################################..#..# Access control file for Remote JMX API access to monitoring...# This file defines the allowed access for different roles. The..# password file (jmxremote.password by default) defines the roles and their..# passwords. To be functional, a role must have an entry in..# both the password and the access files...#..# The default location of this file is $JRE/lib/management/jmxremote.access..# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# (See that file for details)..#..# The file format for password and access files is syntactically the same..# as the Properties file format. The syntax is described in the Javadoc..# for java.util.Properties.load...# A typical access file has multiple

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\management\jmxremote.password.template

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2920
                                                                                                                                              Entropy (8bit):4.545881645777106
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:MRSflLrmpop7JN/PgP8KAeoYsnZyhNMVJKWfVStEqwP0pba:Mkv7ngUZYsnRnfYdhE
                                                                                                                                              MD5:5DD28AAF5A06C946DF7B223F33482FDF
                                                                                                                                              SHA1:D09118D402CA3BA625B165ECACE863466D7F4CE9
                                                                                                                                              SHA-256:24674176A4C0E5EEFB9285691764EA06585D90BBDAF5BF40C4220DE7CA3E3175
                                                                                                                                              SHA-512:13C6F37E969A5AECE2B2F938FA8EBF6A72C0C173678A026E77C35871E4AE89404585FB1A3516AE2CA336FC47EAB1F3DD2009123ADBA9C437CD76BA654401CBDF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:# ----------------------------------------------------------------------..# Template for jmxremote.password..#..# o Copy this template to jmxremote.password..# o Set the user/password entries in jmxremote.password..# o Change the permission of jmxremote.password to read-only..# by the owner...#..# See below for the location of jmxremote.password file...# ----------------------------------------------------------------------....##############################################################..# Password File for Remote JMX Monitoring..##############################################################..#..# Password file for Remote JMX API access to monitoring. This..# file defines the different roles and their passwords. The access..# control file (jmxremote.access by default) defines the allowed..# access for each role. To be functional, a role must have an entry..# in both the password and the access files...#..# Default location of this file is $JRE/lib/management/jmx

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\management\management.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):14415
                                                                                                                                              Entropy (8bit):4.623139916889837
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:PLrOKIXaIr8Jzc90OEqfmdbHHHN6pDIdpgzri:PLrOKIXaIgYiOE0mdbHHHNGD4p0+
                                                                                                                                              MD5:054E093240388F0322604619EF643F18
                                                                                                                                              SHA1:6E110C2A5D813013E9C57700BE8B0D17896E950C
                                                                                                                                              SHA-256:BF41D73EAB0DA8222FE24255E1BBF68327FB02B1A4F1E7A81B9C7B539033FFB2
                                                                                                                                              SHA-512:BD60C6271CDEFFFF4563E6E2CF97C176D86F160092D1FFCBE7EEFE714BA75DDC5FB4E848A5FDBE7A1D1510720D92AF6A176A76DE2CC599F27E4BEAE8E692C5D3
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#####################################################################..#.Default Configuration File for Java Platform Management..#####################################################################..#..# The Management Configuration file (in java.util.Properties format)..# will be read if one of the following system properties is set:..# -Dcom.sun.management.jmxremote.port=<port-number>..# or -Dcom.sun.management.snmp.port=<port-number>..# or -Dcom.sun.management.config.file=<this-file>..#..# The default Management Configuration file is:..#..# $JRE/lib/management/management.properties..#..# Another location for the Management Configuration File can be specified..# by the following property on the Java command line:..#..# -Dcom.sun.management.config.file=<this-file>..#..# If -Dcom.sun.management.config.file=<this-file> is set, the port..# number for the management agent can be specified in the config file..# using the following lines:..#..# ################ Management Agen

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\management\snmp.acl.template

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3486
                                                                                                                                              Entropy (8bit):4.4357861198752975
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:MlXHR6+76EX0o8KA0Esns+ek2OrRC9AUE4T7AKQi2r8BKS3GpPsDu0cpUxJAJKk3:M9HRb7l0FAEsnJKmS32X00h
                                                                                                                                              MD5:9D9EC1BB9E357BBFB72B077E4AF5F63F
                                                                                                                                              SHA1:6484B03DBE9687216429D3A6F916773C060E15CE
                                                                                                                                              SHA-256:8B02A29BC61B0F7203DF7CA94140F80D2C6A1138064E0441DFD621CF243A0339
                                                                                                                                              SHA-512:5FE39BBFCA806CE45871A6223D80FA731EFAA5D31C3B97EE055AB77EAF3833342945F39E9858335D9DD358B4B7F984FFADE741452E19B60B8E510AA74AC02C00
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:# ----------------------------------------------------------------------..# Template for SNMP Access Control List File..#..# o Copy this template to snmp.acl..# o Set access control for SNMP support..# o Change the permission of snmp.acl to be read-only..# by the owner...#..# See below for the location of snmp.acl file...# ----------------------------------------------------------------------....############################################################..# SNMP Access Control List File ..############################################################..#..# Default location of this file is $JRE/lib/management/snmp.acl...# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# or by specifying a system property (See that file for details)...#......##############################################################..# File permissions of the snmp.acl file..######################

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\meta-index

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2126
                                                                                                                                              Entropy (8bit):4.970874214349507
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:EE796OfeCiuG2M5tP5iMmC5KOAY2HQii+r4IzteKk:EnEiuGJbP5lmC5KOA3HQii+EIz8Kk
                                                                                                                                              MD5:91AA6EA7320140F30379F758D626E59D
                                                                                                                                              SHA1:3BE2FEBE28723B1033CCDAA110EAF59BBD6D1F96
                                                                                                                                              SHA-256:4AF21954CDF398D1EAE795B6886CA2581DAC9F2F1D41C98C6ED9B5DBC3E3C1D4
                                                                                                                                              SHA-512:03428803F1D644D89EB4C0DCBDEA93ACAAC366D35FC1356CCABF83473F4FEF7924EDB771E44C721103CEC22D94A179F092D1BFD1C0A62130F076EB82A826D7CB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..# charsets.jar..sun/nio..sun/awt..# jce.jar..javax/crypto..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# jfr.jar..oracle/jrockit/..jdk/jfr..com/oracle/jrockit/..! jsse.jar..sun/security..com/sun/net/..! management-agent.jar..@ resources.jar..com/sun/java/util/jar/pack/..META-INF/services/sun.util.spi.XmlPropertiesProvider..META-INF/services/javax.print.PrintServiceLookup..com/sun/corba/..META-INF/services/javax.sound.midi.spi.SoundbankReader..sun/print..META-INF/services/javax.sound.midi.spi.MidiFileReader..META-INF/services/sun.java2d.cmm.CMMServiceProvider..javax/swing..META-INF/services/javax.sound.sampled.spi.AudioFileReader..META-INF/services/javax.sound.midi.spi.MidiDeviceProvider..sun/net..META-INF/services/javax.sound.sampled.spi.AudioFileWriter..com/sun/imageio/..META-INF/services/sun.java2d.pipe.Ren

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\net.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3144
                                                                                                                                              Entropy (8bit):4.858724831876285
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:VBnTRxiW1nTbXMROXX6zcjd6vEzcoZDTzcj8L0zccfbb6wB:VBnvisPMQ6z+zPVzv0zVfvT
                                                                                                                                              MD5:1CBB261944925044B1EE119DC0563D05
                                                                                                                                              SHA1:05F2F63047F4D82F37DFA59153309E53CAA4675C
                                                                                                                                              SHA-256:5BAF75BDD504B2C80FF5B98F929A16B04E9CB06AA8AAE30C144B5B40FEBE0906
                                                                                                                                              SHA-512:C964A92BE25BACF11D20B61365930CAB28517D164D9AE4997651E2B715AA65628E45FA4BD236CCD507C65E5D85A470FD165F207F446186D22AE4BD46A04006E6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:############################################################..# .Default Networking Configuration File..#..# This file may contain default values for the networking system properties...# These values are only used when the system properties are not specified..# on the command line or set programatically...# For now, only the various proxy settings can be configured here...############################################################....# Whether or not the DefaultProxySelector will default to System Proxy..# settings when they do exist...# Set it to 'true' to enable this feature and check for platform..# specific proxy settings..# Note that the system properties that do explicitely set proxies..# (like http.proxyHost) do take precedence over the system settings..# even if java.net.useSystemProxies is set to true... ..java.net.useSystemProxies=false....#------------------------------------------------------------------------..# Proxy configuration for the various protocol handlers...# D

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\plugin.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1012097
                                                                                                                                              Entropy (8bit):7.896417877823185
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:q7jNpf26MPAMSL/wxSz2ijt2eejo+oV3vv:6NVZEaL4xSljt2eHNV3
                                                                                                                                              MD5:54EF6C22FAAAE5850091031763078D37
                                                                                                                                              SHA1:11D40B78BB606E245CB5E17C6DDB08193A34B40E
                                                                                                                                              SHA-256:654B033B1DC315EB9806F0D35ABAF3F25064AC806292ACB2BD818F6B2DF2AD07
                                                                                                                                              SHA-512:10998B6508D5571E1ECE2001C6E561169D3DBD7580A3DE439067D1195FBE85E6BD1729A0874E306234391AF963E1B062050276E1AC0E9C9FA289711738B41B31
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........!..H................META-INF/....PK........ ..H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/uitoolkit/PK...........H................com/sun/deploy/uitoolkit/impl/PK........!..H............"...com/sun/deploy/uitoolkit/impl/awt/PK...........H............#...com/sun/deploy/uitoolkit/impl/text/PK...........H................com/sun/deploy/uitoolkit/ui/PK...........H................com/sun/java/PK...........H................com/sun/java/browser/PK...........H................com/sun/java/browser/plugin2/PK...........H............)...com/sun/java/browser/plugin2/liveconnect/PK...........H............,...com/sun/java/browser/plugin2/liveconnect/v1/PK...........H................netscape/PK...........H................netscape/javascript/PK.........

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\psfont.properties.ja

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2915
                                                                                                                                              Entropy (8bit):5.2172692442941075
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:GgQv18IsTJvuUdEt6u7KeblbhGwQEvzZIE+i+WEi+Iq4fNSg2kv:Gb6Xha1hFGwQEvdh+5g2kv
                                                                                                                                              MD5:A38587427E422D55B012FA3E5C9436D2
                                                                                                                                              SHA1:7BD1B81B39DA78124BE045507E0681E860921DBB
                                                                                                                                              SHA-256:D2C47DE948033ED836B375CCD518CF55333FE11C4CED56BC1CE2FF62114CF546
                                                                                                                                              SHA-512:EA6CA975E9308ED2B3BBCCE91EE61142DAB0067CE8F17CB469929F6136E6B4A968BAC838141D8B38866F9EF5E15E156400859CCCC84FB114214E19556F0DC636
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..#..# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.Japanese PostScript printer property file..#..font.num=16..#..serif=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..monospaced=monospaced..courier=monospaced..dialog=sansserif..dialoginput=monospaced..#..serif.latin1.plain=Times-Roman..serif.latin1.italic=Times-Italic..serif.latin1.bolditalic=Times-BoldItalic..serif.latin1.bold=Times-Bold..#..sansserif.latin1.plain=Helvetica..sansserif.latin1.italic=Helvetica-Oblique..sansserif.latin1.bolditalic=Helvetica-BoldOblique..sansserif.latin1.bold=Helvetica-Bold..#..monospaced.latin1.plain=Courier..monospaced.latin1.italic=Courier-Oblique..monospaced.latin1.bolditalic=Courier-BoldOblique..monospaced.latin1.bold=Courier-Bold..#..serif.x11jis0208.plain=Ryumin-Light-H..serif.x11jis0208.italic=Ryumin-Light-H

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\psfontj2d.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):10716
                                                                                                                                              Entropy (8bit):5.016037435830914
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:Jp22HdiEUEdWUcPeJ7fbdHmcbiLMWNDyZcy57ha1xh3qvfRdIdyJkW:u2HdiEUEdGY1gbD9TKdIdyJkW
                                                                                                                                              MD5:66B3E6770C291FE8CD3240FFBB00DC47
                                                                                                                                              SHA1:88CE9D723A2D4A07FD2032A8B4A742FE323EEC8F
                                                                                                                                              SHA-256:7EA6E05D3B8B51D03C3D6548E709C220541DF0F1AEE2E69B9101C9F051F7C17A
                                                                                                                                              SHA-512:D1B99AA011568AFFA415758C986B427588AE87FE5EB7FC52D519F7167AD46BBFF8B62799F14D8DBC7C55DEB6FF7259445D6E8882CC781D61206ED1B79B688745
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..#..# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.PostScript printer property file for Java 2D printing...#..# WARNING: This is an internal implementation file, not a public file...# Any customisation or reliance on the existence of this file and its..# contents or syntax is discouraged and unsupported...# It may be incompatibly changed or removed without any notice...#..#..font.num=35..#..# Legacy logical font family names and logical font aliases should all..# map to the primary logical font names...#..serif=serif..times=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..dialog=sansserif..dialoginput=monospaced..monospaced=monospaced..courier=monospaced..#..# Next, physical fonts which can be safely mapped to standard postscript fonts..# These keys generally map to a value which is the same as the key, so

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\resources.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3490933
                                                                                                                                              Entropy (8bit):6.067002853185717
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:WX4zfeUcKDQ1toKXiO3fLxqhH3YRazQwIK7XgnyRMvMtMm55HopLKbtJzUkMkOBV:GL
                                                                                                                                              MD5:9A084B91667E7437574236CD27B7C688
                                                                                                                                              SHA1:D8926CC4AA12D6FE9ABE64C8C3CB8BC0F594C5B1
                                                                                                                                              SHA-256:A1366A75454FC0F1CA5A14EA03B4927BB8584D6D5B402DFA453122AE16DBF22D
                                                                                                                                              SHA-512:D603AA29E1F6EEFFF4B15C7EBC8A0FA18E090D2E1147D56FD80581C7404EE1CB9D6972FCF2BD0CB24926B3AF4DFC5BE9BCE1FE018681F22A38ADAA278BF22D73
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK...........H................META-INF/....PK...........H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....$...$.......META-INF/mailcap.default#.# This is a very simple 'mailcap' file.#.image/gif;;..x-java-view=com.sun.activation.viewers.ImageViewer.image/jpeg;;..x-java-view=com.sun.activation.viewers.ImageViewer.text/*;;..x-java-view=com.sun.activation.viewers.TextViewer.text/*;;..x-java-edit=com.sun.activation.viewers.TextEditor.PK...........H..{~2...2.......META-INF/mimetypes.default#.# A simple, old format, mime.types file.#.text/html..html htm HTML HTM.text/plain..txt text TXT TEXT.image/gif..gif GIF.image/ief..ief.image/jpeg..jpeg jpg jpe JPG.image/tiff..tiff tif.

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\rt.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):63602929
                                                                                                                                              Entropy (8bit):5.963369315504544
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:786432:WyfysbZyGp7g85KKwcl0HeJgyll3LTjjA:F0GZTjjA
                                                                                                                                              MD5:EDB5B5B3EF4565E4E86BFFE647FB1AA2
                                                                                                                                              SHA1:11F5B1B2D729309059B1BD1FE2922251D9451D5F
                                                                                                                                              SHA-256:D00351BD39DE7DBF9E9FDBB9EE1FD82189189F9BC82E988B58E1E950D1D4BDC8
                                                                                                                                              SHA-512:05E7F9ED915610B70664EB7CB68F3F0BBA5BD5CF208BBDB54007DA5FF6311A6DDBBF057E0DF5A346C9042333C29E5C766B2C0A686628F8655C2E75061A9179C1
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK...........H................META-INF/....PK...........H.5.%...%.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....Name: javax/swing/JCheckBoxMenuItem.class..Java-Bean: True....Name: javax/swing/JDialog.class..Java-Bean: True....Name: javax/swing/JSlider.class..Java-Bean: True....Name: javax/swing/JTextField.class..Java-Bean: True....Name: javax/swing/JTextPane.class..Java-Bean: True....Name: javax/swing/JTextArea.class..Java-Bean: True....Name: javax/swing/JList.class..Java-Bean: True....Name: javax/swing/JFormattedTextField.class..Java-Bean: True....Name: javax/swing/JApplet.class..Java-Bean: True....Name: javax/swing/JSpinner.class..Java-Bean: True....Name: javax/swing/JLabel.class..Java-Bean

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\US_export_policy.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3026
                                                                                                                                              Entropy (8bit):7.48902128028383
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:9JJweDY2LXQ4lAAldrou1YgH767KWajaHpwrHZt0H9BRJgfHilVVt2+HZ:PCcY26Iou1YgHqK3WJGeHn8fH4VVttHZ
                                                                                                                                              MD5:EE4ED9C75A1AAA04DFD192382C57900C
                                                                                                                                              SHA1:7D69EA3B385BC067738520F1B5C549E1084BE285
                                                                                                                                              SHA-256:90012F900CF749A0E52A0775966EF575D390AD46388C49D512838983A554A870
                                                                                                                                              SHA-512:EAE6A23D2FD7002A55465844E662D7A5E3ED5A6A8BAF7317897E59A92A4B806DD26F2A19B7C05984745050B4FE3FFA30646A19C0F08451440E415F958204137C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........F..C................META-INF/MANIFEST.MFe.Ao.0...;....-K....d..e.&.UM.BJ)..h)E..~..v......nXI;.wTv.7.p,.4.R..!R.6Gu.@.T.f.....1....}..l.<.....9..K.F..4L#.5.@.{Ih...L.-B8y.`..q....{.v....|...K.l..=....]...m..........T.E...Ke.^1...2..Rwz..2.......pI...N..m..H..;..?..PK.............PK........F..C................META-INF/ORACLE_J.SFu.Ko.@...;...c...->H<.j)XDA./f.eYy,Y.-.....Mos.f.....P.!.1).A..x.5Tq(...F.f..(q..p)..Q|n....I...*Q..Y..@.FS..Y...<'........E..++..j..`N...b..P.iS.Z.e.<r.[a.....ct.............. ...Z..X...x...T..44.'.......ok...h../Z..*..._..Z~mK...zh.....a........w..W..G._?..h.l....';+..&w....+..;K.......PK..+.s.4.......PK........F..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4...5440.b3....( ...5.r.....i.I.......s@.E..E.%..y...A...GF`.27.......aK....o

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\blacklist

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4149
                                                                                                                                              Entropy (8bit):5.816047466650347
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:ubCHVyxwEyPEtpuVFWny6NnXjekkMDV6kiPVNXvNhtfx5e6NgyufTMBwtBsv5XHs:ubCHVyxwEyPEtpuV8ny6NnX6kkMDV6kL
                                                                                                                                              MD5:3F5DC1D941E8356CCD04454AC0A7A7D2
                                                                                                                                              SHA1:3698F9AFD870C7959E2D8A0DA0A97B4475554831
                                                                                                                                              SHA-256:C48D57D64ED98F8F174A4F6873F536AE03B41A63F67079D7C2F7140950A1C02E
                                                                                                                                              SHA-512:65319A4EF150884F7E67C6F96085A996C9B32DCF9A539C4EB7AF77B1B46CDD90F1E83446F33DA14467EA37D0628C9411323F5C3D3CEFCF03CBDFA186EEB2BD3C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:# JNLPAppletLauncher applet-launcher.jar..SHA1-Digest-Manifest: 5Bo5/eg892hQ9mgbUW56iDmsp1k=....# 7066583..SHA1-Digest-Manifest: x17xGEFzBRXY2pLtXiIbp8J7U9M=..SHA1-Digest-Manifest: ya6YNTzMCFYUO4lwhmz9OWhhIz8=..SHA1-Digest-Manifest: YwuPyF/KMcxcQhgxilzNybFM2+8=....# 7066809..SHA1-Digest-Manifest: dBKbNW1PZSjJ0lGcCeewcCrYx5g=..SHA1-Digest-Manifest: lTYCkD1wm5uDcp2G2PNPcADG/ds=..SHA1-Digest-Manifest: GKwQJtblDEuSVf3LdC1ojpUJRGg=....# 7186931..SHA1-Digest-Manifest: 0CUppG7J6IL8xHqPCnA377Koahw=..SHA1-Digest-Manifest: 3aJU1qSK6IYmt5MSh2IIIj5G1XE=..SHA1-Digest-Manifest: 8F4F0TXA4ureZbfEXWIFm76QGg4=..SHA1-Digest-Manifest: B1NaDg834Bgg+VE9Ca+tDZOd2BI=..SHA1-Digest-Manifest: bOoQga+XxC3j0HiP552+fYCdswo=..SHA1-Digest-Manifest: C4mtepHAyIKiAjjqOm6xYMo8TkM=..SHA1-Digest-Manifest: cDXEH+bR01R8QVxL+KFKYqFgsR0=..SHA1-Digest-Manifest: cO2ccW2cckTvpR0HVgQa362PyHI=..SHA1-Digest-Manifest: D/TyRle6Sl+CDuBFmdOPy03ERaw=..SHA1-Digest-Manifest: eJfWm86yHp2Oz5U8WrMKbpv6GGA=..SHA1-Digest-Manifest: g3mA5HqcRBlKa

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\blacklisted.certs

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1273
                                                                                                                                              Entropy (8bit):4.167014768533289
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:NPwGDO0uFVW0mSDEYMZ9HWYZj4bJCC8lCEQqkvZq1n4v3CYe:NPrDJuF4oMyYZj4h8lCENq2+e
                                                                                                                                              MD5:BBEBCF13680E71EC2EE562524DA02660
                                                                                                                                              SHA1:C5C005C29A80493F5C31CD7EB629AC1B9C752404
                                                                                                                                              SHA-256:1FBEA394E634630894CF72DE02DF1846F32F3BB2067B3CB596700E4DD923F4B5
                                                                                                                                              SHA-512:B686236EEE055C97A96F5E31A2EE7CE57EED04C2175235CEB19F9F56ABFD22DB6FDCADE8C5D4BA7B656D69E923A1C5844C06DC959A4A915E215FB0ACE377B114
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:Algorithm=SHA-256..14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD..31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133..3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66..450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2..4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE..4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176..5E83124D68D24E8E177E306DF643D5EA99C5A94D6FC34B072F7544A1CABB7C7B..76A45A496031E4DD2D7ED23E8F6FF97DBDEA980BAAC8B0BA94D7EDB551348645..8A1BD21661C60015065212CC98B1ABB50DFD14C872A208E66BAE890F25C448AF..9ED8F9B0E8E42A1656B8E1DD18F42BA42DC06FE52686173BA2FC70E756F207DC..A686FEE577C88AB664D0787ECDFFF035F4806F3DE418DC9E4D516324FFF02083..B8686723E415534BC0DBD16326F9486F85B0B0799BF6639334E61DAAE67F36CD..D24566BF315F4E597D6E381C87119FB4198F5E9E2607F5F4AB362EF7E2E7672F..D3A936E1A7775A45217C8296A1F22AC5631DCDEC45594099E78EEEBBEDCBA967..DF21016B00FC54F9FE3BC8B039911BB216E9162FAD2FD14D990AB96E9

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\cacerts

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Java KeyStore
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):112860
                                                                                                                                              Entropy (8bit):7.58405956263152
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:knYlyRHbLD1Syx011lYcdSmjbDKuaG8QlpzHok0SeHX:knYlyRHrq5dbeO9pLD0SiX
                                                                                                                                              MD5:A2C167C8E0F275B234CB2C2E943781C7
                                                                                                                                              SHA1:2A6B5FBC476EA3A5DDFB4BF1F6CDF0C4DA843BB1
                                                                                                                                              SHA-256:A9263831583DFD58BC3584AA0B13E6CDE43403FB82093329B47BB65A8C701AFB
                                                                                                                                              SHA-512:8A0C2240C603210AE963C6A126D19BF51659FDED2228503BBF2A2662CCB73B0F9E18C020C9E5E2F3449E2F4F0006D68FE15C8FD5D91DEE8A1A6B42A49183BEAA
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........h......digicertassuredidrootca....Wa....X.509....0...0................F...`...090...*.H........0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0...061110000000Z..311110000000Z0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0.."0...*.H.............0.............C.\...`.q....&...... 9(X`......2a<..(........z.....yS\1.*...26v...<...j.!.Ra. ......d..[_.X.5.G.6.k..8>...3../..(......nD.a5...Y..vm..K.+..r.`..5.xU. ...m..I|1.3l"..2Z......9...:r.......1u..}".?.F..(y...W..~......V.......?........_.wO......c0a0...U...........0...U.......0....0...U......E....1-Q...!..m..0...U.#..0...E....1-Q...!..m..0...*.H.....................rszd...rf.2.Bub.......V.....(...`\.LX..=.IEX.5i..G.V.y...g.....<..&, .=.(.._."...e....gI.]..*.&.x.}?+.&5m_...I[.....=%.....o...dh.-..B.....b.Pg.l....k.6...7|.[mz..F`..'..K...g*h....3f....n...c.....%ml...a...&..q......Q.+

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\java.policy

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2515
                                                                                                                                              Entropy (8bit):4.490054643169131
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24:nWjF29ShnQUQH2Hvh4ic1mo6wv1PdOpGLSYLHoQLZQ/1rJ+fSA:n+4AQWxc1tgAFH
                                                                                                                                              MD5:EC90FD04C2890584A16EB24664050C2A
                                                                                                                                              SHA1:C7FE062EAC95909EC6A5EA93F42DDA5E023AD82C
                                                                                                                                              SHA-256:CED51E3926E6B0CFEC8ECAB3B15D296FDCFAE4D32046224814AAAB5FD0FED9C0
                                                                                                                                              SHA-512:8DA494925B3B5AAE69A30A8B5F9732E64EDBAE39C968229D112185E349C410A0F5D1B281A4E44718E0120E910820B15CA878B2ED1CF905DFC6595F1BA34B85D3
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..// Standard extensions get all permissions by default....grant codeBase "file:${{java.ext.dirs}}/*" {.. permission java.security.AllPermission;..};....// default permissions granted to all domains....grant {.. // Allows any thread to stop itself using the java.lang.Thread.stop().. // method that takes no argument... // Note that this permission is granted by default only to remain.. // backwards compatible... // It is strongly recommended that you either remove this permission.. // from this policy file or further restrict it to code sources.. // that you specify, because Thread.stop() is potentially unsafe... // See the API specification of java.lang.Thread.stop() for more.. // information... permission java.lang.RuntimePermission "stopThread";.... // allows anyone to listen on dynamic ports.. permission java.net.SocketPermission "localhost:0", "listen";.... // "standard" properies that

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\java.security

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):27033
                                                                                                                                              Entropy (8bit):4.840685151784295
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:rmLHAEcqrlANbwbqL1AdLAHaPw2kqUTWip+fzIz:rWQaYFqUTWip0kz
                                                                                                                                              MD5:409C132FE4EA4ABE9E5EB5A48A385B61
                                                                                                                                              SHA1:446D68298BE43EB657934552D656FA9AE240F2A2
                                                                                                                                              SHA-256:4D9E5A12B8CAC8B36ECD88468B1C4018BC83C97EB467141901F90358D146A583
                                                                                                                                              SHA-512:7FED286AC9AED03E2DAE24C3864EDBBF812B65965C7173CC56CE622179EB5F872F77116275E96E1D52D1C58D3CDEBE4E82B540B968E95D5DA656AA74AD17400D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# This is the "master security properties file"...#..# An alternate java.security properties file may be specified..# from the command line via the system property..#..# -Djava.security.properties=<URL>..#..# This properties file appends to the master security properties file...# If both properties files specify values for the same key, the value..# from the command-line properties file is selected, as it is the last..# one loaded...#..# Also, if you specify..#..# -Djava.security.properties==<URL> (2 equals),..#..# then that properties file completely overrides the master security..# properties file...#..# To disable the ability to specify an additional properties file from..# the command line, set the key security.overridePropertiesFile..# to false in the master security properties file. It is set to true..# by default.....# In this file, various security properties are set for use by..# java.security classes. This is where users can statically register..# Cryptography Packag

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\javaws.policy

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):103
                                                                                                                                              Entropy (8bit):4.802539000066613
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:RSjGIWgjM0ePFUNaXsIGNDAPVnyzowv:RS6c2PFUsXsIrRqoa
                                                                                                                                              MD5:E0C4EF8B210C0DDFEE01126E1ACA4280
                                                                                                                                              SHA1:F1CC674F447045D668454996D5C3C188884762CD
                                                                                                                                              SHA-256:E5CD7F9FD43084674AA749BC8301F28DE85EEF6D01BD78828F72FA32377A3368
                                                                                                                                              SHA-512:4820074F15520AD099193B27A673499C31544A7279279EFCB6131D53FE997438A96E1C5B386C233385004F7A2FBB775D4CDE3C0272A196B54C0D8EE6CCEF43DF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..grant codeBase "file:${jnlpx.home}/javaws.jar" {.. permission java.security.AllPermission;..};....

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\security\local_policy.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3527
                                                                                                                                              Entropy (8bit):7.521709350514316
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:XWlvuYcIou1YgHqK3WwGjIEwtR88fH4VVKZ:sutuyOqKmw0QtRpH4VVKZ
                                                                                                                                              MD5:57AAAA3176DC28FC554EF0906D01041A
                                                                                                                                              SHA1:238B8826E110F58ACB2E1959773B0A577CD4D569
                                                                                                                                              SHA-256:B8BECC3EF2E7FF7D2165DD1A4E13B9C59FD626F20A26AF9A32277C1F4B5D5BC7
                                                                                                                                              SHA-512:8704B5E3665F28D1A0BC2A063F4BC07BA3C7CD8611E06C0D636A91D5EA55F63E85C6D2AD49E5D8ECE267D43CA3800B3CD09CF369841C94D30692EB715BB0098E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........H..C................META-INF/MANIFEST.MF...o.0...;....-..N.I.._..!S..^L..v+....~....K.....9.......-.qLc,.P.N..%QG.b....n...`..m.u...Yw...ak....+to..1.............."m.i8..z}{B...^uV...1..s.>>..Z-.&..%....A..W..t..c....?z.o....A.]d0a...^..a........./..'..NQQ.%...4..l..}....N..A.f..Q[G.K^.S...o..PK.....8....h...PK........H..C................META-INF/ORACLE_J.SF..Ko.0...}.....U....A........-!....c...4..m.E..F.;.G.c..5...AH.qW.93.....-...`...#.Y.1..=.......b....0/.p...`...}...!.N..a'.....'..?eW..(b..SD.(0;*=h.W\.....w........ ........hg. y.....D...1.L'+...P..QOM..f.w...{\m...Tl.&i..!N~..Q.5...8............/.....UzY..$>.}.m..'.............g>.....D.O...o..V...o.O....4....~.2.7..'.o/....}.PK...E..\.......PK........H..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\sound.properties

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1249
                                                                                                                                              Entropy (8bit):4.735634480139973
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:AJx/wzjJQO1YfK4pPq8Ul6GyGLCKDJ9w5lAu9aEVjEcGuc8X3A0LlmPOiMA0L9UV:w/61sppNUl6GbLCOMlmEOucA3e2s/WW
                                                                                                                                              MD5:BB63293B1207CB8608C5FBE089A1B06D
                                                                                                                                              SHA1:96A0FA723AF939C22AE25B164771319D82BC033B
                                                                                                                                              SHA-256:633015AD63728DFE7A51BF26E55B766DD3E935F1FCCCFFA8054BF6E158EA89B2
                                                                                                                                              SHA-512:0042DEBE4A77DA997A75A294A0C48D19AED258EEB3CD723FD305037DF11F0A5073A92CC54967B8B541E1AFC912F36481D0B0F68477B8156E52E15093722B7C32
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:############################################################..# Sound Configuration File..############################################################..#..# This properties file is used to specify default service..# providers for javax.sound.midi.MidiSystem and..# javax.sound.sampled.AudioSystem...#..# The following keys are recognized by MidiSystem methods:..#..# javax.sound.midi.Receiver..# javax.sound.midi.Sequencer..# javax.sound.midi.Synthesizer..# javax.sound.midi.Transmitter..#..# The following keys are recognized by AudioSystem methods:..#..# javax.sound.sampled.Clip..# javax.sound.sampled.Port..# javax.sound.sampled.SourceDataLine..# javax.sound.sampled.TargetDataLine..#..# The values specify the full class name of the service..# provider, or the device name...#..# See the class descriptions for details...#..# Example 1:..# Use MyDeviceProvider as default for SourceDataLines:..# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider..#..# Example 2:..# Speci

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\tzdb.dat

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):103910
                                                                                                                                              Entropy (8bit):7.113278604363908
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:OcQWmFKJzLl2g6kpE7tdTMBB/////t97Taz69rU4y/uqmol7s2gK:Oyh3F27/qGzkrfy/uqllQ2gK
                                                                                                                                              MD5:5A7F416BD764E4A0C2DEB976B1D04B7B
                                                                                                                                              SHA1:E12754541A58D7687DEDA517CDDA14B897FF4400
                                                                                                                                              SHA-256:A636AFA5EDBA8AA0944836793537D9C5B5CA0091CCC3741FC0823EDAE8697C9D
                                                                                                                                              SHA-512:3AB2AD86832B98F8E5E1CE1C1B3FFEFA3C3D00B592EB1858E4A10FFF88D1A74DA81AD24C7EC82615C398192F976A1C15358FCE9451AA0AF9E65FB566731D6D8F
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...TZDB....2016d.S..Africa/Abidjan..Africa/Accra..Africa/Addis_Ababa..Africa/Algiers..Africa/Asmara..Africa/Asmera..Africa/Bamako..Africa/Bangui..Africa/Banjul..Africa/Bissau..Africa/Blantyre..Africa/Brazzaville..Africa/Bujumbura..Africa/Cairo..Africa/Casablanca..Africa/Ceuta..Africa/Conakry..Africa/Dakar..Africa/Dar_es_Salaam..Africa/Djibouti..Africa/Douala..Africa/El_Aaiun..Africa/Freetown..Africa/Gaborone..Africa/Harare..Africa/Johannesburg..Africa/Juba..Africa/Kampala..Africa/Khartoum..Africa/Kigali..Africa/Kinshasa..Africa/Lagos..Africa/Libreville..Africa/Lome..Africa/Luanda..Africa/Lubumbashi..Africa/Lusaka..Africa/Malabo..Africa/Maputo..Africa/Maseru..Africa/Mbabane..Africa/Mogadishu..Africa/Monrovia..Africa/Nairobi..Africa/Ndjamena..Africa/Niamey..Africa/Nouakchott..Africa/Ouagadougou..Africa/Porto-Novo..Africa/Sao_Tome..Africa/Timbuktu..Africa/Tripoli..Africa/Tunis..Africa/Windhoek..America/Adak..America/Anchorage..America/Anguilla..America/Antigua..America/Araguaina..America/

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\tzmappings

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):8602
                                                                                                                                              Entropy (8bit):5.204166069367786
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:j1kfcymkDvxeMmKg5GQEK2TtllXinSV29OHPQT:hhymk/QGT7YT
                                                                                                                                              MD5:B8DD8953B143685B5E91ABEB13FF24F0
                                                                                                                                              SHA1:B5CEB39061FCE39BB9D7A0176049A6E2600C419C
                                                                                                                                              SHA-256:3D49B3F2761C70F15057DA48ABE35A59B43D91FA4922BE137C0022851B1CA272
                                                                                                                                              SHA-512:C9CD0EB1BA203C170F8196CBAB1AAA067BCC86F2E52D0BAF979AAD370EDF9F773E19F430777A5A1C66EFE1EC3046F9BC82165ACCE3E3D1B8AE5879BD92F09C90
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:#..# This file describes mapping information between Windows and Java..# time zones...# Format: Each line should include a colon separated fields of Windows..# time zone registry key, time zone mapID, locale (which is most..# likely used in the time zone), and Java time zone ID. Blank lines..# and lines that start with '#' are ignored. Data lines must be sorted..# by mapID (ASCII order)...#..# NOTE..# This table format is not a public interface of any Java..# platforms. No applications should depend on this file in any form...#..# This table has been generated by a program and should not be edited..# manually...#..Romance:-1,64::Europe/Paris:..Romance Standard Time:-1,64::Europe/Paris:..Warsaw:-1,65::Europe/Warsaw:..Central Europe:-1,66::Europe/Prague:..Central Europe Standard Time:-1,66::Europe/Prague:..Prague Bratislava:-1,66::Europe/Prague:..W. Central Africa Standard Time:-1,66:AO:Africa/Luanda:..FLE:-1,67:FI:Europe/Helsinki:..FLE Standard Time:-1,67:FI:E

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\release

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:ASCII text, with very long lines (427), with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):533
                                                                                                                                              Entropy (8bit):5.416086012521588
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:GEKkc58IOlBVAQEjy2IM0oPP1RVtc8fFVKeiIdGIVIPJvq1RUbDcz:GEK7586QY/0oPtRb2TqySRUkz
                                                                                                                                              MD5:A61B1E3FE507D37F0D2F3ADD5AC691E0
                                                                                                                                              SHA1:8AE1050FF466B8F024EED5BC067B87784F19A848
                                                                                                                                              SHA-256:F9E84B54CF0D8CB0645E0D89BF47ED74C88AF98AC5BF9CCF3ACCB1A824F7DC3A
                                                                                                                                              SHA-512:3E88A839E44241AE642D0F9B7000D80BE7CF4BD003A9E2F9F04A4FEB61EC4877B2B4E76151503184F4B9978894BA1D0DE034DBC5F2E51C31B3ABB24F0EACF0C7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:JAVA_VERSION="1.8.0_101"..OS_NAME="Windows"..OS_VERSION="5.1"..OS_ARCH="i586"..SOURCE=" .:e983a19c6439 corba:2bb2aec4b3e5 deploy:2390a2618e98 hotspot:77df35b662ed hotspot/make/closed:40ee8a558775 hotspot/src/closed:710cffeb3c01 hotspot/test/closed:d6cfbcb20a1e install:68eb511e9151 jaxp:8ee36eca2124 jaxws:287f9e9d45cc jdk:827b2350d7f8 jdk/make/closed:53a5d48a69b0 jdk/src/closed:06c649fef4a8 jdk/test/closed:556c76f337b9 langtools:8dc8f71216bf nashorn:44e4e6cbe15b pubs:388b7b93b2c0 sponsors:1b72bbdb30d6"..BUILD_TYPE="commercial"..

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\slf4j-api.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):41203
                                                                                                                                              Entropy (8bit):7.855219741633254
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:CkwPhOR4PpSvw6vob5IJ9eoYUx7eBr9HDhzCZ+8ylnm1fjiUNcS5cXeK/7DaeR7g:CRPhOR4B0reWJYURuHN4ylnaeSI4
                                                                                                                                              MD5:CAAFE376AFB7086DCBEE79F780394CA3
                                                                                                                                              SHA1:DA76CA59F6A57EE3102F8F9BD9CEE742973EFA8A
                                                                                                                                              SHA-256:18C4A0095D5C1DA6B817592E767BB23D29DD2F560AD74DF75FF3961DBDE25B79
                                                                                                                                              SHA-512:5DD6271FD5B34579D8E66271BAB75C89BACA8B2EBEAA9966DE391284BD08F2D720083C6E0E1EDDA106ECF8A04E9A32116DE6873F0F88C19C049C0FE27E5D820B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........pJ................META-INF/PK..........pJ..w0?...........META-INF/MANIFEST.MF}._O.0....;.....J2....a..F.o.v..tm.....&c..q.w.9'..Q..Y...q%..%.........x.`.g..|ol.ZH......l.hF...7...............Gw..2..'.1..<..F&../4.O..V......4..R....k...*.<.Un..h....ZR...B..Kn..u.L5o..~.kl{.........xJ......d.L...~D..O.Y.w..$..X.r...FI.3@Q/.q.>.ke,.S....C...|.:.C]...L...{.....K.....m.D.&..Cx.qk...j...PK........J.pJ................org/PK..........pJ................org/slf4j/PK..........pJ................org/slf4j/event/PK..........pJ................org/slf4j/helpers/PK..........pJ................org/slf4j/spi/PK..........pJ...^]...+...$...org/slf4j/event/EventConstants.class}.MO.@...........=.x...!!%i......6i../O&....(.l.../.y.wvf..........8..$..C...C}..F...P..^(LOLL7.Ir4.r.-].5...k....].=._...#.....CkM.q.[*...0U..l.......N.27..[.d.|......4p<.E/..F..r..g.;1.G.RL.g'd....VC..z......q.S.dP.?.f..H[.........'....Ck.g..i-..P8".|..6.p...+dp..........5..+k.A\X."..........e

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\slf4j-simple.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):15257
                                                                                                                                              Entropy (8bit):7.804568217256536
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:wyBOIrDL/vJ0RWNML2NyWKr362ByOikGnqO5Vyb3Uab+UtJIdgihtqSXs:wyBnxxMLg7KrqU7Gnqrb3lhtuF/qS8
                                                                                                                                              MD5:722BB90689AECC523E3FE317E1F0984B
                                                                                                                                              SHA1:8DACF9514F0C707CBBCDD6FD699E8940D42FB54E
                                                                                                                                              SHA-256:0966E86FFFA5BE52D3D9E7B89DD674D98A03EED0A454FBAF7C1BD9493BD9D874
                                                                                                                                              SHA-512:D5EFFBFA105BCD615E56EF983075C9EF0F52BCFDBEFA3CE8CEA9550F25B859E48B32F2EC9AA7A305C6611A3BE5E0CDE0D269588D9C2897CA987359B77213331D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........pJ................META-INF/PK..........pJ.T..N...........META-INF/MANIFEST.MFuR]O.0.}_....`. ........%...L...............{>.97...6..^..L..u........e<..5:..3V@..xt..0#t.hF...3..7..U........Ww`.".'..b.)wDo.~.".f......f6.....XZ......?.X..;J#.+.8..Z..Z...i@-.%3.|.....u..N4;.....%g...g..R7....D,.......u..3..b.-I.j...{......))l....(.e.`.Ie...I.NR%^.fC<.U.......w....6.:.=[..........$.*..2.Yjsu....PK........K.pJ................org/PK........K.pJ................org/slf4j/PK........K.pJ................org/slf4j/impl/PK........K.pJ.._.........#...org/slf4j/impl/OutputChoice$1.class..mO.P...w+.6+..4yP.....t........f. 1. ]w..v.Z.O.k51..>.o.F.s..$(.I.?.wn.97.......@..,.c&.,f3.....qC.M!.Bn..-cQ.........5(.A.0t.T...`...Q8..Z.wl~.Z...!..`H?.].s.g..bi.A...Z.2..oE.m....K.....k....`..c.3.......|3.{u...=....C.....uG$L.....^.g....<.....2.........`UA.....[)./>..y .!V..i(Z<.M.E;1.........Z.!.2....v..!...E.V.jqz...P..r#.R,...)G....~s..P>w..t..r..o.....&k.....?.q3..0

                                                                                                                                              C:\Users\user\AppData\Roaming\InstallerPDW\jre\zt-zip.jar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):105007
                                                                                                                                              Entropy (8bit):7.8886535210991395
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:Dxpeuv7xOoWmvqcQurq8vGDTRAi5yRdPPl/CJqM9ggS3OIrBTH6x0:Fguv7cfmJrUOiYRbXMbS3Ooox0
                                                                                                                                              MD5:0FD8BC4F0F2E37FEB1EFC474D037AF55
                                                                                                                                              SHA1:ADD8FFACE4C1936787EB4BFFE4EA944A13467D53
                                                                                                                                              SHA-256:1E31EF3145D1E30B31107B7AFC4A61011EBCA99550DCE65F945C2EA4CCAC714B
                                                                                                                                              SHA-512:29DE5832DB5B43FDC99BB7EA32A7359441D6CF5C05561DD0A6960B33078471E4740EE08FFBD97A5CED4B7DD9CC98FAD6ADD43EDB4418BF719F90F83C58188149
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........E?J................META-INF/PK.........E?J&.x~i...........META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r,J..,K-B...V..+.$x...R.KRSt.*......3R.|..R.x..J3sJ..%.....E...]..l...z.....\.\.PK.........E?J................org/PK.........E?J................org/zeroturnaround/PK.........E?J................org/zeroturnaround/zip/PK.........E?J................org/zeroturnaround/zip/commons/PK.........E?J................org/zeroturnaround/zip/extra/PK.........E?J............"...org/zeroturnaround/zip/timestamps/PK.........E?J............!...org/zeroturnaround/zip/transform/PK.........E?J............'...org/zeroturnaround/zip/ByteSource.class.U.W.U..6.l..B.7...`H..`.-.. ..g[(.b.%....q...../..G_.9.<rN.Oz...?.77.4=.;s....|w....}..2.60.....#..........!.,.X....$r".x ...?.....-x(bU.#...X...@..u|b...8...4..D.....#...d...Z.w..V.`.......&4D7.|..!.>IG..5h..^..%......`...&.9..y....N..oj.L...>9.J.)w.X..N.^..n...Q.%.7o.V-.y`l...fqq..........hyn....wJ.If..V...........r..]..Z....1..5...

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\83aa4cc77f591dfc2374580bbd95f6ba_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):45
                                                                                                                                              Entropy (8bit):0.9111711733157262
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:/lwlt7n:WNn
                                                                                                                                              MD5:C8366AE350E7019AEFC9D1E6E6A498C6
                                                                                                                                              SHA1:5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
                                                                                                                                              SHA-256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
                                                                                                                                              SHA-512:33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:........................................J2SE.

                                                                                                                                              Static File Info

                                                                                                                                              General

                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                              Entropy (8bit):7.997468036700201
                                                                                                                                              TrID:
                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                              File name:PInstaller.exe
                                                                                                                                              File size:58'639'106 bytes
                                                                                                                                              MD5:ea17d9a8373df3180020a861f91333c0
                                                                                                                                              SHA1:beee77b8e24c4dd91e13f8154d180cbab37fccf2
                                                                                                                                              SHA256:f5813155f25b4d8b8e3aee7b5353467973e5907dd743075676c462cff9f4acfe
                                                                                                                                              SHA512:a4a933a58e61aac3f6ae075f5917858cf4100f8b346cfd3006e5a02a8a51778a2942b1eb520d0778bf4d1a2c07050686bb7b92945806a65add30c475bf3b8bab
                                                                                                                                              SSDEEP:786432:pAMEkwmeS3TbNSQliYZTL15DKhCfBfXh8PpJLKnSJ1AtIijjgQ0P6ZI1drMiT4ML:pAMEkwSFSsTZTL2hlp9wtZsJCiTCmdX
                                                                                                                                              TLSH:61D7331EBB63CD6DE98C1735086112320E1ADC9E13BF89BD904DBB357431365AB2672B
                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!.@.@...@...@../O...@...@..O@../O...@...c...@..+F...@..Rich.@..........................PE..L....C.f.................j....:....

                                                                                                                                              File Icon

                                                                                                                                              Icon Hash:32728092d4f29244

                                                                                                                                              Static PE Info

                                                                                                                                              General

                                                                                                                                              Entrypoint:0x40366b
                                                                                                                                              Entrypoint Section:.text
                                                                                                                                              Digitally signed:false
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              Subsystem:windows gui
                                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                              Time Stamp:0x660843EF [Sat Mar 30 16:55:11 2024 UTC]
                                                                                                                                              TLS Callbacks:
                                                                                                                                              CLR (.Net) Version:
                                                                                                                                              OS Version Major:4
                                                                                                                                              OS Version Minor:0
                                                                                                                                              File Version Major:4
                                                                                                                                              File Version Minor:0
                                                                                                                                              Subsystem Version Major:4
                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                              Import Hash:9dda1a1d1f8a1d13ae0297b47046b26e

                                                                                                                                              Entrypoint Preview

                                                                                                                                              Instruction
                                                                                                                                              sub esp, 000003F8h
                                                                                                                                              push ebp
                                                                                                                                              push esi
                                                                                                                                              push edi
                                                                                                                                              push 00000020h
                                                                                                                                              pop edi
                                                                                                                                              xor ebp, ebp
                                                                                                                                              push 00008001h
                                                                                                                                              mov dword ptr [esp+20h], ebp
                                                                                                                                              mov dword ptr [esp+18h], 0040A230h
                                                                                                                                              mov dword ptr [esp+14h], ebp
                                                                                                                                              call dword ptr [004080A0h]
                                                                                                                                              mov esi, dword ptr [004080A4h]
                                                                                                                                              lea eax, dword ptr [esp+34h]
                                                                                                                                              push eax
                                                                                                                                              mov dword ptr [esp+4Ch], ebp
                                                                                                                                              mov dword ptr [esp+0000014Ch], ebp
                                                                                                                                              mov dword ptr [esp+00000150h], ebp
                                                                                                                                              mov dword ptr [esp+38h], 0000011Ch
                                                                                                                                              call esi
                                                                                                                                              test eax, eax
                                                                                                                                              jne 00007FB6C4D610CAh
                                                                                                                                              lea eax, dword ptr [esp+34h]
                                                                                                                                              mov dword ptr [esp+34h], 00000114h
                                                                                                                                              push eax
                                                                                                                                              call esi
                                                                                                                                              mov ax, word ptr [esp+48h]
                                                                                                                                              mov ecx, dword ptr [esp+62h]
                                                                                                                                              sub ax, 00000053h
                                                                                                                                              add ecx, FFFFFFD0h
                                                                                                                                              neg ax
                                                                                                                                              sbb eax, eax
                                                                                                                                              mov byte ptr [esp+0000014Eh], 00000004h
                                                                                                                                              not eax
                                                                                                                                              and eax, ecx
                                                                                                                                              mov word ptr [esp+00000148h], ax
                                                                                                                                              cmp dword ptr [esp+38h], 0Ah
                                                                                                                                              jnc 00007FB6C4D61098h
                                                                                                                                              and word ptr [esp+42h], 0000h
                                                                                                                                              mov eax, dword ptr [esp+40h]
                                                                                                                                              movzx ecx, byte ptr [esp+3Ch]
                                                                                                                                              mov dword ptr [007A8358h], eax
                                                                                                                                              xor eax, eax
                                                                                                                                              mov ah, byte ptr [esp+38h]
                                                                                                                                              movzx eax, ax
                                                                                                                                              or eax, ecx
                                                                                                                                              xor ecx, ecx
                                                                                                                                              mov ch, byte ptr [esp+00000148h]
                                                                                                                                              movzx ecx, cx
                                                                                                                                              shl eax, 10h
                                                                                                                                              or eax, ecx
                                                                                                                                              movzx ecx, byte ptr [esp+0000004Eh]

                                                                                                                                              Rich Headers

                                                                                                                                              Programming Language:
                                                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                              Data Directories

                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c50000x1ac88.rsrc
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2a8.rdata
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                              Sections

                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                              .text0x10000x68250x6a0066193a1807102f3dd82ce73616af97c9False0.6673422759433962data6.45816566168401IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                              .rdata0x80000x13580x1400bd82d08a08da8783923a22b467699302False0.4431640625data5.103358601944578IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                              .data0xa0000x39e3b80x6005007ecdbe2c274f1db13c929b861822dunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                              .ndata0x3a90000x1c0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                              .rsrc0x3c50000x1ac880x1ae00dab67e7dd7dcbc7a90a9773b5dc2d50dFalse0.1428688226744186data3.963318419332508IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                              Resources

                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                              RT_ICON0x3c52f80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.046433218975511656
                                                                                                                                              RT_ICON0x3d5b200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.10350732168162494
                                                                                                                                              RT_ICON0x3d9d480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.1479253112033195
                                                                                                                                              RT_ICON0x3dc2f00x18d0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9713476070528967
                                                                                                                                              RT_ICON0x3ddbc00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.22115384615384615
                                                                                                                                              RT_ICON0x3dec680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.4352836879432624
                                                                                                                                              RT_ICON0x3df0d00x128dataEnglishUnited States0.04391891891891892
                                                                                                                                              RT_DIALOG0x3df1f80x202dataEnglishUnited States0.4085603112840467
                                                                                                                                              RT_DIALOG0x3df4000xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                              RT_DIALOG0x3df4f80xeedataEnglishUnited States0.6302521008403361
                                                                                                                                              RT_GROUP_ICON0x3df5e80x68dataEnglishUnited States0.6826923076923077
                                                                                                                                              RT_VERSION0x3df6500x204dataEnglishUnited States0.5193798449612403
                                                                                                                                              RT_MANIFEST0x3df8580x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5130841121495328

                                                                                                                                              Imports

                                                                                                                                              DLLImport
                                                                                                                                              ADVAPI32.dllRegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
                                                                                                                                              SHELL32.dllSHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
                                                                                                                                              ole32.dllCoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
                                                                                                                                              COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                                                                                                              USER32.dllMessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
                                                                                                                                              GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
                                                                                                                                              KERNEL32.dllRemoveDirectoryW, lstrcmpiA, GetTempFileNameW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, WriteFile, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, CopyFileW

                                                                                                                                              Possible Origin

                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                              EnglishUnited States

                                                                                                                                              Network Behavior

                                                                                                                                              Network Port Distribution

                                                                                                                                              TCP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Oct 6, 2024 09:31:33.254863024 CEST49736443192.168.2.4104.20.3.235
                                                                                                                                              Oct 6, 2024 09:31:33.254940033 CEST44349736104.20.3.235192.168.2.4
                                                                                                                                              Oct 6, 2024 09:31:33.255059004 CEST49736443192.168.2.4104.20.3.235
                                                                                                                                              Oct 6, 2024 09:31:33.269387960 CEST49736443192.168.2.4104.20.3.235
                                                                                                                                              Oct 6, 2024 09:31:33.269443989 CEST44349736104.20.3.235192.168.2.4
                                                                                                                                              Oct 6, 2024 09:31:33.741302967 CEST44349736104.20.3.235192.168.2.4
                                                                                                                                              Oct 6, 2024 09:31:33.741411924 CEST49736443192.168.2.4104.20.3.235
                                                                                                                                              Oct 6, 2024 09:31:34.592941999 CEST49736443192.168.2.4104.20.3.235
                                                                                                                                              Oct 6, 2024 09:31:34.593014002 CEST44349736104.20.3.235192.168.2.4
                                                                                                                                              Oct 6, 2024 09:31:34.593200922 CEST49736443192.168.2.4104.20.3.235
                                                                                                                                              Oct 6, 2024 09:31:34.593637943 CEST44349736104.20.3.235192.168.2.4
                                                                                                                                              Oct 6, 2024 09:31:34.593707085 CEST49736443192.168.2.4104.20.3.235

                                                                                                                                              UDP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Oct 6, 2024 09:31:33.161040068 CEST5361053192.168.2.41.1.1.1
                                                                                                                                              Oct 6, 2024 09:31:33.168301105 CEST53536101.1.1.1192.168.2.4

                                                                                                                                              DNS Queries

                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                              Oct 6, 2024 09:31:33.161040068 CEST192.168.2.41.1.1.10x639bStandard query (0)pastebin.comA (IP address)IN (0x0001)false

                                                                                                                                              DNS Answers

                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                              Oct 6, 2024 09:31:33.168301105 CEST1.1.1.1192.168.2.40x639bNo error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                                                                                                                                              Oct 6, 2024 09:31:33.168301105 CEST1.1.1.1192.168.2.40x639bNo error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                                                                                                                                              Oct 6, 2024 09:31:33.168301105 CEST1.1.1.1192.168.2.40x639bNo error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false

                                                                                                                                              Statistics

                                                                                                                                              CPU Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              Memory Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              High Level Behavior Distribution

                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                              Behavior

                                                                                                                                              Click to jump to process

                                                                                                                                              System Behavior

                                                                                                                                              General

                                                                                                                                              Target ID:0
                                                                                                                                              Start time:03:31:11
                                                                                                                                              Start date:06/10/2024
                                                                                                                                              Path:C:\Users\user\Desktop\PInstaller.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Users\user\Desktop\PInstaller.exe"
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              File size:58'639'106 bytes
                                                                                                                                              MD5 hash:EA17D9A8373DF3180020A861F91333C0
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Reputation:low
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:2
                                                                                                                                              Start time:03:31:27
                                                                                                                                              Start date:06/10/2024
                                                                                                                                              Path:C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              File size:139'264 bytes
                                                                                                                                              MD5 hash:5ECD826BABBEBDD959456C471DEC6465
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Antivirus matches:
                                                                                                                                              • Detection: 3%, ReversingLabs
                                                                                                                                              Reputation:low
                                                                                                                                              Has exited:true

                                                                                                                                              General

                                                                                                                                              Target ID:3
                                                                                                                                              Start time:03:31:27
                                                                                                                                              Start date:06/10/2024
                                                                                                                                              Path:C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
                                                                                                                                              Imagebase:0xdc0000
                                                                                                                                              File size:191'552 bytes
                                                                                                                                              MD5 hash:48C96771106DBDD5D42BBA3772E4B414
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                              Antivirus matches:
                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                              Reputation:moderate
                                                                                                                                              Has exited:true

                                                                                                                                              Disassembly

                                                                                                                                              Reset < >

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:13.6%
                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                Signature Coverage:16.4%
                                                                                                                                                Total number of Nodes:1370
                                                                                                                                                Total number of Limit Nodes:19
                                                                                                                                                execution_graph 3678 401bc0 3679 401c11 3678->3679 3685 401bcd 3678->3685 3680 401c3b GlobalAlloc 3679->3680 3682 401c16 3679->3682 3683 4066e5 21 API calls 3680->3683 3681 4023af 3684 4066e5 21 API calls 3681->3684 3687 401c56 3682->3687 3699 4066a8 lstrcpynW 3682->3699 3683->3687 3688 4023bc 3684->3688 3685->3681 3689 401be4 3685->3689 3693 405d08 MessageBoxIndirectW 3688->3693 3697 4066a8 lstrcpynW 3689->3697 3690 401c28 GlobalFree 3690->3687 3692 401bf3 3698 4066a8 lstrcpynW 3692->3698 3693->3687 3695 401c02 3700 4066a8 lstrcpynW 3695->3700 3697->3692 3698->3695 3699->3690 3700->3687 3701 402641 3702 402dcb 21 API calls 3701->3702 3703 402648 3702->3703 3706 406198 GetFileAttributesW CreateFileW 3703->3706 3705 402654 3706->3705 3707 4025c3 3717 402e0b 3707->3717 3711 4025d6 3712 402953 3711->3712 3713 4025f2 RegEnumKeyW 3711->3713 3714 4025fe RegEnumValueW 3711->3714 3715 402613 RegCloseKey 3713->3715 3714->3715 3715->3712 3718 402dcb 21 API calls 3717->3718 3719 402e22 3718->3719 3720 406515 RegOpenKeyExW 3719->3720 3721 4025cd 3720->3721 3722 402da9 3721->3722 3723 4066e5 21 API calls 3722->3723 3724 402dbe 3723->3724 3724->3711 3725 4015c8 3726 402dcb 21 API calls 3725->3726 3727 4015cf SetFileAttributesW 3726->3727 3728 4015e1 3727->3728 3419 401fc9 3420 402dcb 21 API calls 3419->3420 3421 401fcf 3420->3421 3422 40572d 28 API calls 3421->3422 3423 401fd9 3422->3423 3434 405c8b CreateProcessW 3423->3434 3426 402002 CloseHandle 3427 402953 3426->3427 3430 401ff4 3431 402004 3430->3431 3432 401ff9 3430->3432 3431->3426 3442 4065ef wsprintfW 3432->3442 3435 401fdf 3434->3435 3436 405cbe CloseHandle 3434->3436 3435->3426 3435->3427 3437 406b47 WaitForSingleObject 3435->3437 3436->3435 3438 406b61 3437->3438 3439 406b73 GetExitCodeProcess 3438->3439 3440 406ad8 2 API calls 3438->3440 3439->3430 3441 406b68 WaitForSingleObject 3440->3441 3441->3438 3442->3426 3732 40204f 3733 402dcb 21 API calls 3732->3733 3734 402056 3733->3734 3735 406a9c 5 API calls 3734->3735 3736 402065 3735->3736 3737 402081 GlobalAlloc 3736->3737 3738 4020f1 3736->3738 3737->3738 3739 402095 3737->3739 3740 406a9c 5 API calls 3739->3740 3741 40209c 3740->3741 3742 406a9c 5 API calls 3741->3742 3743 4020a6 3742->3743 3743->3738 3747 4065ef wsprintfW 3743->3747 3745 4020df 3748 4065ef wsprintfW 3745->3748 3747->3745 3748->3738 3749 40254f 3750 402e0b 21 API calls 3749->3750 3751 402559 3750->3751 3752 402dcb 21 API calls 3751->3752 3753 402562 3752->3753 3754 40256d RegQueryValueExW 3753->3754 3758 402953 3753->3758 3755 402593 RegCloseKey 3754->3755 3756 40258d 3754->3756 3755->3758 3756->3755 3760 4065ef wsprintfW 3756->3760 3760->3755 3761 4021cf 3762 402dcb 21 API calls 3761->3762 3763 4021d6 3762->3763 3764 402dcb 21 API calls 3763->3764 3765 4021e0 3764->3765 3766 402dcb 21 API calls 3765->3766 3767 4021ea 3766->3767 3768 402dcb 21 API calls 3767->3768 3769 4021f4 3768->3769 3770 402dcb 21 API calls 3769->3770 3771 4021fe 3770->3771 3772 40223d CoCreateInstance 3771->3772 3773 402dcb 21 API calls 3771->3773 3776 40225c 3772->3776 3773->3772 3774 401423 28 API calls 3775 40231b 3774->3775 3776->3774 3776->3775 3777 404ad1 3778 404ae1 3777->3778 3779 404b07 3777->3779 3784 404627 3778->3784 3787 40468e 3779->3787 3783 404aee SetDlgItemTextW 3783->3779 3785 4066e5 21 API calls 3784->3785 3786 404632 SetDlgItemTextW 3785->3786 3786->3783 3788 404751 3787->3788 3789 4046a6 GetWindowLongW 3787->3789 3789->3788 3790 4046bb 3789->3790 3790->3788 3791 4046e8 GetSysColor 3790->3791 3792 4046eb 3790->3792 3791->3792 3793 4046f1 SetTextColor 3792->3793 3794 4046fb SetBkMode 3792->3794 3793->3794 3795 404713 GetSysColor 3794->3795 3796 404719 3794->3796 3795->3796 3797 404720 SetBkColor 3796->3797 3798 40472a 3796->3798 3797->3798 3798->3788 3799 404744 CreateBrushIndirect 3798->3799 3800 40473d DeleteObject 3798->3800 3799->3788 3800->3799 3801 401a55 3802 402dcb 21 API calls 3801->3802 3803 401a5e ExpandEnvironmentStringsW 3802->3803 3804 401a72 3803->3804 3806 401a85 3803->3806 3805 401a77 lstrcmpW 3804->3805 3804->3806 3805->3806 3807 4014d7 3808 402da9 21 API calls 3807->3808 3809 4014dd Sleep 3808->3809 3811 402c4f 3809->3811 3817 4023d7 3818 4023e5 3817->3818 3819 4023df 3817->3819 3821 402dcb 21 API calls 3818->3821 3823 4023f3 3818->3823 3820 402dcb 21 API calls 3819->3820 3820->3818 3821->3823 3822 402401 3825 402dcb 21 API calls 3822->3825 3823->3822 3824 402dcb 21 API calls 3823->3824 3824->3822 3826 40240a WritePrivateProfileStringW 3825->3826 3827 402459 3828 402461 3827->3828 3829 40248c 3827->3829 3830 402e0b 21 API calls 3828->3830 3831 402dcb 21 API calls 3829->3831 3832 402468 3830->3832 3833 402493 3831->3833 3835 4024a0 3832->3835 3836 402dcb 21 API calls 3832->3836 3838 402e89 3833->3838 3837 402479 RegDeleteValueW RegCloseKey 3836->3837 3837->3835 3839 402e9d 3838->3839 3841 402e96 3838->3841 3839->3841 3842 402ece 3839->3842 3841->3835 3843 406515 RegOpenKeyExW 3842->3843 3844 402efc 3843->3844 3845 402f0c RegEnumValueW 3844->3845 3852 402fa6 3844->3852 3854 402f2f 3844->3854 3846 402f96 RegCloseKey 3845->3846 3845->3854 3846->3852 3847 402f6b RegEnumKeyW 3848 402f74 RegCloseKey 3847->3848 3847->3854 3849 406a9c 5 API calls 3848->3849 3850 402f84 3849->3850 3850->3852 3853 402f88 RegDeleteKeyW 3850->3853 3851 402ece 6 API calls 3851->3854 3852->3841 3853->3852 3854->3846 3854->3847 3854->3848 3854->3851 3855 40175a 3856 402dcb 21 API calls 3855->3856 3857 401761 SearchPathW 3856->3857 3858 40177c 3857->3858 3859 401d5d 3860 402da9 21 API calls 3859->3860 3861 401d64 3860->3861 3862 402da9 21 API calls 3861->3862 3863 401d70 GetDlgItem 3862->3863 3864 40265d 3863->3864 3865 40475d lstrcpynW lstrlenW 3866 402663 3867 402692 3866->3867 3868 402677 3866->3868 3870 4026c2 3867->3870 3871 402697 3867->3871 3869 402da9 21 API calls 3868->3869 3880 40267e 3869->3880 3873 402dcb 21 API calls 3870->3873 3872 402dcb 21 API calls 3871->3872 3874 40269e 3872->3874 3875 4026c9 lstrlenW 3873->3875 3883 4066ca WideCharToMultiByte 3874->3883 3875->3880 3877 4026b2 lstrlenA 3877->3880 3878 4026f6 3879 40270c 3878->3879 3881 40624a WriteFile 3878->3881 3880->3878 3880->3879 3884 406279 SetFilePointer 3880->3884 3881->3879 3883->3877 3885 4062ad 3884->3885 3886 406295 3884->3886 3885->3878 3887 40621b ReadFile 3886->3887 3888 4062a1 3887->3888 3888->3885 3889 4062b6 SetFilePointer 3888->3889 3890 4062de SetFilePointer 3888->3890 3889->3890 3891 4062c1 3889->3891 3890->3885 3892 40624a WriteFile 3891->3892 3892->3885 3263 4015e6 3264 402dcb 21 API calls 3263->3264 3265 4015ed 3264->3265 3283 406022 CharNextW CharNextW 3265->3283 3267 4015f6 3268 401656 3267->3268 3269 405fa4 CharNextW 3267->3269 3279 40163c GetFileAttributesW 3267->3279 3281 40161f 3267->3281 3293 405c73 3267->3293 3299 405c56 CreateDirectoryW 3267->3299 3270 401688 3268->3270 3271 40165b 3268->3271 3269->3267 3273 401423 28 API calls 3270->3273 3289 401423 3271->3289 3280 401680 3273->3280 3278 40166f SetCurrentDirectoryW 3278->3280 3279->3267 3281->3267 3296 405bfc CreateDirectoryW 3281->3296 3284 40603f 3283->3284 3288 406051 3283->3288 3285 40604c CharNextW 3284->3285 3284->3288 3286 406075 3285->3286 3286->3267 3287 405fa4 CharNextW 3287->3288 3288->3286 3288->3287 3290 40572d 28 API calls 3289->3290 3291 401431 3290->3291 3292 4066a8 lstrcpynW 3291->3292 3292->3278 3294 406a9c 5 API calls 3293->3294 3295 405c7a 3294->3295 3295->3267 3297 405c48 3296->3297 3298 405c4c GetLastError 3296->3298 3297->3281 3298->3297 3300 405c66 3299->3300 3301 405c6a GetLastError 3299->3301 3300->3267 3301->3300 3899 4047e6 3900 404918 3899->3900 3901 4047fe 3899->3901 3902 404982 3900->3902 3905 404a4c 3900->3905 3908 404953 GetDlgItem SendMessageW 3900->3908 3904 404627 22 API calls 3901->3904 3903 40498c GetDlgItem 3902->3903 3902->3905 3906 4049a6 3903->3906 3907 404a0d 3903->3907 3909 404865 3904->3909 3910 40468e 8 API calls 3905->3910 3906->3907 3915 4049cc SendMessageW LoadCursorW SetCursor 3906->3915 3907->3905 3911 404a1f 3907->3911 3932 404649 EnableWindow 3908->3932 3913 404627 22 API calls 3909->3913 3914 404a47 3910->3914 3916 404a35 3911->3916 3917 404a25 SendMessageW 3911->3917 3919 404872 CheckDlgButton 3913->3919 3936 404a95 3915->3936 3916->3914 3921 404a3b SendMessageW 3916->3921 3917->3916 3918 40497d 3933 404a71 3918->3933 3930 404649 EnableWindow 3919->3930 3921->3914 3925 404890 GetDlgItem 3931 40465c SendMessageW 3925->3931 3927 4048a6 SendMessageW 3928 4048c3 GetSysColor 3927->3928 3929 4048cc SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3927->3929 3928->3929 3929->3914 3930->3925 3931->3927 3932->3918 3934 404a84 SendMessageW 3933->3934 3935 404a7f 3933->3935 3934->3902 3935->3934 3939 405cce ShellExecuteExW 3936->3939 3938 4049fb LoadCursorW SetCursor 3938->3907 3939->3938 3940 401c68 3941 402da9 21 API calls 3940->3941 3942 401c6f 3941->3942 3943 402da9 21 API calls 3942->3943 3944 401c7c 3943->3944 3945 401c91 3944->3945 3946 402dcb 21 API calls 3944->3946 3947 401ca1 3945->3947 3948 402dcb 21 API calls 3945->3948 3946->3945 3949 401cf8 3947->3949 3950 401cac 3947->3950 3948->3947 3952 402dcb 21 API calls 3949->3952 3951 402da9 21 API calls 3950->3951 3954 401cb1 3951->3954 3953 401cfd 3952->3953 3955 402dcb 21 API calls 3953->3955 3956 402da9 21 API calls 3954->3956 3957 401d06 FindWindowExW 3955->3957 3958 401cbd 3956->3958 3961 401d28 3957->3961 3959 401ce8 SendMessageW 3958->3959 3960 401cca SendMessageTimeoutW 3958->3960 3959->3961 3960->3961 3962 4028e9 3963 4028ef 3962->3963 3964 4028f7 FindClose 3963->3964 3965 402c4f 3963->3965 3964->3965 3447 40366b SetErrorMode GetVersionExW 3448 4036f7 3447->3448 3449 4036bf GetVersionExW 3447->3449 3450 40374e 3448->3450 3451 406a9c 5 API calls 3448->3451 3449->3448 3452 406a2c 3 API calls 3450->3452 3451->3450 3453 403764 lstrlenA 3452->3453 3453->3450 3454 403774 3453->3454 3455 406a9c 5 API calls 3454->3455 3456 40377b 3455->3456 3457 406a9c 5 API calls 3456->3457 3458 403782 3457->3458 3459 406a9c 5 API calls 3458->3459 3460 40378e #17 OleInitialize SHGetFileInfoW 3459->3460 3535 4066a8 lstrcpynW 3460->3535 3463 4037dd GetCommandLineW 3536 4066a8 lstrcpynW 3463->3536 3465 4037ef 3466 405fa4 CharNextW 3465->3466 3467 403815 CharNextW 3466->3467 3470 403827 3467->3470 3468 403929 3469 40393d GetTempPathW 3468->3469 3537 40363a 3469->3537 3470->3468 3475 405fa4 CharNextW 3470->3475 3481 40392b 3470->3481 3472 403955 3473 403959 GetWindowsDirectoryW lstrcatW 3472->3473 3474 4039af DeleteFileW 3472->3474 3476 40363a 12 API calls 3473->3476 3547 4030f5 GetTickCount GetModuleFileNameW 3474->3547 3475->3470 3478 403975 3476->3478 3478->3474 3480 403979 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3478->3480 3479 4039c3 3482 403bb6 ExitProcess CoUninitialize 3479->3482 3487 403a6a 3479->3487 3488 405fa4 CharNextW 3479->3488 3484 40363a 12 API calls 3480->3484 3633 4066a8 lstrcpynW 3481->3633 3485 403bc8 3482->3485 3486 403bec 3482->3486 3492 4039a7 3484->3492 3493 405d08 MessageBoxIndirectW 3485->3493 3489 403c70 ExitProcess 3486->3489 3490 403bf4 GetCurrentProcess OpenProcessToken 3486->3490 3576 403d7a 3487->3576 3503 4039e2 3488->3503 3494 403c40 3490->3494 3495 403c0c LookupPrivilegeValueW AdjustTokenPrivileges 3490->3495 3492->3474 3492->3482 3498 403bd6 ExitProcess 3493->3498 3499 406a9c 5 API calls 3494->3499 3495->3494 3500 403c47 3499->3500 3505 403c5c ExitWindowsEx 3500->3505 3508 403c69 3500->3508 3501 403a40 3506 40607f 18 API calls 3501->3506 3502 403a83 3504 405c73 5 API calls 3502->3504 3503->3501 3503->3502 3507 403a88 lstrlenW 3504->3507 3505->3489 3505->3508 3509 403a4c 3506->3509 3636 4066a8 lstrcpynW 3507->3636 3638 40140b 3508->3638 3509->3482 3634 4066a8 lstrcpynW 3509->3634 3512 403aa2 3514 403aab 3512->3514 3522 403aba 3512->3522 3637 4066a8 lstrcpynW 3514->3637 3515 403a5f 3635 4066a8 lstrcpynW 3515->3635 3518 403ae0 wsprintfW 3519 4066e5 21 API calls 3518->3519 3519->3522 3520 405bfc 2 API calls 3520->3522 3521 405c56 2 API calls 3521->3522 3522->3518 3522->3520 3522->3521 3523 403b56 SetCurrentDirectoryW 3522->3523 3524 403b1c GetFileAttributesW 3522->3524 3527 403b54 3522->3527 3529 405db4 71 API calls 3522->3529 3530 406468 40 API calls 3522->3530 3531 4066e5 21 API calls 3522->3531 3532 405c8b 2 API calls 3522->3532 3533 403bde CloseHandle 3522->3533 3534 406a05 2 API calls 3522->3534 3526 406468 40 API calls 3523->3526 3524->3522 3525 403b28 DeleteFileW 3524->3525 3525->3522 3528 403b65 CopyFileW 3526->3528 3527->3482 3528->3522 3528->3527 3529->3522 3530->3522 3531->3522 3532->3522 3533->3527 3534->3522 3535->3463 3536->3465 3538 406956 5 API calls 3537->3538 3540 403646 3538->3540 3539 403650 3539->3472 3540->3539 3541 405f77 3 API calls 3540->3541 3542 403658 3541->3542 3543 405c56 2 API calls 3542->3543 3544 40365e 3543->3544 3641 4061c7 3544->3641 3645 406198 GetFileAttributesW CreateFileW 3547->3645 3549 403138 3575 403145 3549->3575 3646 4066a8 lstrcpynW 3549->3646 3551 40315b 3552 405fc3 2 API calls 3551->3552 3553 403161 3552->3553 3647 4066a8 lstrcpynW 3553->3647 3555 40316c GetFileSize 3556 40326b 3555->3556 3574 403183 3555->3574 3557 403053 36 API calls 3556->3557 3558 403272 3557->3558 3560 4032ae GlobalAlloc 3558->3560 3558->3575 3649 403623 SetFilePointer 3558->3649 3559 40360d ReadFile 3559->3574 3563 4061c7 2 API calls 3560->3563 3561 403309 3564 403053 36 API calls 3561->3564 3566 4032d9 CreateFileW 3563->3566 3564->3575 3565 40328f 3567 40360d ReadFile 3565->3567 3569 403313 3566->3569 3566->3575 3571 40329a 3567->3571 3568 403053 36 API calls 3568->3574 3648 403623 SetFilePointer 3569->3648 3571->3560 3571->3575 3572 403321 3573 40339c 44 API calls 3572->3573 3573->3575 3574->3556 3574->3559 3574->3561 3574->3568 3574->3575 3575->3479 3577 406a9c 5 API calls 3576->3577 3578 403d8e 3577->3578 3579 403d94 3578->3579 3580 403da6 3578->3580 3658 4065ef wsprintfW 3579->3658 3581 406576 3 API calls 3580->3581 3582 403dd6 3581->3582 3583 403df5 lstrcatW 3582->3583 3585 406576 3 API calls 3582->3585 3586 403da4 3583->3586 3585->3583 3650 404050 3586->3650 3589 40607f 18 API calls 3590 403e27 3589->3590 3591 403ebb 3590->3591 3593 406576 3 API calls 3590->3593 3592 40607f 18 API calls 3591->3592 3594 403ec1 3592->3594 3595 403e59 3593->3595 3596 403ed1 LoadImageW 3594->3596 3599 4066e5 21 API calls 3594->3599 3595->3591 3603 403e7a lstrlenW 3595->3603 3607 405fa4 CharNextW 3595->3607 3597 403f77 3596->3597 3598 403ef8 RegisterClassW 3596->3598 3602 40140b 2 API calls 3597->3602 3600 403a7a 3598->3600 3601 403f2e SystemParametersInfoW CreateWindowExW 3598->3601 3599->3596 3600->3482 3601->3597 3606 403f7d 3602->3606 3604 403e88 lstrcmpiW 3603->3604 3605 403eae 3603->3605 3604->3605 3608 403e98 GetFileAttributesW 3604->3608 3609 405f77 3 API calls 3605->3609 3606->3600 3612 404050 22 API calls 3606->3612 3610 403e77 3607->3610 3611 403ea4 3608->3611 3613 403eb4 3609->3613 3610->3603 3611->3605 3614 405fc3 2 API calls 3611->3614 3615 403f8e 3612->3615 3659 4066a8 lstrcpynW 3613->3659 3614->3605 3617 403f9a ShowWindow 3615->3617 3618 40401d 3615->3618 3620 406a2c 3 API calls 3617->3620 3660 405800 OleInitialize 3618->3660 3622 403fb2 3620->3622 3621 404023 3623 404027 3621->3623 3624 40403f 3621->3624 3625 403fc0 GetClassInfoW 3622->3625 3627 406a2c 3 API calls 3622->3627 3623->3600 3631 40140b 2 API calls 3623->3631 3626 40140b 2 API calls 3624->3626 3628 403fd4 GetClassInfoW RegisterClassW 3625->3628 3629 403fea DialogBoxParamW 3625->3629 3626->3600 3627->3625 3628->3629 3630 40140b 2 API calls 3629->3630 3632 404012 3630->3632 3631->3600 3632->3600 3633->3469 3634->3515 3635->3487 3636->3512 3637->3522 3639 401389 2 API calls 3638->3639 3640 401420 3639->3640 3640->3489 3642 4061d4 GetTickCount GetTempFileNameW 3641->3642 3643 403669 3642->3643 3644 40620a 3642->3644 3643->3472 3644->3642 3644->3643 3645->3549 3646->3551 3647->3555 3648->3572 3649->3565 3651 404064 3650->3651 3667 4065ef wsprintfW 3651->3667 3653 4040d5 3668 404109 3653->3668 3655 403e05 3655->3589 3656 4040da 3656->3655 3657 4066e5 21 API calls 3656->3657 3657->3656 3658->3586 3659->3591 3671 404673 3660->3671 3662 40584a 3663 404673 SendMessageW 3662->3663 3665 40585c OleUninitialize 3663->3665 3664 405823 3664->3662 3674 401389 3664->3674 3665->3621 3667->3653 3669 4066e5 21 API calls 3668->3669 3670 404117 SetWindowTextW 3669->3670 3670->3656 3672 40468b 3671->3672 3673 40467c SendMessageW 3671->3673 3672->3664 3673->3672 3676 401390 3674->3676 3675 4013fe 3675->3664 3676->3675 3677 4013cb MulDiv SendMessageW 3676->3677 3677->3676 3966 40586c 3967 405a16 3966->3967 3968 40588d GetDlgItem GetDlgItem GetDlgItem 3966->3968 3970 405a47 3967->3970 3971 405a1f GetDlgItem CreateThread CloseHandle 3967->3971 4011 40465c SendMessageW 3968->4011 3972 405a72 3970->3972 3974 405a97 3970->3974 3975 405a5e ShowWindow ShowWindow 3970->3975 3971->3970 3976 405ad2 3972->3976 3979 405a86 3972->3979 3980 405aac ShowWindow 3972->3980 3973 4058fd 3977 405904 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3973->3977 3981 40468e 8 API calls 3974->3981 4013 40465c SendMessageW 3975->4013 3976->3974 3984 405ae0 SendMessageW 3976->3984 3982 405972 3977->3982 3983 405956 SendMessageW SendMessageW 3977->3983 4014 404600 3979->4014 3987 405acc 3980->3987 3988 405abe 3980->3988 3986 405aa5 3981->3986 3989 405985 3982->3989 3990 405977 SendMessageW 3982->3990 3983->3982 3984->3986 3991 405af9 CreatePopupMenu 3984->3991 3993 404600 SendMessageW 3987->3993 3992 40572d 28 API calls 3988->3992 3995 404627 22 API calls 3989->3995 3990->3989 3994 4066e5 21 API calls 3991->3994 3992->3987 3993->3976 3996 405b09 AppendMenuW 3994->3996 3997 405995 3995->3997 3998 405b26 GetWindowRect 3996->3998 3999 405b39 TrackPopupMenu 3996->3999 4000 4059d2 GetDlgItem SendMessageW 3997->4000 4001 40599e ShowWindow 3997->4001 3998->3999 3999->3986 4002 405b54 3999->4002 4000->3986 4005 4059f9 SendMessageW SendMessageW 4000->4005 4003 4059c1 4001->4003 4004 4059b4 ShowWindow 4001->4004 4006 405b70 SendMessageW 4002->4006 4012 40465c SendMessageW 4003->4012 4004->4003 4005->3986 4006->4006 4007 405b8d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4006->4007 4009 405bb2 SendMessageW 4007->4009 4009->4009 4010 405bdb GlobalUnlock SetClipboardData CloseClipboard 4009->4010 4010->3986 4011->3973 4012->4000 4013->3972 4015 404607 4014->4015 4016 40460d SendMessageW 4014->4016 4015->4016 4016->3974 4017 404e6e 4018 404e9a 4017->4018 4019 404e7e 4017->4019 4021 404ea0 SHGetPathFromIDListW 4018->4021 4022 404ecd 4018->4022 4028 405cec GetDlgItemTextW 4019->4028 4024 404eb0 4021->4024 4027 404eb7 SendMessageW 4021->4027 4023 404e8b SendMessageW 4023->4018 4025 40140b 2 API calls 4024->4025 4025->4027 4027->4022 4028->4023 4029 4016f1 4030 402dcb 21 API calls 4029->4030 4031 4016f7 GetFullPathNameW 4030->4031 4032 401711 4031->4032 4033 401733 4031->4033 4032->4033 4036 406a05 2 API calls 4032->4036 4034 401748 GetShortPathNameW 4033->4034 4035 402c4f 4033->4035 4034->4035 4037 401723 4036->4037 4037->4033 4039 4066a8 lstrcpynW 4037->4039 4039->4033 4040 401e73 GetDC 4041 402da9 21 API calls 4040->4041 4042 401e85 GetDeviceCaps MulDiv ReleaseDC 4041->4042 4043 402da9 21 API calls 4042->4043 4044 401eb6 4043->4044 4045 4066e5 21 API calls 4044->4045 4046 401ef3 CreateFontIndirectW 4045->4046 4047 40265d 4046->4047 4048 402975 4049 402dcb 21 API calls 4048->4049 4050 402981 4049->4050 4051 402997 4050->4051 4052 402dcb 21 API calls 4050->4052 4053 406173 2 API calls 4051->4053 4052->4051 4054 40299d 4053->4054 4076 406198 GetFileAttributesW CreateFileW 4054->4076 4056 4029aa 4057 402a60 4056->4057 4058 4029c5 GlobalAlloc 4056->4058 4059 402a48 4056->4059 4060 402a67 DeleteFileW 4057->4060 4061 402a7a 4057->4061 4058->4059 4062 4029de 4058->4062 4063 40339c 44 API calls 4059->4063 4060->4061 4077 403623 SetFilePointer 4062->4077 4065 402a55 CloseHandle 4063->4065 4065->4057 4066 4029e4 4067 40360d ReadFile 4066->4067 4068 4029ed GlobalAlloc 4067->4068 4069 402a31 4068->4069 4070 4029fd 4068->4070 4071 40624a WriteFile 4069->4071 4072 40339c 44 API calls 4070->4072 4073 402a3d GlobalFree 4071->4073 4075 402a0a 4072->4075 4073->4059 4074 402a28 GlobalFree 4074->4069 4075->4074 4076->4056 4077->4066 4078 4014f5 SetForegroundWindow 4079 402c4f 4078->4079 4080 40197b 4081 402dcb 21 API calls 4080->4081 4082 401982 lstrlenW 4081->4082 4083 40265d 4082->4083 4084 4020fd 4085 4021c1 4084->4085 4086 40210f 4084->4086 4089 401423 28 API calls 4085->4089 4087 402dcb 21 API calls 4086->4087 4088 402116 4087->4088 4090 402dcb 21 API calls 4088->4090 4095 40231b 4089->4095 4091 40211f 4090->4091 4092 402135 LoadLibraryExW 4091->4092 4093 402127 GetModuleHandleW 4091->4093 4092->4085 4094 402146 4092->4094 4093->4092 4093->4094 4104 406b0b 4094->4104 4098 402190 4100 40572d 28 API calls 4098->4100 4099 402157 4101 402167 4099->4101 4102 401423 28 API calls 4099->4102 4100->4101 4101->4095 4103 4021b3 FreeLibrary 4101->4103 4102->4101 4103->4095 4109 4066ca WideCharToMultiByte 4104->4109 4106 406b28 4107 402151 4106->4107 4108 406b2f GetProcAddress 4106->4108 4107->4098 4107->4099 4108->4107 4109->4106 4110 402b7e 4111 402bd0 4110->4111 4112 402b85 4110->4112 4113 406a9c 5 API calls 4111->4113 4115 402da9 21 API calls 4112->4115 4118 402bce 4112->4118 4114 402bd7 4113->4114 4116 402dcb 21 API calls 4114->4116 4117 402b93 4115->4117 4119 402be0 4116->4119 4120 402da9 21 API calls 4117->4120 4119->4118 4121 402be4 IIDFromString 4119->4121 4124 402b9f 4120->4124 4121->4118 4122 402bf3 4121->4122 4122->4118 4128 4066a8 lstrcpynW 4122->4128 4127 4065ef wsprintfW 4124->4127 4125 402c10 CoTaskMemFree 4125->4118 4127->4118 4128->4125 4129 401000 4130 401037 BeginPaint GetClientRect 4129->4130 4131 40100c DefWindowProcW 4129->4131 4133 4010f3 4130->4133 4134 401179 4131->4134 4135 401073 CreateBrushIndirect FillRect DeleteObject 4133->4135 4136 4010fc 4133->4136 4135->4133 4137 401102 CreateFontIndirectW 4136->4137 4138 401167 EndPaint 4136->4138 4137->4138 4139 401112 6 API calls 4137->4139 4138->4134 4139->4138 4140 402a80 4141 402da9 21 API calls 4140->4141 4142 402a86 4141->4142 4143 402ac9 4142->4143 4144 402aad 4142->4144 4150 402953 4142->4150 4146 402ae3 4143->4146 4147 402ad3 4143->4147 4145 402ab2 4144->4145 4151 402ac3 4144->4151 4154 4066a8 lstrcpynW 4145->4154 4149 4066e5 21 API calls 4146->4149 4148 402da9 21 API calls 4147->4148 4148->4151 4149->4151 4151->4150 4155 4065ef wsprintfW 4151->4155 4154->4150 4155->4150 4156 401781 4157 402dcb 21 API calls 4156->4157 4158 401788 4157->4158 4159 4061c7 2 API calls 4158->4159 4160 40178f 4159->4160 4160->4160 4161 401d82 4162 402da9 21 API calls 4161->4162 4163 401d93 SetWindowLongW 4162->4163 4164 402c4f 4163->4164 4165 401503 4166 401508 4165->4166 4168 40152e 4165->4168 4167 402da9 21 API calls 4166->4167 4167->4168 4169 402903 4170 40290b 4169->4170 4171 40290f FindNextFileW 4170->4171 4173 402921 4170->4173 4172 402968 4171->4172 4171->4173 4175 4066a8 lstrcpynW 4172->4175 4175->4173 3302 403c88 3303 403ca3 3302->3303 3304 403c99 CloseHandle 3302->3304 3305 403cb7 3303->3305 3306 403cad CloseHandle 3303->3306 3304->3303 3311 403ce5 3305->3311 3306->3305 3312 403cf3 3311->3312 3313 403cbc 3312->3313 3314 403cf8 FreeLibrary GlobalFree 3312->3314 3315 405db4 3313->3315 3314->3313 3314->3314 3351 40607f 3315->3351 3318 405df3 3324 405f13 3318->3324 3366 4066a8 lstrcpynW 3318->3366 3319 405ddc DeleteFileW 3347 403cc8 3319->3347 3321 405e19 3322 405e2c 3321->3322 3323 405e1f lstrcatW 3321->3323 3367 405fc3 lstrlenW 3322->3367 3325 405e32 3323->3325 3327 406a05 2 API calls 3324->3327 3324->3347 3328 405e42 lstrcatW 3325->3328 3330 405e4d lstrlenW FindFirstFileW 3325->3330 3329 405f38 3327->3329 3328->3330 3331 405f77 3 API calls 3329->3331 3329->3347 3330->3324 3349 405e6f 3330->3349 3332 405f42 3331->3332 3335 405d6c 5 API calls 3332->3335 3334 405ef6 FindNextFileW 3337 405f0c FindClose 3334->3337 3334->3349 3336 405f4e 3335->3336 3338 405f52 3336->3338 3339 405f68 3336->3339 3337->3324 3342 40572d 28 API calls 3338->3342 3338->3347 3341 40572d 28 API calls 3339->3341 3341->3347 3344 405f5f 3342->3344 3343 405db4 64 API calls 3343->3349 3346 406468 40 API calls 3344->3346 3345 40572d 28 API calls 3345->3334 3346->3347 3348 40572d 28 API calls 3348->3349 3349->3334 3349->3343 3349->3345 3349->3348 3371 4066a8 lstrcpynW 3349->3371 3372 405d6c 3349->3372 3380 406468 MoveFileExW 3349->3380 3384 4066a8 lstrcpynW 3351->3384 3353 406090 3354 406022 4 API calls 3353->3354 3355 406096 3354->3355 3356 405dd4 3355->3356 3357 406956 5 API calls 3355->3357 3356->3318 3356->3319 3358 4060a6 3357->3358 3358->3356 3364 4060bd 3358->3364 3359 4060d7 lstrlenW 3360 4060e2 3359->3360 3359->3364 3362 405f77 3 API calls 3360->3362 3361 406a05 2 API calls 3361->3364 3363 4060e7 GetFileAttributesW 3362->3363 3363->3356 3364->3356 3364->3359 3364->3361 3365 405fc3 2 API calls 3364->3365 3365->3359 3366->3321 3368 405fd1 3367->3368 3369 405fe3 3368->3369 3370 405fd7 CharPrevW 3368->3370 3369->3325 3370->3368 3370->3369 3371->3349 3373 406173 2 API calls 3372->3373 3374 405d78 3373->3374 3375 405d99 3374->3375 3376 405d87 RemoveDirectoryW 3374->3376 3377 405d8f DeleteFileW 3374->3377 3375->3349 3378 405d95 3376->3378 3377->3378 3378->3375 3379 405da5 SetFileAttributesW 3378->3379 3379->3375 3381 406489 3380->3381 3382 40647c 3380->3382 3381->3349 3385 4062ee 3382->3385 3384->3353 3386 406344 GetShortPathNameW 3385->3386 3387 40631e 3385->3387 3389 406463 3386->3389 3390 406359 3386->3390 3412 406198 GetFileAttributesW CreateFileW 3387->3412 3389->3381 3390->3389 3392 406361 wsprintfA 3390->3392 3391 406328 CloseHandle GetShortPathNameW 3391->3389 3393 40633c 3391->3393 3394 4066e5 21 API calls 3392->3394 3393->3386 3393->3389 3395 406389 3394->3395 3413 406198 GetFileAttributesW CreateFileW 3395->3413 3397 406396 3397->3389 3398 4063a5 GetFileSize GlobalAlloc 3397->3398 3399 4063c7 3398->3399 3400 40645c CloseHandle 3398->3400 3401 40621b ReadFile 3399->3401 3400->3389 3402 4063cf 3401->3402 3402->3400 3414 4060fd lstrlenA 3402->3414 3405 4063e6 lstrcpyA 3408 406408 3405->3408 3406 4063fa 3407 4060fd 4 API calls 3406->3407 3407->3408 3409 40643f SetFilePointer 3408->3409 3410 40624a WriteFile 3409->3410 3411 406455 GlobalFree 3410->3411 3411->3400 3412->3391 3413->3397 3415 40613e lstrlenA 3414->3415 3416 406117 lstrcmpiA 3415->3416 3418 406146 3415->3418 3417 406135 CharNextA 3416->3417 3416->3418 3417->3415 3418->3405 3418->3406 4176 401588 4177 402bc9 4176->4177 4180 4065ef wsprintfW 4177->4180 4179 402bce 4180->4179 3443 401389 3445 401390 3443->3445 3444 4013fe 3445->3444 3446 4013cb MulDiv SendMessageW 3445->3446 3446->3445 4181 40198d 4182 402da9 21 API calls 4181->4182 4183 401994 4182->4183 4184 402da9 21 API calls 4183->4184 4185 4019a1 4184->4185 4186 402dcb 21 API calls 4185->4186 4187 4019b8 lstrlenW 4186->4187 4188 4019c9 4187->4188 4189 401a0a 4188->4189 4193 4066a8 lstrcpynW 4188->4193 4191 4019fa 4191->4189 4192 4019ff lstrlenW 4191->4192 4192->4189 4193->4191 4194 40168f 4195 402dcb 21 API calls 4194->4195 4196 401695 4195->4196 4197 406a05 2 API calls 4196->4197 4198 40169b 4197->4198 4199 402b10 4200 402da9 21 API calls 4199->4200 4203 402b16 4200->4203 4201 4066e5 21 API calls 4202 402953 4201->4202 4203->4201 4203->4202 4204 402711 4205 402da9 21 API calls 4204->4205 4207 402720 4205->4207 4206 40285d 4207->4206 4208 40276a ReadFile 4207->4208 4209 40621b ReadFile 4207->4209 4210 4027aa MultiByteToWideChar 4207->4210 4211 40285f 4207->4211 4212 406279 5 API calls 4207->4212 4214 4027d0 SetFilePointer MultiByteToWideChar 4207->4214 4215 402870 4207->4215 4208->4206 4208->4207 4209->4207 4210->4207 4217 4065ef wsprintfW 4211->4217 4212->4207 4214->4207 4215->4206 4216 402891 SetFilePointer 4215->4216 4216->4206 4217->4206 4218 401491 4219 40572d 28 API calls 4218->4219 4220 401498 4219->4220 3083 401794 3122 402dcb 3083->3122 3085 40179b 3086 4017c3 3085->3086 3087 4017bb 3085->3087 3168 4066a8 lstrcpynW 3086->3168 3167 4066a8 lstrcpynW 3087->3167 3090 4017c1 3128 406956 3090->3128 3091 4017ce 3169 405f77 lstrlenW CharPrevW 3091->3169 3096 4017e0 3097 4017e6 3096->3097 3101 4018b2 3096->3101 3103 401889 3096->3103 3107 4066a8 lstrcpynW 3096->3107 3137 406173 GetFileAttributesW 3096->3137 3140 406198 GetFileAttributesW CreateFileW 3096->3140 3175 4066e5 3096->3175 3192 405d08 3096->3192 3097->3096 3100 4017f2 CompareFileTime 3097->3100 3172 406a05 FindFirstFileW 3097->3172 3100->3097 3141 40572d 3101->3141 3105 40572d 28 API calls 3103->3105 3112 40189e 3103->3112 3105->3112 3107->3096 3109 4018e3 SetFileTime 3111 4018f5 CloseHandle 3109->3111 3111->3112 3113 401906 3111->3113 3114 40190b 3113->3114 3115 40191e 3113->3115 3116 4066e5 21 API calls 3114->3116 3117 4066e5 21 API calls 3115->3117 3120 401913 lstrcatW 3116->3120 3118 401926 3117->3118 3121 405d08 MessageBoxIndirectW 3118->3121 3120->3118 3121->3112 3123 402dd7 3122->3123 3124 4066e5 21 API calls 3123->3124 3126 402df8 3124->3126 3125 402e04 3125->3085 3126->3125 3127 406956 5 API calls 3126->3127 3127->3125 3134 406963 3128->3134 3129 4069de CharPrevW 3130 4069d9 3129->3130 3130->3129 3132 4069ff 3130->3132 3131 4069cc CharNextW 3131->3130 3131->3134 3132->3096 3134->3130 3134->3131 3135 4069b8 CharNextW 3134->3135 3136 4069c7 CharNextW 3134->3136 3196 405fa4 3134->3196 3135->3134 3136->3131 3138 406192 3137->3138 3139 406185 SetFileAttributesW 3137->3139 3138->3096 3139->3138 3140->3096 3142 405748 3141->3142 3151 4018bc 3141->3151 3143 405764 lstrlenW 3142->3143 3144 4066e5 21 API calls 3142->3144 3145 405772 lstrlenW 3143->3145 3146 40578d 3143->3146 3144->3143 3147 405784 lstrcatW 3145->3147 3145->3151 3148 4057a0 3146->3148 3149 405793 SetWindowTextW 3146->3149 3147->3146 3150 4057a6 SendMessageW SendMessageW SendMessageW 3148->3150 3148->3151 3149->3148 3150->3151 3152 40339c 3151->3152 3153 4033c7 3152->3153 3154 4033ab SetFilePointer 3152->3154 3200 4034a4 GetTickCount 3153->3200 3154->3153 3157 4018cf 3157->3109 3157->3111 3160 4034a4 42 API calls 3161 4033fe 3160->3161 3161->3157 3162 40346a ReadFile 3161->3162 3164 40340d 3161->3164 3162->3157 3164->3157 3165 40621b ReadFile 3164->3165 3214 40624a WriteFile 3164->3214 3165->3164 3167->3090 3168->3091 3170 405f93 lstrcatW 3169->3170 3171 4017d4 lstrcatW 3169->3171 3170->3171 3171->3090 3173 406a26 3172->3173 3174 406a1b FindClose 3172->3174 3173->3097 3174->3173 3179 4066f0 3175->3179 3176 406937 3177 406950 3176->3177 3255 4066a8 lstrcpynW 3176->3255 3177->3096 3179->3176 3180 406908 lstrlenW 3179->3180 3181 4066e5 15 API calls 3179->3181 3185 406801 GetSystemDirectoryW 3179->3185 3186 406817 GetWindowsDirectoryW 3179->3186 3187 4068a9 lstrcatW 3179->3187 3188 406956 5 API calls 3179->3188 3189 4066e5 15 API calls 3179->3189 3191 406879 SHGetPathFromIDListW CoTaskMemFree 3179->3191 3242 406576 3179->3242 3247 406a9c GetModuleHandleA 3179->3247 3253 4065ef wsprintfW 3179->3253 3254 4066a8 lstrcpynW 3179->3254 3180->3179 3181->3180 3185->3179 3186->3179 3187->3179 3188->3179 3189->3179 3191->3179 3193 405d1d 3192->3193 3194 405d69 3193->3194 3195 405d31 MessageBoxIndirectW 3193->3195 3194->3096 3195->3194 3197 405faa 3196->3197 3198 405fc0 3197->3198 3199 405fb1 CharNextW 3197->3199 3198->3134 3199->3197 3201 4034d2 3200->3201 3202 4035fc 3200->3202 3216 403623 SetFilePointer 3201->3216 3203 403053 36 API calls 3202->3203 3209 4033ce 3203->3209 3205 4034dd SetFilePointer 3207 403502 3205->3207 3207->3209 3210 40624a WriteFile 3207->3210 3211 4035dd SetFilePointer 3207->3211 3217 40360d 3207->3217 3220 403053 3207->3220 3209->3157 3212 40621b ReadFile 3209->3212 3210->3207 3211->3202 3213 4033e7 3212->3213 3213->3157 3213->3160 3215 406268 3214->3215 3215->3164 3216->3205 3218 40621b ReadFile 3217->3218 3219 403620 3218->3219 3219->3207 3221 403064 3220->3221 3222 40307c 3220->3222 3225 403074 3221->3225 3226 40306d DestroyWindow 3221->3226 3223 403084 3222->3223 3224 40308c GetTickCount 3222->3224 3235 406ad8 3223->3235 3224->3225 3228 40309a 3224->3228 3225->3207 3226->3225 3229 4030a2 3228->3229 3230 4030cf CreateDialogParamW ShowWindow 3228->3230 3229->3225 3239 403037 3229->3239 3230->3225 3232 4030b0 wsprintfW 3233 40572d 28 API calls 3232->3233 3234 4030cd 3233->3234 3234->3225 3236 406af5 PeekMessageW 3235->3236 3237 406b05 3236->3237 3238 406aeb DispatchMessageW 3236->3238 3237->3225 3238->3236 3240 403046 3239->3240 3241 403048 MulDiv 3239->3241 3240->3241 3241->3232 3256 406515 3242->3256 3245 4065da 3245->3179 3246 4065aa RegQueryValueExW RegCloseKey 3246->3245 3248 406ac2 GetProcAddress 3247->3248 3249 406ab8 3247->3249 3251 406ad1 3248->3251 3260 406a2c GetSystemDirectoryW 3249->3260 3251->3179 3252 406abe 3252->3248 3252->3251 3253->3179 3254->3179 3255->3177 3257 406524 3256->3257 3258 40652d RegOpenKeyExW 3257->3258 3259 406528 3257->3259 3258->3259 3259->3245 3259->3246 3261 406a4e wsprintfW LoadLibraryExW 3260->3261 3261->3252 4221 405094 GetDlgItem GetDlgItem 4222 4050e6 7 API calls 4221->4222 4229 40530b 4221->4229 4223 405180 SendMessageW 4222->4223 4224 40518d DeleteObject 4222->4224 4223->4224 4225 405196 4224->4225 4227 4051cd 4225->4227 4230 4066e5 21 API calls 4225->4230 4226 4053ed 4228 405499 4226->4228 4237 405446 SendMessageW 4226->4237 4263 4052fe 4226->4263 4231 404627 22 API calls 4227->4231 4232 4054a3 SendMessageW 4228->4232 4233 4054ab 4228->4233 4229->4226 4264 40537a 4229->4264 4275 404fe2 SendMessageW 4229->4275 4234 4051af SendMessageW SendMessageW 4230->4234 4235 4051e1 4231->4235 4232->4233 4240 4054d4 4233->4240 4246 4054c4 4233->4246 4247 4054bd ImageList_Destroy 4233->4247 4234->4225 4236 404627 22 API calls 4235->4236 4242 4051f2 4236->4242 4244 40545b SendMessageW 4237->4244 4237->4263 4238 4053df SendMessageW 4238->4226 4239 40468e 8 API calls 4245 40569a 4239->4245 4243 40564e 4240->4243 4268 40550f 4240->4268 4280 405062 4240->4280 4248 4052cd GetWindowLongW SetWindowLongW 4242->4248 4256 405245 SendMessageW 4242->4256 4258 4052c8 4242->4258 4260 405283 SendMessageW 4242->4260 4261 405297 SendMessageW 4242->4261 4250 405660 ShowWindow GetDlgItem ShowWindow 4243->4250 4243->4263 4252 40546e 4244->4252 4246->4240 4249 4054cd GlobalFree 4246->4249 4247->4246 4251 4052e6 4248->4251 4249->4240 4250->4263 4253 405303 4251->4253 4254 4052eb ShowWindow 4251->4254 4257 40547f SendMessageW 4252->4257 4274 40465c SendMessageW 4253->4274 4273 40465c SendMessageW 4254->4273 4256->4242 4257->4228 4258->4248 4258->4251 4260->4242 4261->4242 4263->4239 4264->4226 4264->4238 4265 405619 4266 405624 InvalidateRect 4265->4266 4269 405630 4265->4269 4266->4269 4267 40553d SendMessageW 4272 405553 4267->4272 4268->4267 4268->4272 4269->4243 4289 404f9d 4269->4289 4271 4055c7 SendMessageW SendMessageW 4271->4272 4272->4265 4272->4271 4273->4263 4274->4229 4276 405041 SendMessageW 4275->4276 4277 405005 GetMessagePos ScreenToClient SendMessageW 4275->4277 4278 405039 4276->4278 4277->4278 4279 40503e 4277->4279 4278->4264 4279->4276 4292 4066a8 lstrcpynW 4280->4292 4282 405075 4293 4065ef wsprintfW 4282->4293 4284 40507f 4285 40140b 2 API calls 4284->4285 4286 405088 4285->4286 4294 4066a8 lstrcpynW 4286->4294 4288 40508f 4288->4268 4295 404ed4 4289->4295 4291 404fb2 4291->4243 4292->4282 4293->4284 4294->4288 4296 404eed 4295->4296 4297 4066e5 21 API calls 4296->4297 4298 404f51 4297->4298 4299 4066e5 21 API calls 4298->4299 4300 404f5c 4299->4300 4301 4066e5 21 API calls 4300->4301 4302 404f72 lstrlenW wsprintfW SetDlgItemTextW 4301->4302 4302->4291 4303 401a97 4304 402da9 21 API calls 4303->4304 4305 401aa0 4304->4305 4306 402da9 21 API calls 4305->4306 4307 401a45 4306->4307 4308 404797 lstrlenW 4309 4047b6 4308->4309 4310 4047b8 WideCharToMultiByte 4308->4310 4309->4310 4311 404b18 4312 404b44 4311->4312 4313 404b55 4311->4313 4372 405cec GetDlgItemTextW 4312->4372 4315 404b61 GetDlgItem 4313->4315 4316 404bc0 4313->4316 4319 404b75 4315->4319 4317 404ca4 4316->4317 4325 4066e5 21 API calls 4316->4325 4370 404e53 4316->4370 4317->4370 4374 405cec GetDlgItemTextW 4317->4374 4318 404b4f 4320 406956 5 API calls 4318->4320 4321 404b89 SetWindowTextW 4319->4321 4323 406022 4 API calls 4319->4323 4320->4313 4324 404627 22 API calls 4321->4324 4329 404b7f 4323->4329 4330 404ba5 4324->4330 4331 404c34 SHBrowseForFolderW 4325->4331 4326 404cd4 4332 40607f 18 API calls 4326->4332 4327 40468e 8 API calls 4328 404e67 4327->4328 4329->4321 4336 405f77 3 API calls 4329->4336 4333 404627 22 API calls 4330->4333 4331->4317 4334 404c4c CoTaskMemFree 4331->4334 4335 404cda 4332->4335 4337 404bb3 4333->4337 4338 405f77 3 API calls 4334->4338 4375 4066a8 lstrcpynW 4335->4375 4336->4321 4373 40465c SendMessageW 4337->4373 4343 404c59 4338->4343 4341 404bb9 4345 406a9c 5 API calls 4341->4345 4342 404c90 SetDlgItemTextW 4342->4317 4343->4342 4347 4066e5 21 API calls 4343->4347 4344 404cf1 4346 406a9c 5 API calls 4344->4346 4345->4316 4353 404cf8 4346->4353 4348 404c78 lstrcmpiW 4347->4348 4348->4342 4351 404c89 lstrcatW 4348->4351 4349 404d39 4376 4066a8 lstrcpynW 4349->4376 4351->4342 4352 404d40 4354 406022 4 API calls 4352->4354 4353->4349 4357 405fc3 2 API calls 4353->4357 4359 404d91 4353->4359 4355 404d46 GetDiskFreeSpaceW 4354->4355 4358 404d6a MulDiv 4355->4358 4355->4359 4357->4353 4358->4359 4360 404e02 4359->4360 4362 404f9d 24 API calls 4359->4362 4361 404e25 4360->4361 4363 40140b 2 API calls 4360->4363 4377 404649 EnableWindow 4361->4377 4364 404def 4362->4364 4363->4361 4366 404e04 SetDlgItemTextW 4364->4366 4367 404df4 4364->4367 4366->4360 4369 404ed4 24 API calls 4367->4369 4368 404e41 4368->4370 4371 404a71 SendMessageW 4368->4371 4369->4360 4370->4327 4371->4370 4372->4318 4373->4341 4374->4326 4375->4344 4376->4352 4377->4368 4378 401598 4379 4015b1 4378->4379 4380 4015a8 ShowWindow 4378->4380 4381 4015bf ShowWindow 4379->4381 4382 402c4f 4379->4382 4380->4379 4381->4382 4383 402419 4384 402dcb 21 API calls 4383->4384 4385 402428 4384->4385 4386 402dcb 21 API calls 4385->4386 4387 402431 4386->4387 4388 402dcb 21 API calls 4387->4388 4389 40243b GetPrivateProfileStringW 4388->4389 4390 40201b 4391 402dcb 21 API calls 4390->4391 4392 402022 4391->4392 4393 406a05 2 API calls 4392->4393 4394 402028 4393->4394 4396 402039 4394->4396 4397 4065ef wsprintfW 4394->4397 4397->4396 4398 401b9c 4399 402dcb 21 API calls 4398->4399 4400 401ba3 4399->4400 4401 402da9 21 API calls 4400->4401 4402 401bac wsprintfW 4401->4402 4403 402c4f 4402->4403 4404 40149e 4405 4023c2 4404->4405 4406 4014ac PostQuitMessage 4404->4406 4406->4405 4407 4016a0 4408 402dcb 21 API calls 4407->4408 4409 4016a7 4408->4409 4410 402dcb 21 API calls 4409->4410 4411 4016b0 4410->4411 4412 402dcb 21 API calls 4411->4412 4413 4016b9 MoveFileW 4412->4413 4414 4016cc 4413->4414 4420 4016c5 4413->4420 4416 406a05 2 API calls 4414->4416 4418 40231b 4414->4418 4415 401423 28 API calls 4415->4418 4417 4016db 4416->4417 4417->4418 4419 406468 40 API calls 4417->4419 4419->4420 4420->4415 4421 4056a1 4422 4056b1 4421->4422 4423 4056c5 4421->4423 4424 40570e 4422->4424 4425 4056b7 4422->4425 4426 4056cd IsWindowVisible 4423->4426 4432 4056e4 4423->4432 4427 405713 CallWindowProcW 4424->4427 4428 404673 SendMessageW 4425->4428 4426->4424 4429 4056da 4426->4429 4430 4056c1 4427->4430 4428->4430 4431 404fe2 5 API calls 4429->4431 4431->4432 4432->4427 4433 405062 4 API calls 4432->4433 4433->4424 4434 401a24 4435 402dcb 21 API calls 4434->4435 4436 401a2b 4435->4436 4437 402dcb 21 API calls 4436->4437 4438 401a34 4437->4438 4439 401a3b lstrcmpiW 4438->4439 4440 401a4d lstrcmpW 4438->4440 4441 401a41 4439->4441 4440->4441 4442 402324 4443 402dcb 21 API calls 4442->4443 4444 40232a 4443->4444 4445 402dcb 21 API calls 4444->4445 4446 402333 4445->4446 4447 402dcb 21 API calls 4446->4447 4448 40233c 4447->4448 4449 406a05 2 API calls 4448->4449 4450 402345 4449->4450 4451 402356 lstrlenW lstrlenW 4450->4451 4452 402349 4450->4452 4454 40572d 28 API calls 4451->4454 4453 40572d 28 API calls 4452->4453 4456 402351 4452->4456 4453->4456 4455 402394 SHFileOperationW 4454->4455 4455->4452 4455->4456 4457 401da6 4458 401db9 GetDlgItem 4457->4458 4459 401dac 4457->4459 4460 401db3 4458->4460 4461 402da9 21 API calls 4459->4461 4462 401dfa GetClientRect LoadImageW SendMessageW 4460->4462 4463 402dcb 21 API calls 4460->4463 4461->4460 4465 401e58 4462->4465 4467 401e64 4462->4467 4463->4462 4466 401e5d DeleteObject 4465->4466 4465->4467 4466->4467 4468 404128 4469 404140 4468->4469 4470 4042a1 4468->4470 4469->4470 4471 40414c 4469->4471 4472 4042b2 GetDlgItem GetDlgItem 4470->4472 4473 4042f2 4470->4473 4474 404157 SetWindowPos 4471->4474 4475 40416a 4471->4475 4476 404627 22 API calls 4472->4476 4477 40434c 4473->4477 4488 401389 2 API calls 4473->4488 4474->4475 4479 404173 ShowWindow 4475->4479 4480 4041b5 4475->4480 4481 4042dc SetClassLongW 4476->4481 4478 404673 SendMessageW 4477->4478 4482 40429c 4477->4482 4510 40435e 4478->4510 4483 404193 GetWindowLongW 4479->4483 4484 40425f 4479->4484 4485 4041d4 4480->4485 4486 4041bd DestroyWindow 4480->4486 4487 40140b 2 API calls 4481->4487 4483->4484 4490 4041ac ShowWindow 4483->4490 4489 40468e 8 API calls 4484->4489 4492 4041d9 SetWindowLongW 4485->4492 4493 4041ea 4485->4493 4491 4045b0 4486->4491 4487->4473 4494 404324 4488->4494 4489->4482 4490->4480 4491->4482 4499 4045e1 ShowWindow 4491->4499 4492->4482 4493->4484 4497 4041f6 GetDlgItem 4493->4497 4494->4477 4498 404328 SendMessageW 4494->4498 4495 40140b 2 API calls 4495->4510 4496 4045b2 DestroyWindow EndDialog 4496->4491 4500 404224 4497->4500 4501 404207 SendMessageW IsWindowEnabled 4497->4501 4498->4482 4499->4482 4503 404231 4500->4503 4504 404278 SendMessageW 4500->4504 4505 404244 4500->4505 4513 404229 4500->4513 4501->4482 4501->4500 4502 4066e5 21 API calls 4502->4510 4503->4504 4503->4513 4504->4484 4508 404261 4505->4508 4509 40424c 4505->4509 4506 404600 SendMessageW 4506->4484 4507 404627 22 API calls 4507->4510 4512 40140b 2 API calls 4508->4512 4511 40140b 2 API calls 4509->4511 4510->4482 4510->4495 4510->4496 4510->4502 4510->4507 4514 404627 22 API calls 4510->4514 4530 4044f2 DestroyWindow 4510->4530 4511->4513 4512->4513 4513->4484 4513->4506 4515 4043d9 GetDlgItem 4514->4515 4516 4043f6 ShowWindow EnableWindow 4515->4516 4517 4043ee 4515->4517 4539 404649 EnableWindow 4516->4539 4517->4516 4519 404420 EnableWindow 4524 404434 4519->4524 4520 404439 GetSystemMenu EnableMenuItem SendMessageW 4521 404469 SendMessageW 4520->4521 4520->4524 4521->4524 4523 404109 22 API calls 4523->4524 4524->4520 4524->4523 4540 40465c SendMessageW 4524->4540 4541 4066a8 lstrcpynW 4524->4541 4526 404498 lstrlenW 4527 4066e5 21 API calls 4526->4527 4528 4044ae SetWindowTextW 4527->4528 4529 401389 2 API calls 4528->4529 4529->4510 4530->4491 4531 40450c CreateDialogParamW 4530->4531 4531->4491 4532 40453f 4531->4532 4533 404627 22 API calls 4532->4533 4534 40454a GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4533->4534 4535 401389 2 API calls 4534->4535 4536 404590 4535->4536 4536->4482 4537 404598 ShowWindow 4536->4537 4538 404673 SendMessageW 4537->4538 4538->4491 4539->4519 4540->4524 4541->4526 4542 4023a8 4543 4023af 4542->4543 4545 4023c2 4542->4545 4544 4066e5 21 API calls 4543->4544 4546 4023bc 4544->4546 4547 405d08 MessageBoxIndirectW 4546->4547 4547->4545 4548 402c2a SendMessageW 4549 402c44 InvalidateRect 4548->4549 4550 402c4f 4548->4550 4549->4550 4551 4024af 4552 402dcb 21 API calls 4551->4552 4553 4024c1 4552->4553 4554 402dcb 21 API calls 4553->4554 4555 4024cb 4554->4555 4568 402e5b 4555->4568 4558 402503 4561 402da9 21 API calls 4558->4561 4564 40250f 4558->4564 4559 402953 4560 402dcb 21 API calls 4563 4024f9 lstrlenW 4560->4563 4561->4564 4562 40252e RegSetValueExW 4566 402544 RegCloseKey 4562->4566 4563->4558 4564->4562 4565 40339c 44 API calls 4564->4565 4565->4562 4566->4559 4569 402e76 4568->4569 4572 406543 4569->4572 4573 406552 4572->4573 4574 4024db 4573->4574 4575 40655d RegCreateKeyExW 4573->4575 4574->4558 4574->4559 4574->4560 4575->4574 4576 402930 4577 402dcb 21 API calls 4576->4577 4578 402937 FindFirstFileW 4577->4578 4579 40295f 4578->4579 4583 40294a 4578->4583 4581 402968 4579->4581 4584 4065ef wsprintfW 4579->4584 4585 4066a8 lstrcpynW 4581->4585 4584->4581 4585->4583 4586 401931 4587 401968 4586->4587 4588 402dcb 21 API calls 4587->4588 4589 40196d 4588->4589 4590 405db4 71 API calls 4589->4590 4591 401976 4590->4591 4592 401934 4593 402dcb 21 API calls 4592->4593 4594 40193b 4593->4594 4595 405d08 MessageBoxIndirectW 4594->4595 4596 401944 4595->4596 4597 4028b6 4598 4028bd 4597->4598 4599 402bce 4597->4599 4600 402da9 21 API calls 4598->4600 4601 4028c4 4600->4601 4602 4028d3 SetFilePointer 4601->4602 4602->4599 4603 4028e3 4602->4603 4605 4065ef wsprintfW 4603->4605 4605->4599 4606 401f37 4607 402dcb 21 API calls 4606->4607 4608 401f3d 4607->4608 4609 402dcb 21 API calls 4608->4609 4610 401f46 4609->4610 4611 402dcb 21 API calls 4610->4611 4612 401f4f 4611->4612 4613 402dcb 21 API calls 4612->4613 4614 401f58 4613->4614 4615 401423 28 API calls 4614->4615 4616 401f5f 4615->4616 4623 405cce ShellExecuteExW 4616->4623 4618 401fa7 4619 406b47 5 API calls 4618->4619 4620 402953 4618->4620 4621 401fc4 CloseHandle 4619->4621 4621->4620 4623->4618 4624 403d38 4625 403d43 4624->4625 4626 403d4a GlobalAlloc 4625->4626 4627 403d47 4625->4627 4626->4627 4628 402fb8 4629 402fca SetTimer 4628->4629 4631 402fe3 4628->4631 4629->4631 4630 403031 4631->4630 4632 403037 MulDiv 4631->4632 4633 402ff1 wsprintfW SetWindowTextW SetDlgItemTextW 4632->4633 4633->4630 4635 4014b8 4636 4014be 4635->4636 4637 401389 2 API calls 4636->4637 4638 4014c6 4637->4638 4639 401d3c 4640 402da9 21 API calls 4639->4640 4641 401d42 IsWindow 4640->4641 4642 401a45 4641->4642

                                                                                                                                                Executed Functions

                                                                                                                                                Function 0040366B Relevance: 86.2, APIs: 33, Strings: 16, Instructions: 464stringfilecomCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 0 40366b-4036bd SetErrorMode GetVersionExW 1 4036f7-4036fc 0->1 2 4036bf-4036ef GetVersionExW 0->2 3 403704-403746 1->3 4 4036fe 1->4 2->1 5 403748-403750 call 406a9c 3->5 6 403759 3->6 4->3 5->6 12 403752 5->12 7 40375e-403772 call 406a2c lstrlenA 6->7 13 403774-403790 call 406a9c * 3 7->13 12->6 20 4037a1-403805 #17 OleInitialize SHGetFileInfoW call 4066a8 GetCommandLineW call 4066a8 13->20 21 403792-403798 13->21 28 403807-403809 20->28 29 40380e-403822 call 405fa4 CharNextW 20->29 21->20 26 40379a 21->26 26->20 28->29 32 40391d-403923 29->32 33 403827-40382d 32->33 34 403929 32->34 36 403836-40383d 33->36 37 40382f-403834 33->37 35 40393d-403957 GetTempPathW call 40363a 34->35 44 403959-403977 GetWindowsDirectoryW lstrcatW call 40363a 35->44 45 4039af-4039c9 DeleteFileW call 4030f5 35->45 39 403845-403849 36->39 40 40383f-403844 36->40 37->36 37->37 42 40390a-403919 call 405fa4 39->42 43 40384f-403855 39->43 40->39 42->32 61 40391b-40391c 42->61 47 403857-40385e 43->47 48 40386f-4038a8 43->48 44->45 64 403979-4039a9 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40363a 44->64 66 403bb6-403bc6 ExitProcess CoUninitialize 45->66 67 4039cf-4039d5 45->67 49 403860-403863 47->49 50 403865 47->50 51 4038c5-4038ff 48->51 52 4038aa-4038af 48->52 49->48 49->50 50->48 58 403901-403905 51->58 59 403907-403909 51->59 52->51 56 4038b1-4038b9 52->56 62 4038c0 56->62 63 4038bb-4038be 56->63 58->59 65 40392b-403938 call 4066a8 58->65 59->42 61->32 62->51 63->51 63->62 64->45 64->66 65->35 70 403bc8-403bd8 call 405d08 ExitProcess 66->70 71 403bec-403bf2 66->71 72 4039db-4039e6 call 405fa4 67->72 73 403a6e-403a75 call 403d7a 67->73 75 403c70-403c78 71->75 76 403bf4-403c0a GetCurrentProcess OpenProcessToken 71->76 87 403a34-403a3e 72->87 88 4039e8-403a1d 72->88 83 403a7a-403a7e 73->83 84 403c7a 75->84 85 403c7e-403c82 ExitProcess 75->85 81 403c40-403c4e call 406a9c 76->81 82 403c0c-403c3a LookupPrivilegeValueW AdjustTokenPrivileges 76->82 97 403c50-403c5a 81->97 98 403c5c-403c67 ExitWindowsEx 81->98 82->81 83->66 84->85 92 403a40-403a4e call 40607f 87->92 93 403a83-403aa9 call 405c73 lstrlenW call 4066a8 87->93 90 403a1f-403a23 88->90 94 403a25-403a2a 90->94 95 403a2c-403a30 90->95 92->66 107 403a54-403a6a call 4066a8 * 2 92->107 110 403aba-403ad2 93->110 111 403aab-403ab5 call 4066a8 93->111 94->95 100 403a32 94->100 95->90 95->100 97->98 102 403c69-403c6b call 40140b 97->102 98->75 98->102 100->87 102->75 107->73 114 403ad7-403adb 110->114 111->110 116 403ae0-403b0a wsprintfW call 4066e5 114->116 120 403b13 call 405c56 116->120 121 403b0c-403b11 call 405bfc 116->121 125 403b18-403b1a 120->125 121->125 126 403b56-403b75 SetCurrentDirectoryW call 406468 CopyFileW 125->126 127 403b1c-403b26 GetFileAttributesW 125->127 135 403bb4 126->135 136 403b77-403b98 call 406468 call 4066e5 call 405c8b 126->136 128 403b47-403b52 127->128 129 403b28-403b31 DeleteFileW 127->129 128->114 132 403b54 128->132 129->128 131 403b33-403b45 call 405db4 129->131 131->116 131->128 132->66 135->66 144 403b9a-403ba4 136->144 145 403bde-403bea CloseHandle 136->145 144->135 146 403ba6-403bae call 406a05 144->146 145->135 146->116 146->135
                                                                                                                                                APIs
                                                                                                                                                • SetErrorMode.KERNELBASE ref: 0040368E
                                                                                                                                                • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 004036B9
                                                                                                                                                • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 004036CC
                                                                                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 00403765
                                                                                                                                                • #17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037A2
                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 004037A9
                                                                                                                                                • SHGetFileInfoW.SHELL32(0079F748,00000000,?,000002B4,00000000), ref: 004037C8
                                                                                                                                                • GetCommandLineW.KERNEL32(007A72A0,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037DD
                                                                                                                                                • CharNextW.USER32(00000000,"C:\Users\user\Desktop\PInstaller.exe",00000020,"C:\Users\user\Desktop\PInstaller.exe",00000000,?,00000008,0000000A,0000000C), ref: 00403816
                                                                                                                                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040394E
                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040395F
                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040396B
                                                                                                                                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040397F
                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403987
                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403998
                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004039A0
                                                                                                                                                • DeleteFileW.KERNELBASE(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004039B4
                                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PInstaller.exe",00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A8D
                                                                                                                                                  • Part of subcall function 004066A8: lstrcpynW.KERNEL32(?,?,00000400,004037DD,007A72A0,NSIS Error,?,00000008,0000000A,0000000C), ref: 004066B5
                                                                                                                                                • wsprintfW.USER32 ref: 00403AEA
                                                                                                                                                • GetFileAttributesW.KERNEL32(007AB800,C:\Users\user\AppData\Local\Temp\), ref: 00403B1D
                                                                                                                                                • DeleteFileW.KERNEL32(007AB800), ref: 00403B29
                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403B57
                                                                                                                                                  • Part of subcall function 00406468: MoveFileExW.KERNEL32(?,?,00000005,00405F66,?,00000000,000000F1,?,?,?,?,?), ref: 00406472
                                                                                                                                                • CopyFileW.KERNEL32(007B6800,007AB800,00000001,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403B6D
                                                                                                                                                  • Part of subcall function 00405C8B: CreateProcessW.KERNELBASE(00000000,007AB800,00000000,00000000,00000000,04000000,00000000,00000000,007A4790,?,?,?,007AB800,?), ref: 00405CB4
                                                                                                                                                  • Part of subcall function 00405C8B: CloseHandle.KERNEL32(?,?,?,007AB800,?), ref: 00405CC1
                                                                                                                                                  • Part of subcall function 00406A05: FindFirstFileW.KERNEL32(74DF3420,007A47D8,007A3F90,004060C8,007A3F90,007A3F90,00000000,007A3F90,007A3F90,74DF3420,?,74DF2EE0,00405DD4,?,74DF3420,74DF2EE0), ref: 00406A10
                                                                                                                                                  • Part of subcall function 00406A05: FindClose.KERNEL32(00000000), ref: 00406A1C
                                                                                                                                                • ExitProcess.KERNEL32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403BB6
                                                                                                                                                • CoUninitialize.COMBASE(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403BBB
                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403BD8
                                                                                                                                                • CloseHandle.KERNEL32(00000000,007AC000,007AC000,?,007AB800,00000000), ref: 00403BDF
                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403BFB
                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403C02
                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403C17
                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403C3A
                                                                                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403C5F
                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403C82
                                                                                                                                                  • Part of subcall function 00405C56: CreateDirectoryW.KERNELBASE(?,00000000,0040365E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403955,?,00000008,0000000A,0000000C), ref: 00405C5C
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$Process$Exit$CloseDirectory$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
                                                                                                                                                • String ID: "C:\Users\user\Desktop\PInstaller.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\Desktop$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
                                                                                                                                                • API String ID: 2017177436-3504469453
                                                                                                                                                • Opcode ID: c0026eea0bbdcf41d6697fa85099e0087936fbaa4e46ccbc930cfef156dd0f93
                                                                                                                                                • Instruction ID: 1f126a49de208ec9b3b1d19dfbe4bba88988ab13dc4eef2b9944f62ba26f902f
                                                                                                                                                • Opcode Fuzzy Hash: c0026eea0bbdcf41d6697fa85099e0087936fbaa4e46ccbc930cfef156dd0f93
                                                                                                                                                • Instruction Fuzzy Hash: 4FF1F5716043009AD720AF658D05B6B7EE8EF81709F10883EF581B62D2DB7DDA45CB6E
                                                                                                                                                Function 00403D7A Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 149 403d7a-403d92 call 406a9c 152 403d94-403da4 call 4065ef 149->152 153 403da6-403ddd call 406576 149->153 161 403e00-403e29 call 404050 call 40607f 152->161 157 403df5-403dfb lstrcatW 153->157 158 403ddf-403df0 call 406576 153->158 157->161 158->157 167 403ebb-403ec3 call 40607f 161->167 168 403e2f-403e34 161->168 174 403ed1-403ef6 LoadImageW 167->174 175 403ec5-403ecc call 4066e5 167->175 168->167 169 403e3a-403e62 call 406576 168->169 169->167 178 403e64-403e68 169->178 176 403f77-403f7f call 40140b 174->176 177 403ef8-403f28 RegisterClassW 174->177 175->174 191 403f81-403f84 176->191 192 403f89-403f94 call 404050 176->192 180 404046 177->180 181 403f2e-403f72 SystemParametersInfoW CreateWindowExW 177->181 183 403e7a-403e86 lstrlenW 178->183 184 403e6a-403e77 call 405fa4 178->184 189 404048-40404f 180->189 181->176 185 403e88-403e96 lstrcmpiW 183->185 186 403eae-403eb6 call 405f77 call 4066a8 183->186 184->183 185->186 190 403e98-403ea2 GetFileAttributesW 185->190 186->167 195 403ea4-403ea6 190->195 196 403ea8-403ea9 call 405fc3 190->196 191->189 202 403f9a-403fb4 ShowWindow call 406a2c 192->202 203 40401d-404025 call 405800 192->203 195->186 195->196 196->186 210 403fc0-403fd2 GetClassInfoW 202->210 211 403fb6-403fbb call 406a2c 202->211 208 404027-40402d 203->208 209 40403f-404041 call 40140b 203->209 208->191 212 404033-40403a call 40140b 208->212 209->180 215 403fd4-403fe4 GetClassInfoW RegisterClassW 210->215 216 403fea-40401b DialogBoxParamW call 40140b call 403cca 210->216 211->210 212->191 215->216 216->189
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00406A9C: GetModuleHandleA.KERNEL32(?,00000020,?,0040377B,0000000C,?,?,?,?,?,?,?,?), ref: 00406AAE
                                                                                                                                                  • Part of subcall function 00406A9C: GetProcAddress.KERNEL32(00000000,?), ref: 00406AC9
                                                                                                                                                • lstrcatW.KERNEL32(1033,007A1788,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1788,00000000,00000002,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\PInstaller.exe",00008001), ref: 00403DFB
                                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,?,?,?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000000,C:\Users\user\AppData\Roaming\InstallerPDW,1033,007A1788,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1788,00000000,00000002,74DF3420), ref: 00403E7B
                                                                                                                                                • lstrcmpiW.KERNEL32(?,.exe,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,?,?,?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000000,C:\Users\user\AppData\Roaming\InstallerPDW,1033,007A1788,80000001,Control Panel\Desktop\ResourceLocale,00000000,007A1788,00000000), ref: 00403E8E
                                                                                                                                                • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe), ref: 00403E99
                                                                                                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\InstallerPDW), ref: 00403EE2
                                                                                                                                                  • Part of subcall function 004065EF: wsprintfW.USER32 ref: 004065FC
                                                                                                                                                • RegisterClassW.USER32(007A7240), ref: 00403F1F
                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403F37
                                                                                                                                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403F6C
                                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403FA2
                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20W,007A7240), ref: 00403FCE
                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,007A7240), ref: 00403FDB
                                                                                                                                                • RegisterClassW.USER32(007A7240), ref: 00403FE4
                                                                                                                                                • DialogBoxParamW.USER32(?,00000000,00404128,00000000), ref: 00404003
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                • String ID: "C:\Users\user\Desktop\PInstaller.exe"$.DEFAULT\Control Panel\International$.exe$1033$@rz$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\install.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                • API String ID: 1975747703-2489454772
                                                                                                                                                • Opcode ID: e8006504598a27fca549119a459ec21cef4fe76105e7a3b588e0c6908fc542d9
                                                                                                                                                • Instruction ID: 7b4c452b36b568af61524b7b00a45675b3c961db50a046b1936e31f1bef9539f
                                                                                                                                                • Opcode Fuzzy Hash: e8006504598a27fca549119a459ec21cef4fe76105e7a3b588e0c6908fc542d9
                                                                                                                                                • Instruction Fuzzy Hash: F861D370600601AED760BB269D45F2B3A7CEBC5B45F40853EF941B62E2DB3D9801CB6D
                                                                                                                                                Function 004030F5 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 202memoryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 223 4030f5-403143 GetTickCount GetModuleFileNameW call 406198 226 403145-40314a 223->226 227 40314f-40317d call 4066a8 call 405fc3 call 4066a8 GetFileSize 223->227 228 403395-403399 226->228 235 403183-40319a 227->235 236 40326b-403279 call 403053 227->236 238 40319c 235->238 239 40319e-4031ab call 40360d 235->239 242 40334d-403352 236->242 243 40327f-403282 236->243 238->239 247 4031b1-4031b7 239->247 248 403309-403311 call 403053 239->248 242->228 245 403284-40329c call 403623 call 40360d 243->245 246 4032ae-4032fd GlobalAlloc call 4061c7 CreateFileW 243->246 245->242 273 4032a2-4032a8 245->273 264 403313-403343 call 403623 call 40339c 246->264 265 4032ff-403304 246->265 251 403237-40323b 247->251 252 4031b9-4031d1 call 406153 247->252 248->242 256 403244-40324a 251->256 257 40323d-403243 call 403053 251->257 252->256 271 4031d3-4031da 252->271 262 40324c-40325a call 406b89 256->262 263 40325d-403265 256->263 257->256 262->263 263->235 263->236 279 403348-40334b 264->279 265->228 271->256 275 4031dc-4031e3 271->275 273->242 273->246 275->256 276 4031e5-4031ec 275->276 276->256 278 4031ee-4031f5 276->278 278->256 280 4031f7-403217 278->280 279->242 281 403354-403365 279->281 280->242 282 40321d-403221 280->282 283 403367 281->283 284 40336d-403372 281->284 285 403223-403227 282->285 286 403229-403231 282->286 283->284 287 403373-403379 284->287 285->236 285->286 286->256 288 403233-403235 286->288 287->287 289 40337b-403393 call 406153 287->289 288->256 289->228
                                                                                                                                                APIs
                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403109
                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,007B6800,00000400), ref: 00403125
                                                                                                                                                  • Part of subcall function 00406198: GetFileAttributesW.KERNELBASE(00000003,00403138,007B6800,80000000,00000003), ref: 0040619C
                                                                                                                                                  • Part of subcall function 00406198: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004061BE
                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,007B7000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,007B6800,007B6800,80000000,00000003), ref: 0040316E
                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00008001), ref: 004032B3
                                                                                                                                                Strings
                                                                                                                                                • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004032FF
                                                                                                                                                • Error launching installer, xrefs: 00403145
                                                                                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 0040334D
                                                                                                                                                • "C:\Users\user\Desktop\PInstaller.exe", xrefs: 004030FE
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 004030FF, 004032C1
                                                                                                                                                • C:\Users\user\Desktop, xrefs: 00403150, 00403155, 0040315B
                                                                                                                                                • Null, xrefs: 004031EE
                                                                                                                                                • soft, xrefs: 004031E5
                                                                                                                                                • Inst, xrefs: 004031DC
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                • String ID: "C:\Users\user\Desktop\PInstaller.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                • API String ID: 2803837635-3831796050
                                                                                                                                                • Opcode ID: 4a29336d4ffd7063b2f4bdbec6a443a05de1bf81f4acacd5cb93d96bc8856641
                                                                                                                                                • Instruction ID: 7fa372b6875d4530cf7301acbdae6b00675147cac52d561bd0e1996447f21398
                                                                                                                                                • Opcode Fuzzy Hash: 4a29336d4ffd7063b2f4bdbec6a443a05de1bf81f4acacd5cb93d96bc8856641
                                                                                                                                                • Instruction Fuzzy Hash: 5871F471900204ABCB20EFA5DD85BAE7EA8BB05716F20417FE505F72D1CB7C9A418B5D
                                                                                                                                                Function 004066E5 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 204stringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 292 4066e5-4066ee 293 4066f0-4066ff 292->293 294 406701-40671b 292->294 293->294 295 406721-40672d 294->295 296 40692b-406931 294->296 295->296 297 406733-40673a 295->297 298 406937-406944 296->298 299 40673f-40674c 296->299 297->296 301 406950-406953 298->301 302 406946-40694b call 4066a8 298->302 299->298 300 406752-40675b 299->300 303 406761-4067a4 300->303 304 406918 300->304 302->301 308 4067aa-4067b6 303->308 309 4068bc-4068c0 303->309 306 406926-406929 304->306 307 40691a-406924 304->307 306->296 307->296 310 4067c0-4067c2 308->310 311 4067b8 308->311 312 4068c2-4068c9 309->312 313 4068f4-4068f8 309->313 316 4067c4-4067ea call 406576 310->316 317 4067fc-4067ff 310->317 311->310 314 4068d9-4068e5 call 4066a8 312->314 315 4068cb-4068d7 call 4065ef 312->315 318 406908-406916 lstrlenW 313->318 319 4068fa-406903 call 4066e5 313->319 331 4068ea-4068f0 314->331 315->331 333 4068a4-4068a7 316->333 335 4067f0-4067f7 call 4066e5 316->335 324 406801-40680d GetSystemDirectoryW 317->324 325 406812-406815 317->325 318->296 319->318 326 40689f-4068a2 324->326 327 406827-40682b 325->327 328 406817-406823 GetWindowsDirectoryW 325->328 332 4068b4-4068ba call 406956 326->332 326->333 327->326 334 40682d-40684b 327->334 328->327 331->318 336 4068f2 331->336 332->318 333->332 337 4068a9-4068af lstrcatW 333->337 339 40684d-406853 334->339 340 40685f-406877 call 406a9c 334->340 335->326 336->332 337->332 345 40685b-40685d 339->345 349 406879-40688c SHGetPathFromIDListW CoTaskMemFree 340->349 350 40688e-406897 340->350 345->340 347 406899-40689d 345->347 347->326 349->347 349->350 350->334 350->347
                                                                                                                                                APIs
                                                                                                                                                • GetSystemDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000400), ref: 00406807
                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000400,00000000,007A0768,?,?,00000000,00000000,00000000,00000000), ref: 0040681D
                                                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe), ref: 0040687B
                                                                                                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 00406884
                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,\Microsoft\Internet Explorer\Quick Launch,00000000,007A0768,?,?,00000000,00000000,00000000,00000000), ref: 004068AF
                                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000000,007A0768,?,?,00000000,00000000,00000000,00000000), ref: 00406909
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                • API String ID: 4024019347-782226968
                                                                                                                                                • Opcode ID: 201dd695b3f630f4e881aaffbe3331da93e712b82754bfa4232950d621dbd105
                                                                                                                                                • Instruction ID: a1770b275c7e24fc2a8523b7e354d1462080dc1f8fa54e0965170a2309eb5b92
                                                                                                                                                • Opcode Fuzzy Hash: 201dd695b3f630f4e881aaffbe3331da93e712b82754bfa4232950d621dbd105
                                                                                                                                                • Instruction Fuzzy Hash: 616147B26057015BDB206F24DC8077B77D8AF85318F15853FF683B62D0DA3D89A1865E
                                                                                                                                                Function 00401794 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 351 401794-4017b9 call 402dcb call 405fee 356 4017c3-4017d5 call 4066a8 call 405f77 lstrcatW 351->356 357 4017bb-4017c1 call 4066a8 351->357 362 4017da-4017db call 406956 356->362 357->362 366 4017e0-4017e4 362->366 367 4017e6-4017f0 call 406a05 366->367 368 401817-40181a 366->368 375 401802-401814 367->375 376 4017f2-401800 CompareFileTime 367->376 370 401822-40183e call 406198 368->370 371 40181c-40181d call 406173 368->371 378 401840-401843 370->378 379 4018b2-4018db call 40572d call 40339c 370->379 371->370 375->368 376->375 381 401894-40189e call 40572d 378->381 382 401845-401883 call 4066a8 * 2 call 4066e5 call 4066a8 call 405d08 378->382 393 4018e3-4018ef SetFileTime 379->393 394 4018dd-4018e1 379->394 391 4018a7-4018ad 381->391 382->366 413 401889-40188a 382->413 395 402c58 391->395 397 4018f5-401900 CloseHandle 393->397 394->393 394->397 399 402c5a-402c5e 395->399 400 401906-401909 397->400 401 402c4f-402c52 397->401 403 40190b-40191c call 4066e5 lstrcatW 400->403 404 40191e-401921 call 4066e5 400->404 401->395 408 401926-4023c7 call 405d08 403->408 404->408 408->399 417 402953-40295a 408->417 413->391 416 40188c-40188d 413->416 416->381 417->401
                                                                                                                                                APIs
                                                                                                                                                • lstrcatW.KERNEL32(00000000,00000000,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,C:\Users\user\AppData\Roaming\InstallerPDW,?,?,00000031), ref: 004017D5
                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000000,00000000,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,C:\Users\user\AppData\Roaming\InstallerPDW,?,?,00000031), ref: 004017FA
                                                                                                                                                  • Part of subcall function 004066A8: lstrcpynW.KERNEL32(?,?,00000400,004037DD,007A72A0,NSIS Error,?,00000008,0000000A,0000000C), ref: 004066B5
                                                                                                                                                  • Part of subcall function 0040572D: lstrlenW.KERNEL32(007A0768,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000,?), ref: 00405765
                                                                                                                                                  • Part of subcall function 0040572D: lstrlenW.KERNEL32(004030CD,007A0768,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000), ref: 00405775
                                                                                                                                                  • Part of subcall function 0040572D: lstrcatW.KERNEL32(007A0768,004030CD,004030CD,007A0768,00000000,00000000,00000000), ref: 00405788
                                                                                                                                                  • Part of subcall function 0040572D: SetWindowTextW.USER32(007A0768,007A0768), ref: 0040579A
                                                                                                                                                  • Part of subcall function 0040572D: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004057C0
                                                                                                                                                  • Part of subcall function 0040572D: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004057DA
                                                                                                                                                  • Part of subcall function 0040572D: SendMessageW.USER32(?,00001013,?,00000000), ref: 004057E8
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                                                                                • API String ID: 1941528284-2416981550
                                                                                                                                                • Opcode ID: 7f6d0c295375dbbd0184040c210a0d94d6c5acf702519ccd274818de9b876c70
                                                                                                                                                • Instruction ID: 4d8c34b14d472ccfaf00c4d08bb23c6dfd068c837b022f0c5ec512e598096103
                                                                                                                                                • Opcode Fuzzy Hash: 7f6d0c295375dbbd0184040c210a0d94d6c5acf702519ccd274818de9b876c70
                                                                                                                                                • Instruction Fuzzy Hash: AC41C671800105BACF117BA5CD85DAE3A79EF4572DB21823FF022B10E1DB3D8991AA2D
                                                                                                                                                Function 004034A4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 101COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 418 4034a4-4034cc GetTickCount 419 4034d2-4034fd call 403623 SetFilePointer 418->419 420 4035fc-403604 call 403053 418->420 426 403502-403514 419->426 425 403606-40360a 420->425 427 403516 426->427 428 403518-403526 call 40360d 426->428 427->428 431 40352c-403538 428->431 432 4035ee-4035f1 428->432 433 40353e-403544 431->433 432->425 434 403546-40354c 433->434 435 40356f-40358b call 406bf7 433->435 434->435 437 40354e-40356e call 403053 434->437 441 4035f7 435->441 442 40358d-403595 435->442 437->435 443 4035f9-4035fa 441->443 444 403597-40359f call 40624a 442->444 445 4035b8-4035be 442->445 443->425 448 4035a4-4035a6 444->448 445->441 447 4035c0-4035c2 445->447 447->441 449 4035c4-4035d7 447->449 450 4035f3-4035f5 448->450 451 4035a8-4035b4 448->451 449->426 452 4035dd-4035ec SetFilePointer 449->452 450->443 451->433 453 4035b6 451->453 452->420 453->449
                                                                                                                                                APIs
                                                                                                                                                • GetTickCount.KERNEL32 ref: 004034B8
                                                                                                                                                  • Part of subcall function 00403623: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403321,?), ref: 00403631
                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033CE,00000004,00000000,00000000,?,?,00403348,000000FF,00000000,00000000,00008001,?), ref: 004034EB
                                                                                                                                                • SetFilePointer.KERNELBASE(099FC55C,00000000,00000000,0040CE68,00793730,00004000,?,00000000,004033CE,00000004,00000000,00000000,?,?,00403348,000000FF), ref: 004035E6
                                                                                                                                                Strings
                                                                                                                                                • t to 'false'# it supports loading only JKS keystore files.#keystore.type.compat=true## List of comma-separated packages that start with or equal this string# will cause a security exception to be thrown when# passed to checkPackageAccess unless, xrefs: 004034FD, 00403598
                                                                                                                                                • 07y, xrefs: 00403518
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FilePointer$CountTick
                                                                                                                                                • String ID: 07y$t to 'false'# it supports loading only JKS keystore files.#keystore.type.compat=true## List of comma-separated packages that start with or equal this string# will cause a security exception to be thrown when# passed to checkPackageAccess unless
                                                                                                                                                • API String ID: 1092082344-3706987987
                                                                                                                                                • Opcode ID: 966f60e85e5dc44348139d68e6a150ac9c8ec8ac76a809b8b3099acb9bd23891
                                                                                                                                                • Instruction ID: ffef8d6dfd3adeb41e33ecb3e734e58d59e0f6d0725aa8deca9168e1bcfc2c1b
                                                                                                                                                • Opcode Fuzzy Hash: 966f60e85e5dc44348139d68e6a150ac9c8ec8ac76a809b8b3099acb9bd23891
                                                                                                                                                • Instruction Fuzzy Hash: 3431A072511204EFC7209F69FE8592A3FADF74479A710423BE401B22F0CB799902DB9D
                                                                                                                                                Function 00406A2C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 454 406a2c-406a4c GetSystemDirectoryW 455 406a50-406a52 454->455 456 406a4e 454->456 457 406a63-406a65 455->457 458 406a54-406a5d 455->458 456->455 459 406a66-406a99 wsprintfW LoadLibraryExW 457->459 458->457 460 406a5f-406a61 458->460 460->459
                                                                                                                                                APIs
                                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406A43
                                                                                                                                                • wsprintfW.USER32 ref: 00406A7E
                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A92
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                • String ID: %s%S.dll$UXTHEME
                                                                                                                                                • API String ID: 2200240437-1106614640
                                                                                                                                                • Opcode ID: bea2c3dfad6db3553b24c87bd1a60070de232aee380c5cee9c100d0800ee2260
                                                                                                                                                • Instruction ID: 42f0d89fd1f5392b2ec94f423e639a5ae0ddef651db9e3a1b9bc04dfff691aef
                                                                                                                                                • Opcode Fuzzy Hash: bea2c3dfad6db3553b24c87bd1a60070de232aee380c5cee9c100d0800ee2260
                                                                                                                                                • Instruction Fuzzy Hash: 58F0F630600219A7CF14BB64EE4EF9B376CAB01744F10847AA546F10E0EB789B69CB98
                                                                                                                                                Function 004061C7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 461 4061c7-4061d3 462 4061d4-406208 GetTickCount GetTempFileNameW 461->462 463 406217-406219 462->463 464 40620a-40620c 462->464 466 406211-406214 463->466 464->462 465 40620e 464->465 465->466
                                                                                                                                                APIs
                                                                                                                                                • GetTickCount.KERNEL32 ref: 004061E5
                                                                                                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403669,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403955), ref: 00406200
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                • API String ID: 1716503409-678247507
                                                                                                                                                • Opcode ID: ca4f867381b256d976a036b4ee2479ffffcb38332db50c9e5a73bf50e74bc53e
                                                                                                                                                • Instruction ID: 62e89f2ddc41131792ff4ce217cd735507ee659dc7485f38d9844d8c61172549
                                                                                                                                                • Opcode Fuzzy Hash: ca4f867381b256d976a036b4ee2479ffffcb38332db50c9e5a73bf50e74bc53e
                                                                                                                                                • Instruction Fuzzy Hash: B8F09076740204BFDB009F99DD05E9AB7BCEBE1710F11803EEE01F7140E6B099648B64
                                                                                                                                                Function 0040339C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 467 40339c-4033a9 468 4033c7-4033d0 call 4034a4 467->468 469 4033ab-4033c1 SetFilePointer 467->469 472 4033d6-4033e9 call 40621b 468->472 473 40349e-4034a1 468->473 469->468 476 40348e 472->476 477 4033ef-403402 call 4034a4 472->477 479 403490-403491 476->479 481 403408-40340b 477->481 482 40349c 477->482 479->473 483 40346a-403470 481->483 484 40340d-403410 481->484 482->473 485 403472 483->485 486 403475-40348c ReadFile 483->486 484->482 487 403416 484->487 485->486 486->476 488 403493-403496 486->488 489 40341b-403425 487->489 488->482 490 403427 489->490 491 40342c-40343e call 40621b 489->491 490->491 491->476 494 403440-403447 call 40624a 491->494 496 40344c-40344e 494->496 497 403450-403462 496->497 498 403466-403468 496->498 497->489 499 403464 497->499 498->479 499->482
                                                                                                                                                APIs
                                                                                                                                                • SetFilePointer.KERNELBASE(00008001,00000000,00000000,00000000,00000000,?,?,00403348,000000FF,00000000,00000000,00008001,?), ref: 004033C1
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FilePointer
                                                                                                                                                • String ID: 07y
                                                                                                                                                • API String ID: 973152223-1660179758
                                                                                                                                                • Opcode ID: 45a42d16453a97052fd4caa7026d0e6d984ebdece06a60444948986a081c5d5b
                                                                                                                                                • Instruction ID: 2ce6d0fe0b4ebf006dfb95f4b8a72490dc91ff0a223403d299e5759790317552
                                                                                                                                                • Opcode Fuzzy Hash: 45a42d16453a97052fd4caa7026d0e6d984ebdece06a60444948986a081c5d5b
                                                                                                                                                • Instruction Fuzzy Hash: 03318D30101219BBDB12DF95ED84A9E3FA8EB00359F20803BF905EA190D678CE51DBA9
                                                                                                                                                Function 004015E6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 500 4015e6-4015fa call 402dcb call 406022 505 401656-401659 500->505 506 4015fc-40160f call 405fa4 500->506 508 401688-40231b call 401423 505->508 509 40165b-40167a call 401423 call 4066a8 SetCurrentDirectoryW 505->509 514 401611-401614 506->514 515 401629-40162c call 405c56 506->515 522 402c4f-402c5e 508->522 509->522 529 401680-401683 509->529 514->515 519 401616-40161d call 405c73 514->519 521 401631-401633 515->521 519->515 533 40161f-401627 call 405bfc 519->533 525 401635-40163a 521->525 526 40164c-401654 521->526 530 401649 525->530 531 40163c-401647 GetFileAttributesW 525->531 526->505 526->506 529->522 530->526 531->526 531->530 533->521
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00406022: CharNextW.USER32(?,?,007A3F90,?,00406096,007A3F90,007A3F90,74DF3420,?,74DF2EE0,00405DD4,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\PInstaller.exe"), ref: 00406030
                                                                                                                                                  • Part of subcall function 00406022: CharNextW.USER32(00000000), ref: 00406035
                                                                                                                                                  • Part of subcall function 00406022: CharNextW.USER32(00000000), ref: 0040604D
                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040163F
                                                                                                                                                  • Part of subcall function 00405BFC: CreateDirectoryW.KERNEL32(007AB800,?), ref: 00405C3E
                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\InstallerPDW,?,00000000,000000F0), ref: 00401672
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Roaming\InstallerPDW, xrefs: 00401665
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\InstallerPDW
                                                                                                                                                • API String ID: 1892508949-2083934288
                                                                                                                                                • Opcode ID: 02ab418f9c86fb2a1772106b9df33676c5e7c9ccf138067305959c61eacf7fb5
                                                                                                                                                • Instruction ID: eeb6d6059b18a5fcdc115c0f42aa710c7716420e85620601040aa2e8d161858d
                                                                                                                                                • Opcode Fuzzy Hash: 02ab418f9c86fb2a1772106b9df33676c5e7c9ccf138067305959c61eacf7fb5
                                                                                                                                                • Instruction Fuzzy Hash: 9F11C131404614EBDF20BFA5CD0169F36A0EF14369B29493FF941B22F1D63E8991DA5E
                                                                                                                                                Function 00406B47 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 536 406b47-406b5f WaitForSingleObject 537 406b6f-406b71 536->537 538 406b61-406b6d call 406ad8 WaitForSingleObject 537->538 539 406b73-406b86 GetExitCodeProcess 537->539 538->537
                                                                                                                                                APIs
                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,00000000,00000000,?,?,00401FC4,?,?,?,?,?,?), ref: 00406B58
                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,0000000F,?,?,00401FC4,?,?,?,?,?,?), ref: 00406B6D
                                                                                                                                                • GetExitCodeProcess.KERNELBASE(?,?), ref: 00406B7A
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2567322000-0
                                                                                                                                                • Opcode ID: 5d2238fccfca5d8e8a8573f74478cfbd003c058ae8a46cae15bcced779349dd8
                                                                                                                                                • Instruction ID: b22892a133a530fe36159c3ac32da83d378c7fd10343eccbd9d0aa6624b30eb7
                                                                                                                                                • Opcode Fuzzy Hash: 5d2238fccfca5d8e8a8573f74478cfbd003c058ae8a46cae15bcced779349dd8
                                                                                                                                                • Instruction Fuzzy Hash: 22E09271A00218BBDB009B58DD02D9E7B6EDB45700F100032F601B6190C6B5AE62DB98
                                                                                                                                                Function 00403C88 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 542 403c88-403c97 543 403ca3-403cab 542->543 544 403c99-403c9c CloseHandle 542->544 545 403cb7-403cc9 call 403ce5 call 405db4 543->545 546 403cad-403cb0 CloseHandle 543->546 544->543 546->545
                                                                                                                                                APIs
                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403BBB,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403C9A
                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403BBB,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403CAE
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C8D
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                • API String ID: 2962429428-3081826266
                                                                                                                                                • Opcode ID: aa2a7bcdfa85a4f59f80972d36298902de165ba0958d9dc913686bc881f45c34
                                                                                                                                                • Instruction ID: 0925f99ff22c8adc89f1ac72e826001eeb96e7bec7f108074a6e65cdf7797ae1
                                                                                                                                                • Opcode Fuzzy Hash: aa2a7bcdfa85a4f59f80972d36298902de165ba0958d9dc913686bc881f45c34
                                                                                                                                                • Instruction Fuzzy Hash: 85E02C32404B18C6E220AF3CEE0E8C53A085F41335B208322F078F20F0C338CA9A4AA9
                                                                                                                                                Function 0040624A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 556 40624a-406266 WriteFile 557 406272 556->557 558 406268-40626b 556->558 560 406274-406276 557->560 558->557 559 40626d-406270 558->559 559->560
                                                                                                                                                APIs
                                                                                                                                                • WriteFile.KERNELBASE(00008001,00000000,00000000,00000000,00000000,0079146D,t to 'false'# it supports loading only JKS keystore files.#keystore.type.compat=true## List of comma-separated packages that start with or equal this string# will cause a security exception to be thrown when# passed to checkPackageAccess unless,004035A4,t to 'false'# it supports loading only JKS keystore files.#keystore.type.compat=true## List of comma-separated packages that start with or equal this string# will cause a security exception to be thrown when# passed to checkPackageAccess unless,0079146D,0040CE68,00793730,00004000,?,00000000,004033CE), ref: 0040625E
                                                                                                                                                Strings
                                                                                                                                                • t to 'false'# it supports loading only JKS keystore files.#keystore.type.compat=true## List of comma-separated packages that start with or equal this string# will cause a security exception to be thrown when# passed to checkPackageAccess unless, xrefs: 0040624A
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileWrite
                                                                                                                                                • String ID: t to 'false'# it supports loading only JKS keystore files.#keystore.type.compat=true## List of comma-separated packages that start with or equal this string# will cause a security exception to be thrown when# passed to checkPackageAccess unless
                                                                                                                                                • API String ID: 3934441357-764050761
                                                                                                                                                • Opcode ID: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                                                                                • Instruction ID: 87c19038220962627c919529630aa6207caf52f17c3fd3050659ce843676b6d8
                                                                                                                                                • Opcode Fuzzy Hash: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                                                                                • Instruction Fuzzy Hash: E9E08C3220021AEBCF10AE508C00EEB3BACEB013A0F05447AF926E2060D230E92097A4
                                                                                                                                                Function 0040621B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 551 40621b-406237 ReadFile 552 406243 551->552 553 406239-40623c 551->553 555 406245-406247 552->555 553->552 554 40623e-406241 553->554 554->555
                                                                                                                                                APIs
                                                                                                                                                • ReadFile.KERNELBASE(00008001,00000000,00000000,00000000,00000000,00793730,t to 'false'# it supports loading only JKS keystore files.#keystore.type.compat=true## List of comma-separated packages that start with or equal this string# will cause a security exception to be thrown when# passed to checkPackageAccess unless,00403620,00008001,00008001,00403524,00793730,00004000,?,00000000,004033CE), ref: 0040622F
                                                                                                                                                Strings
                                                                                                                                                • t to 'false'# it supports loading only JKS keystore files.#keystore.type.compat=true## List of comma-separated packages that start with or equal this string# will cause a security exception to be thrown when# passed to checkPackageAccess unless, xrefs: 0040621B
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileRead
                                                                                                                                                • String ID: t to 'false'# it supports loading only JKS keystore files.#keystore.type.compat=true## List of comma-separated packages that start with or equal this string# will cause a security exception to be thrown when# passed to checkPackageAccess unless
                                                                                                                                                • API String ID: 2738559852-764050761
                                                                                                                                                • Opcode ID: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                                                                                • Instruction ID: 43773d47c27ae6c928b212ded23cbe9d8293c9832a0e06128fce2dbad3ccf1fa
                                                                                                                                                • Opcode Fuzzy Hash: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                                                                                • Instruction Fuzzy Hash: 64E08C3261021AABCF10AE518C00AEB3BACEF053A0F01447AFD52E3040D230E92187A4
                                                                                                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 561 401389-40138e 562 4013fa-4013fc 561->562 563 401390-4013a0 562->563 564 4013fe 562->564 563->564 565 4013a2-4013a3 call 401434 563->565 566 401400-401401 564->566 568 4013a8-4013ad 565->568 569 401404-401409 568->569 570 4013af-4013b7 call 40136d 568->570 569->566 573 4013b9-4013bb 570->573 574 4013bd-4013c2 570->574 575 4013c4-4013c9 573->575 574->575 575->562 576 4013cb-4013f4 MulDiv SendMessageW 575->576 576->562
                                                                                                                                                APIs
                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                • SendMessageW.USER32(0040A230,00000402,00000000), ref: 004013F4
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                • Opcode ID: d81425f99c47e39cb0b701e1691743acae5d6e146e4165746460704aa1483f0f
                                                                                                                                                • Instruction ID: 7cd7f7c50a3872a915bf5743fb7b2058cfc7604c1fd4f382db6a7ef25400a29e
                                                                                                                                                • Opcode Fuzzy Hash: d81425f99c47e39cb0b701e1691743acae5d6e146e4165746460704aa1483f0f
                                                                                                                                                • Instruction Fuzzy Hash: 3D01D1326242109BE7095B389D04B6B36A8F791315F10867AB851F62F1DA788C429B48
                                                                                                                                                Function 00405C8B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CreateProcessW.KERNELBASE(00000000,007AB800,00000000,00000000,00000000,04000000,00000000,00000000,007A4790,?,?,?,007AB800,?), ref: 00405CB4
                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,007AB800,?), ref: 00405CC1
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3712363035-0
                                                                                                                                                • Opcode ID: 7021c5748c445b32f1b75d59fa194ddc1290dd09636498aa6d54045d02407b2e
                                                                                                                                                • Instruction ID: 5e2287c96599ea9260c50bf5e11985e15c6faed1b057cdd8e6323d48e076dd40
                                                                                                                                                • Opcode Fuzzy Hash: 7021c5748c445b32f1b75d59fa194ddc1290dd09636498aa6d54045d02407b2e
                                                                                                                                                • Instruction Fuzzy Hash: 0FE04FF0910209BFFB009BA0ED09F7B7B7CF741204F008421BD04F2151D77498048A78
                                                                                                                                                Function 00406A9C Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,0040377B,0000000C,?,?,?,?,?,?,?,?), ref: 00406AAE
                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406AC9
                                                                                                                                                  • Part of subcall function 00406A2C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406A43
                                                                                                                                                  • Part of subcall function 00406A2C: wsprintfW.USER32 ref: 00406A7E
                                                                                                                                                  • Part of subcall function 00406A2C: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A92
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2547128583-0
                                                                                                                                                • Opcode ID: ecfc0d1632056c4e1693efd0f98aabdfe4a2c93a6abc515f3d9591ad468ff55d
                                                                                                                                                • Instruction ID: a2fe71e9b89a4f2cceecdc79d40ad1d0e474167a8f518597b180ed0af97a8511
                                                                                                                                                • Opcode Fuzzy Hash: ecfc0d1632056c4e1693efd0f98aabdfe4a2c93a6abc515f3d9591ad468ff55d
                                                                                                                                                • Instruction Fuzzy Hash: CDE08636704211AAD610A6745E48D2B73A89F86750302843EF543F2140DB74DC33AAA9
                                                                                                                                                Function 00406198 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetFileAttributesW.KERNELBASE(00000003,00403138,007B6800,80000000,00000003), ref: 0040619C
                                                                                                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004061BE
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                • Opcode ID: d28f21770be58fa8ab322e44db2ef64be76ab1399ecbb41bfd548adfe90c5e60
                                                                                                                                                • Instruction ID: be52236ca1bfc2e7009fe271a1dfd41440a2a0d1ebc26b2cb4c8630358080456
                                                                                                                                                • Opcode Fuzzy Hash: d28f21770be58fa8ab322e44db2ef64be76ab1399ecbb41bfd548adfe90c5e60
                                                                                                                                                • Instruction Fuzzy Hash: 30D09E31254301EFFF098F20DE16F2EBAA2EB94B00F11952CB682941E0DA715819DB15
                                                                                                                                                Function 00406173 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00405D78,?,?,00000000,00405F4E,?,?,?,?), ref: 00406178
                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 0040618C
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                • Opcode ID: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                                                                                                                                • Instruction ID: bd16b687e575e919909baa0a06026500d2535e4d68f96724587946b37c3a50a2
                                                                                                                                                • Opcode Fuzzy Hash: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                                                                                                                                • Instruction Fuzzy Hash: B7D0C972514220AFD2102B28AE0889BBB55DB542727028A35F8A9A22B0CB304C6687A4
                                                                                                                                                Function 00405C56 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,0040365E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403955,?,00000008,0000000A,0000000C), ref: 00405C5C
                                                                                                                                                • GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405C6A
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1375471231-0
                                                                                                                                                • Opcode ID: 713f00ffaa2578e3ba1d99e04a2fab42aad7341dbc9e3b83e2e07bf738d273a4
                                                                                                                                                • Instruction ID: 6d79f928ffcf1d7cf42d0ca47b815618e78a443b9ec1c1e6c569b0d4b7f56a92
                                                                                                                                                • Opcode Fuzzy Hash: 713f00ffaa2578e3ba1d99e04a2fab42aad7341dbc9e3b83e2e07bf738d273a4
                                                                                                                                                • Instruction Fuzzy Hash: 56C04C30648605DAE6105B319E0CF177A50BB54741F154439E582F41A0DA348455DE2D
                                                                                                                                                Function 00403623 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403321,?), ref: 00403631
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FilePointer
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                                                                                • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                                                                                                                                • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                                                                                • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                                                                                                                                Function 00401FC9 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 0040572D: lstrlenW.KERNEL32(007A0768,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000,?), ref: 00405765
                                                                                                                                                  • Part of subcall function 0040572D: lstrlenW.KERNEL32(004030CD,007A0768,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000), ref: 00405775
                                                                                                                                                  • Part of subcall function 0040572D: lstrcatW.KERNEL32(007A0768,004030CD,004030CD,007A0768,00000000,00000000,00000000), ref: 00405788
                                                                                                                                                  • Part of subcall function 0040572D: SetWindowTextW.USER32(007A0768,007A0768), ref: 0040579A
                                                                                                                                                  • Part of subcall function 0040572D: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004057C0
                                                                                                                                                  • Part of subcall function 0040572D: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004057DA
                                                                                                                                                  • Part of subcall function 0040572D: SendMessageW.USER32(?,00001013,?,00000000), ref: 004057E8
                                                                                                                                                  • Part of subcall function 00405C8B: CreateProcessW.KERNELBASE(00000000,007AB800,00000000,00000000,00000000,04000000,00000000,00000000,007A4790,?,?,?,007AB800,?), ref: 00405CB4
                                                                                                                                                  • Part of subcall function 00405C8B: CloseHandle.KERNEL32(?,?,?,007AB800,?), ref: 00405CC1
                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?), ref: 00402010
                                                                                                                                                  • Part of subcall function 00406B47: WaitForSingleObject.KERNEL32(?,00000064,00000000,00000000,?,?,00401FC4,?,?,?,?,?,?), ref: 00406B58
                                                                                                                                                  • Part of subcall function 00406B47: GetExitCodeProcess.KERNELBASE(?,?), ref: 00406B7A
                                                                                                                                                  • Part of subcall function 004065EF: wsprintfW.USER32 ref: 004065FC
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2972824698-0
                                                                                                                                                • Opcode ID: 010c4de4839c30f5f624bdd6e6014b3f959aac011a9ca58a1ea6b1dfd982e359
                                                                                                                                                • Instruction ID: 8f2767d0678a3924f763e8454d997128aa0ba9b300588c726fa1268c853b509c
                                                                                                                                                • Opcode Fuzzy Hash: 010c4de4839c30f5f624bdd6e6014b3f959aac011a9ca58a1ea6b1dfd982e359
                                                                                                                                                • Instruction Fuzzy Hash: 6CF09672904621DBEF20BBA59AC999E7664DF0031CF21403FE202B21D5DBBC4D41A66E

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 0040586C Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 004058CA
                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 004058D9
                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00405916
                                                                                                                                                • GetSystemMetrics.USER32(00000002), ref: 0040591D
                                                                                                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 0040593E
                                                                                                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040594F
                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405962
                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405970
                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405983
                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004059A5
                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 004059B9
                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 004059DA
                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004059EA
                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405A03
                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405A0F
                                                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 004058E8
                                                                                                                                                  • Part of subcall function 0040465C: SendMessageW.USER32(00000028,?,00000001,00404487), ref: 0040466A
                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 00405A2C
                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00005800,00000000), ref: 00405A3A
                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405A41
                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00405A65
                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405A6A
                                                                                                                                                • ShowWindow.USER32(00000008), ref: 00405AB4
                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405AE8
                                                                                                                                                • CreatePopupMenu.USER32 ref: 00405AF9
                                                                                                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405B0D
                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00405B2D
                                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405B46
                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B7E
                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 00405B8E
                                                                                                                                                • EmptyClipboard.USER32 ref: 00405B94
                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405BA0
                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00405BAA
                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405BBE
                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00405BDE
                                                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405BE9
                                                                                                                                                • CloseClipboard.USER32 ref: 00405BEF
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                • String ID: {
                                                                                                                                                • API String ID: 590372296-366298937
                                                                                                                                                • Opcode ID: bba05a70ec3385d23f2409cf1ef10f25cf760ad06cc4ffd3b58e6d9eb902a66f
                                                                                                                                                • Instruction ID: a21e8ab92b4993adea503451443a72eb00409e7f21f7cb6101edd93ff6d6effb
                                                                                                                                                • Opcode Fuzzy Hash: bba05a70ec3385d23f2409cf1ef10f25cf760ad06cc4ffd3b58e6d9eb902a66f
                                                                                                                                                • Instruction Fuzzy Hash: 92B15A70900608FFDF11AF60DD89EAE7B79FB49354F00812AFA41BA1A0CB795951DF58
                                                                                                                                                Function 00404B18 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 00404B67
                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00404B91
                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00404C42
                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404C4D
                                                                                                                                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,007A1788,00000000,?,?), ref: 00404C7F
                                                                                                                                                • lstrcatW.KERNEL32(?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe), ref: 00404C8B
                                                                                                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404C9D
                                                                                                                                                  • Part of subcall function 00405CEC: GetDlgItemTextW.USER32(?,?,00000400,00404CD4), ref: 00405CFF
                                                                                                                                                  • Part of subcall function 00406956: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PInstaller.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403646,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403955,?,00000008,0000000A,0000000C), ref: 004069B9
                                                                                                                                                  • Part of subcall function 00406956: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004069C8
                                                                                                                                                  • Part of subcall function 00406956: CharNextW.USER32(?,"C:\Users\user\Desktop\PInstaller.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403646,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403955,?,00000008,0000000A,0000000C), ref: 004069CD
                                                                                                                                                  • Part of subcall function 00406956: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403646,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403955,?,00000008,0000000A,0000000C), ref: 004069E0
                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(0079F758,?,?,0000040F,?,0079F758,0079F758,?,00000001,0079F758,?,?,000003FB,?), ref: 00404D60
                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D7B
                                                                                                                                                  • Part of subcall function 00404ED4: lstrlenW.KERNEL32(007A1788,007A1788,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F75
                                                                                                                                                  • Part of subcall function 00404ED4: wsprintfW.USER32 ref: 00404F7E
                                                                                                                                                  • Part of subcall function 00404ED4: SetDlgItemTextW.USER32(?,007A1788), ref: 00404F91
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                • String ID: A$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                                                                                • API String ID: 2624150263-1804380558
                                                                                                                                                • Opcode ID: 473f1ea5df1debb2bb6360c273a8c3ac2691b50ca89011d08678c3db45e22675
                                                                                                                                                • Instruction ID: dc4bb1638fd86189572f3fef3d2ad5c3458d99d5ddb28cdb65bb473fe11d4ee5
                                                                                                                                                • Opcode Fuzzy Hash: 473f1ea5df1debb2bb6360c273a8c3ac2691b50ca89011d08678c3db45e22675
                                                                                                                                                • Instruction Fuzzy Hash: A6A17FB1900209ABDB11AFA5CD45AEFB7B8FF84314F10843BF611B62D1DB7C89418B69
                                                                                                                                                Function 00405DB4 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • DeleteFileW.KERNEL32(?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\PInstaller.exe"), ref: 00405DDD
                                                                                                                                                • lstrcatW.KERNEL32(007A3790,\*.*,007A3790,?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\PInstaller.exe"), ref: 00405E25
                                                                                                                                                • lstrcatW.KERNEL32(?,0040A014,?,007A3790,?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\PInstaller.exe"), ref: 00405E48
                                                                                                                                                • lstrlenW.KERNEL32(?,?,0040A014,?,007A3790,?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\PInstaller.exe"), ref: 00405E4E
                                                                                                                                                • FindFirstFileW.KERNEL32(007A3790,?,?,?,0040A014,?,007A3790,?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\PInstaller.exe"), ref: 00405E5E
                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EFE
                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00405F0D
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                • String ID: "C:\Users\user\Desktop\PInstaller.exe"$\*.*
                                                                                                                                                • API String ID: 2035342205-3706013840
                                                                                                                                                • Opcode ID: 634684be06bc5fa10a708c9c30e00e3dd606c17f62d1093d36132a0bd6cde82c
                                                                                                                                                • Instruction ID: ae5170c83c6e9095851fa0d8097f4bab157ab965d507cdbf1fecacb333c8d3e1
                                                                                                                                                • Opcode Fuzzy Hash: 634684be06bc5fa10a708c9c30e00e3dd606c17f62d1093d36132a0bd6cde82c
                                                                                                                                                • Instruction Fuzzy Hash: 2141A030810A15A6CB21AB61CD89EBF7678EF86758F10813BF441711D1DB7C4A82DEAE
                                                                                                                                                Function 004021CF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040224E
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Roaming\InstallerPDW, xrefs: 0040228E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CreateInstance
                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\InstallerPDW
                                                                                                                                                • API String ID: 542301482-2083934288
                                                                                                                                                • Opcode ID: c64878d854c536bec730456c3b0ea3d4930a07d3b3fad167a45cfc01c14929b3
                                                                                                                                                • Instruction ID: d5dbfd7997439e602e7a5aaf4b227ce20d50d90eb6ec61007aef98b077272034
                                                                                                                                                • Opcode Fuzzy Hash: c64878d854c536bec730456c3b0ea3d4930a07d3b3fad167a45cfc01c14929b3
                                                                                                                                                • Instruction Fuzzy Hash: 44411675A00209AFCB00DFE4C989A9D7BB5FF48318B20457EF505EB2D1DB799981CB54
                                                                                                                                                Function 00406A05 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • FindFirstFileW.KERNEL32(74DF3420,007A47D8,007A3F90,004060C8,007A3F90,007A3F90,00000000,007A3F90,007A3F90,74DF3420,?,74DF2EE0,00405DD4,?,74DF3420,74DF2EE0), ref: 00406A10
                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00406A1C
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                • Opcode ID: d01eac4b78642ee229a112484c6742e88cc4c4a3d825a65ded65f37d71907806
                                                                                                                                                • Instruction ID: 09b50f103f556b68ca680ae50a3f346dd37f8b588f81a82a200e42e2f2e9d735
                                                                                                                                                • Opcode Fuzzy Hash: d01eac4b78642ee229a112484c6742e88cc4c4a3d825a65ded65f37d71907806
                                                                                                                                                • Instruction Fuzzy Hash: F4D012317661205BC6506B3CAE0C89B7E589F5B3717229B36F476F21E4C7788C728B98
                                                                                                                                                Function 00402930 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040293F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                                • Opcode ID: 683f1b139ffdd8b1f4169c0c5b9a1304517946695afe0f153a868f72914159c3
                                                                                                                                                • Instruction ID: 629b5a3a749195ae95b7771ab4fac4c63f36450bb008b79a789ce9eb088850bb
                                                                                                                                                • Opcode Fuzzy Hash: 683f1b139ffdd8b1f4169c0c5b9a1304517946695afe0f153a868f72914159c3
                                                                                                                                                • Instruction Fuzzy Hash: 27F08271A04105ABDB00EBA4D9499AEB374EF14324F60417BE111F31E5E7B88E509B29
                                                                                                                                                Function 00405094 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 004050AC
                                                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 004050B7
                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00405101
                                                                                                                                                • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00405118
                                                                                                                                                • SetWindowLongW.USER32(?,000000FC,004056A1), ref: 00405131
                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00405145
                                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00405157
                                                                                                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 0040516D
                                                                                                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405179
                                                                                                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 0040518B
                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 0040518E
                                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 004051B9
                                                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 004051C5
                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405260
                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405290
                                                                                                                                                  • Part of subcall function 0040465C: SendMessageW.USER32(00000028,?,00000001,00404487), ref: 0040466A
                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 004052A4
                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 004052D2
                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004052E0
                                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 004052F0
                                                                                                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 004053EB
                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405450
                                                                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405465
                                                                                                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405489
                                                                                                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004054A9
                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 004054BE
                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 004054CE
                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405547
                                                                                                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 004055F0
                                                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004055FF
                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0040562A
                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00405678
                                                                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 00405683
                                                                                                                                                • ShowWindow.USER32(00000000), ref: 0040568A
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                • String ID: $M$N
                                                                                                                                                • API String ID: 2564846305-813528018
                                                                                                                                                • Opcode ID: 27b926bd0df8adfd45f1af09bcf41c137b906de34181b8458f5902998abd8f77
                                                                                                                                                • Instruction ID: 621598b6da7ee09cd90e0a594114de092ddcd2f05dae79a8baff499e896dd836
                                                                                                                                                • Opcode Fuzzy Hash: 27b926bd0df8adfd45f1af09bcf41c137b906de34181b8458f5902998abd8f77
                                                                                                                                                • Instruction Fuzzy Hash: E8028B70900609AFDF20DFA5DD45AAF7BB5FB85314F10852AFA10BA2E1D7798981CF18
                                                                                                                                                Function 00404128 Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404164
                                                                                                                                                • ShowWindow.USER32(?), ref: 00404184
                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404196
                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 004041AF
                                                                                                                                                • DestroyWindow.USER32 ref: 004041C3
                                                                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 004041DC
                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 004041FB
                                                                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 0040420F
                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00404216
                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 004042C1
                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 004042CB
                                                                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 004042E5
                                                                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404336
                                                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 004043DC
                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 004043FD
                                                                                                                                                • EnableWindow.USER32(?,?), ref: 0040440F
                                                                                                                                                • EnableWindow.USER32(?,?), ref: 0040442A
                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404440
                                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 00404447
                                                                                                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040445F
                                                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404472
                                                                                                                                                • lstrlenW.KERNEL32(007A1788,?,007A1788,00000000), ref: 0040449C
                                                                                                                                                • SetWindowTextW.USER32(?,007A1788), ref: 004044B0
                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 004045E4
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Window$Item$MessageSendShow$EnableLong$Menu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1860320154-0
                                                                                                                                                • Opcode ID: 19044a7b2f9dc29d6108c15eb770cf226d04415cfc30418a1908fdb8cc7cbc95
                                                                                                                                                • Instruction ID: 4e6da35977487edfeaa6b74986f9c263af1ab51025a8ed190b8445e98811ac0f
                                                                                                                                                • Opcode Fuzzy Hash: 19044a7b2f9dc29d6108c15eb770cf226d04415cfc30418a1908fdb8cc7cbc95
                                                                                                                                                • Instruction Fuzzy Hash: 77C1ABB1500204BBDB216B61EE45A2B3AA8FBD6745F00453EFB41B51F0CB3D9891DB2E
                                                                                                                                                Function 004047E6 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404884
                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 00404898
                                                                                                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004048B5
                                                                                                                                                • GetSysColor.USER32(?), ref: 004048C6
                                                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004048D4
                                                                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004048E2
                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 004048E7
                                                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004048F4
                                                                                                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404909
                                                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 00404962
                                                                                                                                                • SendMessageW.USER32(00000000), ref: 00404969
                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 00404994
                                                                                                                                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004049D7
                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 004049E5
                                                                                                                                                • SetCursor.USER32(00000000), ref: 004049E8
                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00404A01
                                                                                                                                                • SetCursor.USER32(00000000), ref: 00404A04
                                                                                                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404A33
                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404A45
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                • String ID: @bz$N
                                                                                                                                                • API String ID: 3103080414-907341931
                                                                                                                                                • Opcode ID: 88633698968d94023c0aa3178898a7337079cd9d94237a13968812fbcfc2c457
                                                                                                                                                • Instruction ID: a814c9d8d31f57ab487173d28e45881d7bb578d0c76eff237bb6e686a9ba1b52
                                                                                                                                                • Opcode Fuzzy Hash: 88633698968d94023c0aa3178898a7337079cd9d94237a13968812fbcfc2c457
                                                                                                                                                • Instruction Fuzzy Hash: D561C2B1A40209BFDB10AF60CD85A6A7B79FB84315F00843AF605B62E0D77DA951CF98
                                                                                                                                                Function 004062EE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406489,?,?), ref: 00406329
                                                                                                                                                • GetShortPathNameW.KERNEL32(?,007A4E28,00000400), ref: 00406332
                                                                                                                                                  • Part of subcall function 004060FD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063E2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040610D
                                                                                                                                                  • Part of subcall function 004060FD: lstrlenA.KERNEL32(00000000,?,00000000,004063E2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040613F
                                                                                                                                                • GetShortPathNameW.KERNEL32(?,007A5628,00000400), ref: 0040634F
                                                                                                                                                • wsprintfA.USER32 ref: 0040636D
                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,007A5628,C0000000,00000004,007A5628,?,?,?,?,?), ref: 004063A8
                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 004063B7
                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063EF
                                                                                                                                                • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,007A4A28,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406445
                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00406456
                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040645D
                                                                                                                                                  • Part of subcall function 00406198: GetFileAttributesW.KERNELBASE(00000003,00403138,007B6800,80000000,00000003), ref: 0040619C
                                                                                                                                                  • Part of subcall function 00406198: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004061BE
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                • String ID: %ls=%ls$(Nz$(Vz$(Vz$[Rename]
                                                                                                                                                • API String ID: 2171350718-2772246434
                                                                                                                                                • Opcode ID: 3357c57cd9792c63d911ae114c9432cadb4444b6c2488056b84af6109ea027cf
                                                                                                                                                • Instruction ID: 5e896f4cd24015790019738d227b40084e672713b3fcc41402b0b662be4da206
                                                                                                                                                • Opcode Fuzzy Hash: 3357c57cd9792c63d911ae114c9432cadb4444b6c2488056b84af6109ea027cf
                                                                                                                                                • Instruction Fuzzy Hash: 97313731500315BBC2206B658D48F6B3A5CEF86719F16403EF902B72D3DA7D982586BD
                                                                                                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                • DrawTextW.USER32(00000000,007A72A0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                • String ID: F
                                                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                                                • Opcode ID: f59eaf5190339bfdac3ff3ff3f1a6ec95550fe6cac82505fe537ebb852aaa3a4
                                                                                                                                                • Instruction ID: f613d49bb65c961beb8007995d0fcb5bf725aa8a9eaa952cce9af63ec5617004
                                                                                                                                                • Opcode Fuzzy Hash: f59eaf5190339bfdac3ff3ff3f1a6ec95550fe6cac82505fe537ebb852aaa3a4
                                                                                                                                                • Instruction Fuzzy Hash: 19418B71800209AFCB058FA5CE459BFBBB9FF45314F00802EF591AA1A0CB38DA54DFA4
                                                                                                                                                Function 00406956 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PInstaller.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403646,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403955,?,00000008,0000000A,0000000C), ref: 004069B9
                                                                                                                                                • CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004069C8
                                                                                                                                                • CharNextW.USER32(?,"C:\Users\user\Desktop\PInstaller.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403646,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403955,?,00000008,0000000A,0000000C), ref: 004069CD
                                                                                                                                                • CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403646,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403955,?,00000008,0000000A,0000000C), ref: 004069E0
                                                                                                                                                Strings
                                                                                                                                                • *?|<>/":, xrefs: 004069A8
                                                                                                                                                • "C:\Users\user\Desktop\PInstaller.exe", xrefs: 0040699A
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00406957
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                • String ID: "C:\Users\user\Desktop\PInstaller.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                • API String ID: 589700163-3466478754
                                                                                                                                                • Opcode ID: 7c4491ab095b24fecdd0000f8ec6f0e383ca7ce11269c465865605e120ff5cd6
                                                                                                                                                • Instruction ID: f06f51b5daa490310aa6d9f0e348b7506a59c307e33f50149fa884e4b26d093c
                                                                                                                                                • Opcode Fuzzy Hash: 7c4491ab095b24fecdd0000f8ec6f0e383ca7ce11269c465865605e120ff5cd6
                                                                                                                                                • Instruction Fuzzy Hash: B711C89580021295DB303B159C40BB7B6F8AF55754F52403FED8AB3AC5E77C4CA286AD
                                                                                                                                                Function 0040468E Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 004046AB
                                                                                                                                                • GetSysColor.USER32(00000000), ref: 004046E9
                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 004046F5
                                                                                                                                                • SetBkMode.GDI32(?,?), ref: 00404701
                                                                                                                                                • GetSysColor.USER32(?), ref: 00404714
                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00404724
                                                                                                                                                • DeleteObject.GDI32(?), ref: 0040473E
                                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 00404748
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                • Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                                                                                • Instruction ID: f473295c6fd8ec07ca2624863b423d3d6af75ab0ed38802d63bbde324e3441e5
                                                                                                                                                • Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                                                                                • Instruction Fuzzy Hash: FA2177B15007049BCB30DF38DA48B5B7BF4AF82714B04892DE9A6A76E0D778E944CB58
                                                                                                                                                Function 00402711 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • ReadFile.KERNEL32(?,?,?,?), ref: 0040277D
                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004027B8
                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027DB
                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027F1
                                                                                                                                                  • Part of subcall function 00406279: SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00000000,?,?,?,004026F6,00000000,00000000,?,00000000,00000011), ref: 0040628F
                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040289D
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                • String ID: 9
                                                                                                                                                • API String ID: 163830602-2366072709
                                                                                                                                                • Opcode ID: 14bdf746efe0a53cd9495a06a494dc42432e24846c9ef13c9132032fb3a773a0
                                                                                                                                                • Instruction ID: 012748b622298816f6430bffed341d86383c7a2d625c8d6484ca5a9a02f57314
                                                                                                                                                • Opcode Fuzzy Hash: 14bdf746efe0a53cd9495a06a494dc42432e24846c9ef13c9132032fb3a773a0
                                                                                                                                                • Instruction Fuzzy Hash: BD511D75D04219AADF20EFD4CA84AAEBB79FF44304F14817BE501B62D0D7B89D828B58
                                                                                                                                                Function 0040572D Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • lstrlenW.KERNEL32(007A0768,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000,?), ref: 00405765
                                                                                                                                                • lstrlenW.KERNEL32(004030CD,007A0768,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000), ref: 00405775
                                                                                                                                                • lstrcatW.KERNEL32(007A0768,004030CD,004030CD,007A0768,00000000,00000000,00000000), ref: 00405788
                                                                                                                                                • SetWindowTextW.USER32(007A0768,007A0768), ref: 0040579A
                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004057C0
                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004057DA
                                                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 004057E8
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2531174081-0
                                                                                                                                                • Opcode ID: ffb6b0f07760ea01c7bb82b55b40d6e58c63f7c8e02640becad7bdec7db374c2
                                                                                                                                                • Instruction ID: 1ae4c5a4f4a1b5ed88a523101da5b7d8f0d78cb89f31deef758d3a1e54c8fb65
                                                                                                                                                • Opcode Fuzzy Hash: ffb6b0f07760ea01c7bb82b55b40d6e58c63f7c8e02640becad7bdec7db374c2
                                                                                                                                                • Instruction Fuzzy Hash: BE217C75900558FACF119FA6DD84ADFBFB8EB85354F10802AF904B62A0C7794950DF98
                                                                                                                                                Function 00403053 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • DestroyWindow.USER32(00000000,00000000), ref: 0040306E
                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040308C
                                                                                                                                                • wsprintfW.USER32 ref: 004030BA
                                                                                                                                                  • Part of subcall function 0040572D: lstrlenW.KERNEL32(007A0768,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000,?), ref: 00405765
                                                                                                                                                  • Part of subcall function 0040572D: lstrlenW.KERNEL32(004030CD,007A0768,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000), ref: 00405775
                                                                                                                                                  • Part of subcall function 0040572D: lstrcatW.KERNEL32(007A0768,004030CD,004030CD,007A0768,00000000,00000000,00000000), ref: 00405788
                                                                                                                                                  • Part of subcall function 0040572D: SetWindowTextW.USER32(007A0768,007A0768), ref: 0040579A
                                                                                                                                                  • Part of subcall function 0040572D: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004057C0
                                                                                                                                                  • Part of subcall function 0040572D: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004057DA
                                                                                                                                                  • Part of subcall function 0040572D: SendMessageW.USER32(?,00001013,?,00000000), ref: 004057E8
                                                                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,00402FB8,00000000), ref: 004030DE
                                                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 004030EC
                                                                                                                                                  • Part of subcall function 00403037: MulDiv.KERNEL32(00000000,00000064,00005B8F), ref: 0040304C
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                • String ID: ... %d%%
                                                                                                                                                • API String ID: 722711167-2449383134
                                                                                                                                                • Opcode ID: 57464da915c4130aa8de2c4d9dc4015e114eff4e3fe4d5d92f2d4c1864e5fe23
                                                                                                                                                • Instruction ID: 0c16f26d314d647e76f07bbf3bd08512ca2fd8d2cca353c04ab8097a1d5fa4cd
                                                                                                                                                • Opcode Fuzzy Hash: 57464da915c4130aa8de2c4d9dc4015e114eff4e3fe4d5d92f2d4c1864e5fe23
                                                                                                                                                • Instruction Fuzzy Hash: 5B01A170402720AFC721AFA0AD4AAAB7F6CEB00B02B14C43BF441F11E4CA7C85418B9E
                                                                                                                                                Function 00404FE2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404FFD
                                                                                                                                                • GetMessagePos.USER32 ref: 00405005
                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 0040501F
                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00405031
                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00405057
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                • String ID: f
                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                • Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                                                                                • Instruction ID: ff28bd1c3b33c06f5fc0da7420f13fa6da2355cc4344bd264e34570f8809b70f
                                                                                                                                                • Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                                                                                • Instruction Fuzzy Hash: E1015E71900218BADB00DB94DD85BFFBBBCEF55711F10412BBA51B61D0C7B49A418FA4
                                                                                                                                                Function 00402FB8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FD6
                                                                                                                                                • wsprintfW.USER32 ref: 0040300A
                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 0040301A
                                                                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040302C
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                • API String ID: 1451636040-1158693248
                                                                                                                                                • Opcode ID: 30a33e51ebb0687de2ab0f9de2b583d40bf8de1aa61be0624cc62e3c661608a6
                                                                                                                                                • Instruction ID: 7dba62b4de3f8af0bd1a3db65db92e49ef90036c0e469d011b7a743b812a2b0e
                                                                                                                                                • Opcode Fuzzy Hash: 30a33e51ebb0687de2ab0f9de2b583d40bf8de1aa61be0624cc62e3c661608a6
                                                                                                                                                • Instruction Fuzzy Hash: 7AF01D7054020CABEF219F60DD4ABEA3A68AB14349F00C03AF645A51D0DBB996558B99
                                                                                                                                                Function 00402975 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029D6
                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029F2
                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00402A2B
                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402A3E
                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A5A
                                                                                                                                                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A6D
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2667972263-0
                                                                                                                                                • Opcode ID: 92770f9eeca7d7aa80a590e9dfd0251d6df7f51e39b07731306599527f8e8798
                                                                                                                                                • Instruction ID: 7a32b631fbb2364a950f2fe4f48668c1b117b5e53ed404fb7215fd39c66d5a5f
                                                                                                                                                • Opcode Fuzzy Hash: 92770f9eeca7d7aa80a590e9dfd0251d6df7f51e39b07731306599527f8e8798
                                                                                                                                                • Instruction Fuzzy Hash: 8031B171D00124BBCF21AFA5DD89D9E7E79AF49324F20423AF411762E1CB798D418FA8
                                                                                                                                                Function 00402ECE Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F22
                                                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F6E
                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F77
                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F8E
                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F99
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseEnum$DeleteValue
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1354259210-0
                                                                                                                                                • Opcode ID: acaf4fc398a66893391ff6439948fdf9f5bbe1b70c5a8b97b274ab2e0b988985
                                                                                                                                                • Instruction ID: 807881735b2b71642e2844e79ceb412be78068d59037d3960ddf86433330061d
                                                                                                                                                • Opcode Fuzzy Hash: acaf4fc398a66893391ff6439948fdf9f5bbe1b70c5a8b97b274ab2e0b988985
                                                                                                                                                • Instruction Fuzzy Hash: B0216B7150010ABFDF129F90CE89EEF7B7DEB54388F110076B909B21E0E7B58E54AA64
                                                                                                                                                Function 00401DA6 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00401DBF
                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00401E0A
                                                                                                                                                • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E3A
                                                                                                                                                • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E4E
                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00401E5E
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                • Opcode ID: f9869cca0d9f0197dd8a4ef66352ad87d92f09a17dd8c1849b7e596e246d2d72
                                                                                                                                                • Instruction ID: 405ad4dd94bbe586c5c4388c37d3ffbfe9da7576ca8192295448271d966c260d
                                                                                                                                                • Opcode Fuzzy Hash: f9869cca0d9f0197dd8a4ef66352ad87d92f09a17dd8c1849b7e596e246d2d72
                                                                                                                                                • Instruction Fuzzy Hash: 07212A72900119AFCF05DF94DE45AEEBBB5EB08310F14403AF945F62A0DB789D81DB98
                                                                                                                                                Function 00401E73 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetDC.USER32(?), ref: 00401E76
                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E90
                                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E98
                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00401EA9
                                                                                                                                                • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401EF8
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3808545654-0
                                                                                                                                                • Opcode ID: e7871214ef899597a5c21e8ed64a158595def24cf366e312614ef02057251c7c
                                                                                                                                                • Instruction ID: 7404f187f786d395334f6f4faf1ff929c05b2936100a832a64c15063b9b973f4
                                                                                                                                                • Opcode Fuzzy Hash: e7871214ef899597a5c21e8ed64a158595def24cf366e312614ef02057251c7c
                                                                                                                                                • Instruction Fuzzy Hash: BF01D871500250EFE7005BB4EE89BDD3FB0AF55300F20893AF142B61E2C6B904459BED
                                                                                                                                                Function 00401C68 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CD8
                                                                                                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CF0
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                • String ID: !
                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                • Opcode ID: 2a5fac263381a2343e40a74726ece7d3e52d714ee557e11de0390eba7daec59e
                                                                                                                                                • Instruction ID: eac3b2384855069ea0e2d3418bc4ad28f3024101eff9fc10085a75b2d435f499
                                                                                                                                                • Opcode Fuzzy Hash: 2a5fac263381a2343e40a74726ece7d3e52d714ee557e11de0390eba7daec59e
                                                                                                                                                • Instruction Fuzzy Hash: F6217E7191421AAEEB05AFA4D94AAFE7BB0EF44304F10453EF505B61D0D7B889419B98
                                                                                                                                                Function 00404ED4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • lstrlenW.KERNEL32(007A1788,007A1788,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F75
                                                                                                                                                • wsprintfW.USER32 ref: 00404F7E
                                                                                                                                                • SetDlgItemTextW.USER32(?,007A1788), ref: 00404F91
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                                • Opcode ID: fae5b2b1439780e1bc87dd591520e4f19a3de254c26cab23874760a2ea2ff4f9
                                                                                                                                                • Instruction ID: 6dce1d9796150ea02b55358dcb255bf25d6ec0027bff30881e343907f8b23c17
                                                                                                                                                • Opcode Fuzzy Hash: fae5b2b1439780e1bc87dd591520e4f19a3de254c26cab23874760a2ea2ff4f9
                                                                                                                                                • Instruction Fuzzy Hash: EE110A7360412837EB1066AD9C45EDE329CEB85378F250637FA26F31D1ED79C82182E8
                                                                                                                                                Function 00405F77 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403658,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403955,?,00000008,0000000A,0000000C), ref: 00405F7D
                                                                                                                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403658,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403955,?,00000008,0000000A,0000000C), ref: 00405F87
                                                                                                                                                • lstrcatW.KERNEL32(?,0040A014,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405F99
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F77
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                • API String ID: 2659869361-3081826266
                                                                                                                                                • Opcode ID: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                                                                                • Instruction ID: f68cf96ba14e67d6479617866e230da5b1ec703f9d0341898ac34fe8d8236e02
                                                                                                                                                • Opcode Fuzzy Hash: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                                                                                • Instruction Fuzzy Hash: 69D0A771101A34AAC211EB448D04CDF639C9F46344341483BF201B30A1CF7D5D6187FE
                                                                                                                                                Function 004056A1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • IsWindowVisible.USER32(?), ref: 004056D0
                                                                                                                                                • CallWindowProcW.USER32(?,?,?,?), ref: 00405721
                                                                                                                                                  • Part of subcall function 00404673: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404685
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                                • Opcode ID: 85d9bfef811451ceb30ed1ad271cf7c146aaddce0cf9cdf4195349812da74c8b
                                                                                                                                                • Instruction ID: d1cbaaf04917f803b2a7f07d4f2b4d7006ea01605e8dd2537dfa34f5ecf19aba
                                                                                                                                                • Opcode Fuzzy Hash: 85d9bfef811451ceb30ed1ad271cf7c146aaddce0cf9cdf4195349812da74c8b
                                                                                                                                                • Instruction Fuzzy Hash: 4A01DF31100609EBEF205F15DD84AAB3B29EBC4750F604837FA05762E2C37A8C91AF6D
                                                                                                                                                Function 00406576 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,007A0768,?,00000800,00000000,?,007A0768,?,?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,?,00000000,004067E7,80000002), ref: 004065BC
                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004065C7
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Roaming\InstallerPDW\install.exe, xrefs: 0040657D
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                                                                                • API String ID: 3356406503-2858601891
                                                                                                                                                • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                • Instruction ID: 38221a07ac178f0da9a001f115a27ea75bf8eb3b034b3c9fc907758f73972bc6
                                                                                                                                                • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                • Instruction Fuzzy Hash: D3017172500209FADF218F51DD05EDB3BA8EB54364F014036FD1596150D738D964DB94
                                                                                                                                                Function 00405FC3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00403161,C:\Users\user\Desktop,C:\Users\user\Desktop,007B6800,007B6800,80000000,00000003), ref: 00405FC9
                                                                                                                                                • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00403161,C:\Users\user\Desktop,C:\Users\user\Desktop,007B6800,007B6800,80000000,00000003), ref: 00405FD9
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                                                • API String ID: 2709904686-224404859
                                                                                                                                                • Opcode ID: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                                                                                • Instruction ID: 3a181673418ce45f54311ad49dce70510e3a6fafa589066fac2a063b27651789
                                                                                                                                                • Opcode Fuzzy Hash: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                                                                                • Instruction Fuzzy Hash: A8D05EB2400921DBC3126B04DC44D9F73ACEF123007464826E440A71A1DB785D9186AD
                                                                                                                                                Function 004060FD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063E2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040610D
                                                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00406125
                                                                                                                                                • CharNextA.USER32(00000000,?,00000000,004063E2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406136
                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,004063E2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040613F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.1981013650.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000000.00000002.1980983008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981051662.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.0000000000788000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007A5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981099438.00000000007B3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                • Associated: 00000000.00000002.1981790103.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_PInstaller.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                • Opcode ID: 95544cd0fbc1c68b6442233ab1bb13ea59abf9e1bd9498eecabbd7b85e38d71d
                                                                                                                                                • Instruction ID: 6110e817bf0676271ac12e84f352859583ddf629913bd023430e8a8d78eae99e
                                                                                                                                                • Opcode Fuzzy Hash: 95544cd0fbc1c68b6442233ab1bb13ea59abf9e1bd9498eecabbd7b85e38d71d
                                                                                                                                                • Instruction Fuzzy Hash: 49F0F631100414FFC7029FA5DD00D9EBBA8EF45350B2200BAE841FB311D634EE129B58

                                                                                                                                                Execution Graph

                                                                                                                                                Execution Coverage:23.2%
                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                Signature Coverage:23.8%
                                                                                                                                                Total number of Nodes:686
                                                                                                                                                Total number of Limit Nodes:13
                                                                                                                                                execution_graph 1727 404040 1728 404070 FindResourceExA 1727->1728 1729 40405a 1727->1729 1730 4040b4 LoadResource 1728->1730 1731 40426c SetLastError 1728->1731 1732 404110 atoi 1730->1732 1733 4040cd LockResource 1730->1733 1734 404284 fprintf 1731->1734 1735 404126 1732->1735 1736 404208 1732->1736 1733->1732 1740 4040de 1733->1740 1734->1732 1755 402cb0 1735->1755 1738 402cb0 45 API calls 1736->1738 1741 40413b 1738->1741 1739 404155 1742 4041a5 strcpy 1739->1742 1744 404168 1739->1744 1745 40423a 1739->1745 1740->1732 1740->1734 1743 404103 1740->1743 1741->1739 1748 402cb0 45 API calls 1741->1748 1746 4041c3 fprintf 1742->1746 1747 4041f4 1742->1747 1743->1732 1749 402cb0 45 API calls 1744->1749 1750 402cb0 45 API calls 1745->1750 1746->1747 1748->1739 1753 40417d 1749->1753 1750->1753 1752 404197 1752->1729 1752->1742 1753->1752 1754 402cb0 45 API calls 1753->1754 1754->1752 1756 402d50 FindResourceExA 1755->1756 1757 402cd3 1755->1757 1760 402d94 LoadResource 1756->1760 1761 402e39 SetLastError 1756->1761 1758 402d10 1757->1758 1759 402cd8 1757->1759 1765 402ce3 1758->1765 1766 402920 39 API calls 1758->1766 1759->1765 1767 402920 39 API calls 1759->1767 1762 402e00 atoi 1760->1762 1763 402dad LockResource 1760->1763 1761->1762 1762->1759 1763->1762 1769 402dbe 1763->1769 1764 402ce8 1764->1741 1765->1764 1772 402920 1765->1772 1766->1765 1767->1765 1769->1762 1771 402ddf fprintf 1769->1771 1770 402d26 1770->1741 1771->1762 1773 402970 RegOpenKeyExA 1772->1773 1774 402946 fprintf 1772->1774 1776 4029a4 1773->1776 1777 4029ac memset memset memset 1773->1777 1774->1773 1776->1770 1778 402a4f RegEnumKeyExA 1777->1778 1779 402aa9 strcpy strlen 1778->1779 1780 402c8b RegCloseKey 1778->1780 1781 402ac7 1779->1781 1782 402acd strcat 1779->1782 1780->1770 1781->1782 1783 402bf0 fprintf 1782->1783 1784 402aec strchr 1782->1784 1783->1770 1785 402b07 strlen 1784->1785 1786 402b1b strcpy 1784->1786 1785->1786 1787 402c30 strncpy strlen strcat 1785->1787 1788 402b33 strcmp 1786->1788 1787->1788 1793 402a37 1788->1793 1789 402bd6 fprintf 1789->1770 1790 402a18 strcmp 1791 402b5f strcmp 1790->1791 1790->1793 1791->1793 1793->1778 1793->1789 1793->1790 1793->1791 1795 402b98 strcpy strcpy 1793->1795 1796 4027a0 memset RegOpenKeyExA 1793->1796 1795->1789 1795->1793 1797 402830 memset RegQueryValueExA 1796->1797 1798 402814 1796->1798 1799 4028ed RegCloseKey 1797->1799 1801 402894 1797->1801 1798->1793 1799->1798 1800 402906 strcpy 1799->1800 1800->1798 1801->1801 1802 4028e3 1801->1802 1803 4028bd strlen 1801->1803 1808 402690 memset 1802->1808 1805 4028d2 strcat 1803->1805 1806 4028cc 1803->1806 1805->1802 1806->1805 1809 402708 strcpy 1808->1809 1810 4026c9 1808->1810 1812 402776 strlen 1809->1812 1813 40271e strlen 1809->1813 1811 4026f9 1810->1811 1814 4026e0 fprintf 1810->1814 1815 4026db 1810->1815 1811->1799 1816 40272d strcat _stat 1812->1816 1813->1816 1814->1811 1815->1814 1816->1810 1818 402762 SetLastError 1816->1818 1818->1810 2149 401000 2150 401061 2149->2150 2151 40101e 2149->2151 2152 40102a signal 2150->2152 2154 401025 2150->2154 2155 401087 2150->2155 2153 401080 2151->2153 2151->2154 2157 4010bb signal 2152->2157 2160 401041 2152->2160 2153->2155 2156 4010e2 signal 2153->2156 2154->2152 2159 401071 2154->2159 2155->2160 2161 40108e signal 2155->2161 2158 401129 signal 2156->2158 2156->2160 2157->2160 2158->2160 2161->2160 2162 40110f signal 2161->2162 2162->2160 2163 403700 GlobalMemoryStatusEx 2168 4033f0 FindResourceExA 2163->2168 2166 4033f0 18 API calls 2167 403781 2166->2167 2169 403450 LoadResource 2168->2169 2170 4036e8 SetLastError 2168->2170 2171 4034c0 atoi FindResourceExA 2169->2171 2172 403468 LockResource 2169->2172 2173 4036d0 SetLastError 2171->2173 2174 40350e LoadResource 2171->2174 2172->2171 2178 403479 2172->2178 2173->2170 2175 403580 atoi 2174->2175 2176 403527 LockResource 2174->2176 2183 4035ce 2175->2183 2176->2175 2177 403538 2176->2177 2177->2175 2181 40355f fprintf 2177->2181 2178->2171 2179 40349f fprintf 2178->2179 2179->2171 2180 403651 2180->2166 2181->2175 2182 403604 2185 40366a fprintf 2182->2185 2186 40360d strcat strlen _itoa strlen 2182->2186 2183->2180 2183->2182 2184 4036a7 fprintf 2183->2184 2184->2182 2185->2186 2186->2180 1819 401dc5 1820 401dd0 GetModuleHandleA GetProcAddress 1819->1820 1821 401e00 GetCurrentProcess 1820->1821 1822 401e13 1820->1822 1821->1822 1823 401e48 1822->1823 1824 401e33 fprintf 1822->1824 1824->1823 2187 401b87 memset strncpy strlen fopen 1825 40124a _setmode 1826 4011bb 1825->1826 1827 4011e0 1826->1827 1828 4011c0 _setmode 1826->1828 1829 401200 __p__fmode 1827->1829 1830 4011e5 _setmode 1827->1830 1828->1827 1831 406b30 1829->1831 1830->1829 1832 401212 __p__environ 1831->1832 1833 406a10 427 API calls 1832->1833 1834 401237 _cexit ExitProcess 1833->1834 1835 40334c 1836 403350 GetCurrentDirectoryA 1835->1836 1850 40320b 1836->1850 1837 4032f0 fprintf 1837->1850 1838 403160 strchr 1840 40317b strchr 1838->1840 1841 4033cc strcat 1838->1841 1839 4032e0 1840->1839 1842 40319d strncat strncat strlen 1840->1842 1841->1839 1843 403317 strncat 1842->1843 1842->1850 1843->1850 1844 403335 strcat 1844->1836 1844->1850 1845 403377 strcat 1845->1850 1846 40326c strstr 1847 403291 GetEnvironmentVariableA 1846->1847 1846->1850 1849 4033b2 strcat 1847->1849 1847->1850 1849->1850 1850->1836 1850->1837 1850->1838 1850->1839 1850->1844 1850->1845 1850->1846 1851 4023b0 strstr 1850->1851 1852 4023d6 strstr 1851->1852 1853 402448 strchr strrchr 1851->1853 1852->1853 1856 4023f0 strstr 1852->1856 1854 402503 RegOpenKeyExA 1853->1854 1855 402485 RegOpenKeyExA 1853->1855 1858 4024ae RegQueryValueExA RegCloseKey 1854->1858 1859 40252c 1854->1859 1857 4024f4 1855->1857 1855->1858 1856->1853 1860 40240a strstr 1856->1860 1857->1850 1858->1857 1859->1855 1860->1853 1861 402424 strstr 1860->1861 1861->1853 1862 40243e 1861->1862 1862->1850 1863 4030cc 1864 4030d0 strcat strlen 1863->1864 1865 401fcc 1866 401fd0 FormatMessageA 1865->1866 1867 402013 strlen strcat LocalFree 1866->1867 1868 402096 fprintf 1866->1868 1868->1867 1869 402e4e 1870 402e50 1869->1870 1871 402e70 1870->1871 1872 402ea1 1870->1872 1873 402cb0 45 API calls 1871->1873 1874 402cb0 45 API calls 1872->1874 1875 402e81 1873->1875 1874->1875 1507 401290 __set_app_type 1510 401150 SetUnhandledExceptionFilter 1507->1510 1524 406b60 1510->1524 1512 40116e __getmainargs 1513 401200 __p__fmode 1512->1513 1514 4011a8 1512->1514 1525 406b30 1513->1525 1516 4011bb 1514->1516 1520 40124a _setmode 1514->1520 1517 4011e0 1516->1517 1518 4011c0 _setmode 1516->1518 1517->1513 1521 4011e5 _setmode 1517->1521 1518->1517 1520->1516 1521->1513 1524->1512 1526 401212 __p__environ 1525->1526 1527 406a10 1526->1527 1528 406a24 1527->1528 1529 406a29 GetCommandLineA GetStartupInfoA 1528->1529 1530 406a42 GetModuleHandleA 1529->1530 1532 406b00 1530->1532 1535 4013b0 1532->1535 1592 405d30 1535->1592 1537 4013c7 1538 4013d2 1537->1538 1539 40185b memset 1537->1539 1540 4013d5 1538->1540 1682 4021a0 FindResourceExA 1538->1682 1541 4020c0 5 API calls 1539->1541 1696 401ed0 GetLastError 1540->1696 1544 401888 1541->1544 1547 4018bc FindWindowExA 1544->1547 1551 40188e ShowWindow SetForegroundWindow 1544->1551 1553 4018e9 GetWindowTextA strstr 1544->1553 1545 4013fc 1548 401402 strstr 1545->1548 1549 40141b 1545->1549 1546 4013da 1550 401237 _cexit ExitProcess 1546->1550 1547->1544 1548->1549 1554 4021a0 5 API calls 1549->1554 1552 401c10 fclose 1551->1552 1552->1544 1553->1551 1555 401915 FindWindowExA 1553->1555 1556 40142f 1554->1556 1555->1544 1555->1553 1557 40143c 1556->1557 1558 4021a0 5 API calls 1556->1558 1559 401458 CreateWindowExA 1557->1559 1561 401591 1557->1561 1560 4015f5 1558->1560 1562 401616 1559->1562 1583 4014cc 1559->1583 1560->1557 1563 4015fd strstr 1560->1563 1565 4014d6 SetTimer 1561->1565 1566 4017ee 1561->1566 1587 40159b fprintf 1561->1587 1588 4015cc 1561->1588 1712 406830 CloseHandle CloseHandle 1561->1712 1716 4020c0 FindResourceExA 1562->1716 1563->1557 1563->1562 1565->1540 1565->1583 1571 401837 fwrite 1566->1571 1572 4017fc 1566->1572 1567 401642 1569 401646 atoi 1567->1569 1570 40165d 1567->1570 1569->1570 1573 4021a0 5 API calls 1570->1573 1571->1572 1724 406830 CloseHandle CloseHandle 1572->1724 1575 401686 1573->1575 1577 4016a3 1575->1577 1578 40168a strstr 1575->1578 1576 401801 1580 401c10 fclose 1576->1580 1581 4021a0 5 API calls 1577->1581 1578->1577 1579 40155d GetMessageA 1582 401547 TranslateMessage DispatchMessageA 1579->1582 1579->1583 1580->1546 1584 4016b9 LoadImageA 1581->1584 1582->1579 1583->1540 1583->1561 1583->1565 1583->1566 1583->1579 1689 406860 1583->1689 1584->1540 1586 4016f4 7 API calls 1584->1586 1586->1561 1587->1561 1589 401817 fprintf 1588->1589 1590 4015da 1588->1590 1589->1571 1713 401c10 1590->1713 1725 406c70 1592->1725 1594 405d3d GetModuleHandleA 1595 405d70 memset GetModuleFileNameA 1594->1595 1596 405d60 1594->1596 1597 406350 1595->1597 1598 405df8 strrchr 1595->1598 1596->1537 1597->1537 1598->1597 1599 405e1c 1598->1599 1600 401c30 12 API calls 1599->1600 1601 405e35 1600->1601 1601->1596 1602 405e3f GetModuleHandleA GetProcAddress 1601->1602 1603 405e68 GetCurrentProcess 1602->1603 1604 405e7b 1602->1604 1603->1604 1605 405eb0 FindResourceExA 1604->1605 1606 405e96 1604->1606 1607 405e9b fprintf 1604->1607 1608 405ee3 LoadResource 1605->1608 1609 40638b SetLastError 1605->1609 1606->1607 1607->1605 1610 405f35 FindResourceExA 1608->1610 1611 405efc LockResource 1608->1611 1612 4063a6 SetLastError 1609->1612 1610->1612 1613 405f68 LoadResource 1610->1613 1611->1610 1614 405f0d 1611->1614 1619 4063c1 SetLastError 1612->1619 1615 405f81 LockResource 1613->1615 1616 405fba FindResourceExA 1613->1616 1614->1610 1624 40641f fprintf 1614->1624 1615->1616 1622 405f92 1615->1622 1617 406361 SetLastError 1616->1617 1618 405fed LoadResource 1616->1618 1646 406323 1617->1646 1620 40600a LockResource 1618->1620 1618->1646 1621 4063dc SetLastError 1619->1621 1629 40601f 1620->1629 1620->1646 1626 4063f7 fprintf 1621->1626 1622->1616 1627 406447 fprintf 1622->1627 1623 40632c fprintf 1623->1597 1624->1610 1628 406047 memset FindResourceExA 1626->1628 1627->1616 1628->1619 1630 406097 LoadResource 1628->1630 1629->1626 1629->1628 1631 4060b0 LockResource 1630->1631 1632 4060c1 1630->1632 1631->1632 1633 406138 memset memset GetCurrentDirectoryA FindResourceExA 1632->1633 1634 4060ef CreateMutexA GetLastError 1632->1634 1643 406796 fprintf 1632->1643 1633->1621 1636 4061bd LoadResource 1633->1636 1634->1633 1635 40646f 1634->1635 1637 406482 fprintf 1635->1637 1638 406478 1635->1638 1639 406266 1636->1639 1640 4061da LockResource 1636->1640 1637->1596 1638->1596 1641 404740 162 API calls 1639->1641 1640->1639 1648 4061eb 1640->1648 1642 406278 1641->1642 1642->1596 1644 406282 6 API calls 1642->1644 1643->1632 1645 4064c0 strlen strcat SetEnvironmentVariableA 1644->1645 1644->1646 1645->1646 1649 406502 1645->1649 1646->1597 1646->1623 1647 406214 strncpy strlen 1651 406239 1647->1651 1652 40623f strcat _chdir 1647->1652 1648->1647 1650 4067b9 fprintf 1648->1650 1654 4051e0 38 API calls 1649->1654 1650->1647 1651->1652 1652->1639 1653 4064a6 fprintf 1652->1653 1653->1639 1655 406514 FindResourceExA 1654->1655 1656 406811 SetLastError 1655->1656 1657 40655b LoadResource 1655->1657 1658 4065c4 atoi 1657->1658 1659 406574 LockResource 1657->1659 1660 4067e2 strlen 1658->1660 1661 4065df strlen 1658->1661 1659->1658 1666 406585 1659->1666 1664 4067f7 1660->1664 1662 406600 strcat GlobalMemoryStatusEx 1661->1662 1663 4065f4 1661->1663 1665 4033f0 18 API calls 1662->1665 1663->1662 1664->1656 1667 406671 1665->1667 1666->1658 1668 4065a6 fprintf 1666->1668 1669 4033f0 18 API calls 1667->1669 1668->1658 1670 4066af memset 1669->1670 1671 403790 16 API calls 1670->1671 1672 4066d6 1671->1672 1673 403100 27 API calls 1672->1673 1674 4066fa 1673->1674 1675 405390 85 API calls 1674->1675 1676 406706 1675->1676 1677 405b60 14 API calls 1676->1677 1678 406711 1677->1678 1678->1638 1679 406724 fprintf 1678->1679 1679->1638 1680 406747 fprintf 1679->1680 1680->1638 1681 40676b strlen fprintf 1680->1681 1681->1596 1683 40227d SetLastError 1682->1683 1684 4021ed LoadResource 1682->1684 1683->1545 1685 402260 1684->1685 1686 402206 LockResource 1684->1686 1685->1545 1686->1685 1687 402217 1686->1687 1687->1685 1688 40223f fprintf 1687->1688 1688->1685 1690 406c70 1689->1690 1691 406870 6 API calls 1690->1691 1692 406970 1691->1692 1693 40694d 1691->1693 1692->1583 1694 406983 WaitForSingleObject GetExitCodeProcess CloseHandle CloseHandle 1693->1694 1695 406954 1693->1695 1694->1695 1695->1583 1697 402058 fprintf 1696->1697 1698 401eeb 1696->1698 1700 402077 fprintf 1697->1700 1699 401fd0 FormatMessageA 1698->1699 1701 401fa0 MessageBoxA 1698->1701 1702 401f01 1698->1702 1703 402013 strlen strcat LocalFree 1699->1703 1704 402096 fprintf 1699->1704 1700->1704 1701->1699 1707 401f16 1701->1707 1705 401f70 printf 1702->1705 1706 401f0a puts 1702->1706 1703->1546 1704->1703 1705->1707 1706->1707 1707->1700 1708 401f62 1707->1708 1709 401f2c ShellExecuteA 1707->1709 1710 401f90 fclose 1708->1710 1711 401f6b 1708->1711 1709->1708 1710->1546 1711->1546 1712->1561 1714 401c21 fclose 1713->1714 1715 401c1f 1713->1715 1714->1546 1715->1546 1717 40215b SetLastError 1716->1717 1718 4020fb LoadResource 1716->1718 1719 402170 1717->1719 1718->1719 1720 402114 LockResource 1718->1720 1719->1567 1720->1719 1721 402125 1720->1721 1722 40214f 1721->1722 1723 402179 fprintf 1721->1723 1722->1567 1723->1722 1724->1576 1726 406c76 1725->1726 1882 402e50 1883 402e70 1882->1883 1884 402ea1 1882->1884 1885 402cb0 45 API calls 1883->1885 1886 402cb0 45 API calls 1884->1886 1887 402e81 1885->1887 1886->1887 1888 401dd0 GetModuleHandleA GetProcAddress 1889 401e00 GetCurrentProcess 1888->1889 1891 401e13 1888->1891 1889->1891 1890 401e48 1891->1890 1892 401e33 fprintf 1891->1892 1892->1890 1893 4030d0 strcat strlen 1894 4012d0 memset 1895 4020c0 5 API calls 1894->1895 1896 401309 1895->1896 1897 401311 FindWindowExA 1896->1897 1898 40138d 1896->1898 1897->1898 1899 401338 1897->1899 1900 401340 GetWindowTextA strstr 1899->1900 1901 401397 1900->1901 1902 401368 FindWindowExA 1900->1902 1902->1898 1902->1900 1903 4050d0 1904 406c70 1903->1904 1905 4050e0 6 API calls 1904->1905 1906 4051a0 strlen strcat SetEnvironmentVariableA 1905->1906 1907 40516e 1905->1907 1906->1907 1910 4051d6 1906->1910 1908 405183 fprintf 1907->1908 1909 405177 1907->1909 1908->1909 2193 405010 2194 406c70 2193->2194 2195 40501d memset GetEnvironmentVariableA strlen 2194->2195 2196 405086 strlen strcat SetEnvironmentVariableA 2195->2196 2197 405077 2195->2197 1911 403659 1912 403660 1911->1912 1913 40366a fprintf 1912->1913 1914 40360d strcat strlen _itoa strlen 1912->1914 1913->1914 1915 403651 1914->1915 1916 401959 1917 401960 GetWindowThreadProcessId 1916->1917 1918 401993 GetWindowLongA 1917->1918 1919 401987 1917->1919 1918->1919 1920 4019ae ShowWindow 1918->1920 1920->1919 1921 405cdc 1927 405c6c 1921->1927 1922 405c50 strcpy strstr 1923 405ca5 1922->1923 1922->1927 1924 405c40 1923->1924 1925 405cae strlen strcat 1923->1925 1925->1924 1926 405c70 strchr 1926->1927 1928 405c8b strstr 1926->1928 1927->1922 1927->1926 1927->1928 1928->1923 1928->1926 2198 40261c 2199 402620 2198->2199 2200 402660 strlen 2199->2200 2201 402633 strlen 2199->2201 2202 402675 strcat 2200->2202 2203 40266f 2200->2203 2204 402642 2201->2204 2205 402648 strcat 2201->2205 2203->2202 2204->2205 2206 406a9c 2207 406aa0 GetModuleHandleA 2206->2207 2209 406b00 2207->2209 2210 4013b0 424 API calls 2209->2210 2211 406b1a 2210->2211 1929 4052de 1930 4052e0 SetEnvironmentVariableA 1929->1930 1931 4052ff strtok 1930->1931 1932 405364 1931->1932 1933 40530a strchr 1931->1933 1937 403100 1933->1937 1936 405346 fprintf 1936->1930 1938 406c70 1937->1938 1939 403110 memset memset 1938->1939 1940 4032e0 1939->1940 1941 40315f 1939->1941 1940->1930 1940->1936 1941->1940 1942 403160 strchr 1941->1942 1947 403335 strcat 1941->1947 1948 403350 GetCurrentDirectoryA 1941->1948 1949 4032f0 fprintf 1941->1949 1950 403377 strcat 1941->1950 1951 40326c strstr 1941->1951 1953 4023b0 11 API calls 1941->1953 1943 40317b strchr 1942->1943 1944 4033cc strcat 1942->1944 1943->1940 1945 40319d strncat strncat strlen 1943->1945 1944->1940 1945->1941 1946 403317 strncat 1945->1946 1946->1941 1947->1941 1947->1948 1948->1941 1949->1941 1950->1941 1951->1941 1952 403291 GetEnvironmentVariableA 1951->1952 1952->1941 1954 4033b2 strcat 1952->1954 1953->1941 1954->1941 1955 402ede 1956 402ee0 1955->1956 1957 402ff0 1956->1957 1958 402ef7 1956->1958 1959 402cb0 45 API calls 1957->1959 1960 402cb0 45 API calls 1958->1960 1962 403005 1959->1962 1961 402f0c 1960->1961 1963 402f26 1961->1963 1964 402cb0 45 API calls 1961->1964 1962->1963 1966 402cb0 45 API calls 1962->1966 1965 402f90 strcpy 1963->1965 1967 402f43 1963->1967 1968 403027 1963->1968 1964->1963 1969 402fad fprintf 1965->1969 1970 402fde 1965->1970 1966->1963 1971 402cb0 45 API calls 1967->1971 1972 402cb0 45 API calls 1968->1972 1969->1970 1974 402f58 1971->1974 1975 40303c 1972->1975 1977 402cb0 45 API calls 1974->1977 1978 402f76 1974->1978 1976 402cb0 45 API calls 1975->1976 1975->1978 1976->1978 1977->1978 1978->1965 1978->1970 1979 401e60 1980 401ea0 MessageBoxA 1979->1980 1982 401e73 printf 1979->1982 1983 401960 GetWindowThreadProcessId 1984 401993 GetWindowLongA 1983->1984 1985 401987 1983->1985 1984->1985 1986 4019ae ShowWindow 1984->1986 1986->1985 1987 4019e0 1988 401a20 GetExitCodeProcess 1987->1988 1989 4019ef 1987->1989 1990 401a73 1988->1990 1991 401a46 KillTimer PostQuitMessage 1988->1991 1992 401a90 ShowWindow 1989->1992 1993 4019fc 1989->1993 1990->1991 1996 401a6f 1990->1996 1991->1996 1992->1988 1997 401abd 1992->1997 1994 401b00 EnumWindows 1993->1994 1995 401a12 1993->1995 1994->1988 1995->1988 1997->1988 1998 401acb KillTimer 1997->1998 1999 401ed0 13 API calls 1998->1999 2000 401ae7 PostQuitMessage 1999->2000 2000->1988 2001 402ee0 2002 402ff0 2001->2002 2003 402ef7 2001->2003 2004 402cb0 45 API calls 2002->2004 2005 402cb0 45 API calls 2003->2005 2007 403005 2004->2007 2006 402f0c 2005->2006 2008 402f26 2006->2008 2009 402cb0 45 API calls 2006->2009 2007->2008 2011 402cb0 45 API calls 2007->2011 2010 402f90 strcpy 2008->2010 2012 402f43 2008->2012 2013 403027 2008->2013 2009->2008 2014 402fad fprintf 2010->2014 2015 402fde 2010->2015 2011->2008 2016 402cb0 45 API calls 2012->2016 2017 402cb0 45 API calls 2013->2017 2014->2015 2019 402f58 2016->2019 2020 40303c 2017->2020 2022 402cb0 45 API calls 2019->2022 2023 402f76 2019->2023 2021 402cb0 45 API calls 2020->2021 2020->2023 2021->2023 2022->2023 2023->2010 2023->2015 2024 4025e0 strlen 2025 402601 2024->2025 2212 402620 2213 402660 strlen 2212->2213 2214 402633 strlen 2212->2214 2215 402675 strcat 2213->2215 2216 40266f 2213->2216 2217 402642 2214->2217 2218 402648 strcat 2214->2218 2216->2215 2217->2218 2219 401b20 GetModuleHandleA 2220 401b40 2219->2220 2026 404069 2027 404070 FindResourceExA 2026->2027 2028 4040b4 LoadResource 2027->2028 2029 40426c SetLastError 2027->2029 2030 404110 atoi 2028->2030 2031 4040cd LockResource 2028->2031 2032 404284 fprintf 2029->2032 2033 404126 2030->2033 2034 404208 2030->2034 2031->2030 2038 4040de 2031->2038 2032->2030 2035 402cb0 45 API calls 2033->2035 2036 402cb0 45 API calls 2034->2036 2039 40413b 2035->2039 2036->2039 2037 404155 2040 4041a5 strcpy 2037->2040 2042 404168 2037->2042 2043 40423a 2037->2043 2038->2030 2038->2032 2041 404103 2038->2041 2039->2037 2046 402cb0 45 API calls 2039->2046 2044 4041c3 fprintf 2040->2044 2045 4041f4 2040->2045 2041->2030 2047 402cb0 45 API calls 2042->2047 2048 402cb0 45 API calls 2043->2048 2044->2045 2046->2037 2051 40417d 2047->2051 2048->2051 2050 404197 2050->2040 2052 40405a 2050->2052 2051->2050 2053 402cb0 45 API calls 2051->2053 2053->2050 2054 401269 2055 401270 __set_app_type 2054->2055 2056 401150 436 API calls 2055->2056 2057 401288 2056->2057 2058 4013e9 2059 4013f0 2058->2059 2060 4021a0 5 API calls 2059->2060 2061 4013fc 2060->2061 2062 401402 strstr 2061->2062 2063 40141b 2061->2063 2062->2063 2064 4021a0 5 API calls 2063->2064 2065 40142f 2064->2065 2066 40143c 2065->2066 2067 4021a0 5 API calls 2065->2067 2068 401458 CreateWindowExA 2066->2068 2080 4014cc 2066->2080 2069 4015f5 2067->2069 2070 401616 2068->2070 2068->2080 2069->2066 2071 4015fd strstr 2069->2071 2072 4020c0 5 API calls 2070->2072 2071->2066 2071->2070 2075 401642 2072->2075 2073 4014d6 SetTimer 2076 4013d5 2073->2076 2073->2080 2074 4017ee 2082 401837 fwrite 2074->2082 2083 4017fc 2074->2083 2078 401646 atoi 2075->2078 2079 40165d 2075->2079 2081 401ed0 13 API calls 2076->2081 2077 406860 10 API calls 2077->2080 2078->2079 2084 4021a0 5 API calls 2079->2084 2080->2073 2080->2074 2080->2076 2080->2077 2090 40155d GetMessageA 2080->2090 2097 40159b fprintf 2080->2097 2098 4015cc 2080->2098 2103 406830 CloseHandle CloseHandle 2080->2103 2102 4013da 2081->2102 2082->2083 2104 406830 CloseHandle CloseHandle 2083->2104 2086 401686 2084->2086 2088 4016a3 2086->2088 2089 40168a strstr 2086->2089 2087 401801 2091 401c10 fclose 2087->2091 2092 4021a0 5 API calls 2088->2092 2089->2088 2090->2080 2093 401547 TranslateMessage DispatchMessageA 2090->2093 2091->2102 2094 4016b9 LoadImageA 2092->2094 2093->2090 2094->2076 2096 4016f4 7 API calls 2094->2096 2096->2080 2097->2080 2099 401817 fprintf 2098->2099 2100 4015da 2098->2100 2099->2082 2101 401c10 fclose 2100->2101 2101->2102 2103->2080 2104->2087 2221 402829 2222 402830 memset RegQueryValueExA 2221->2222 2223 4028ed RegCloseKey 2222->2223 2225 402894 2222->2225 2224 402906 strcpy 2223->2224 2226 402814 2223->2226 2224->2226 2225->2225 2227 4028e3 2225->2227 2228 4028bd strlen 2225->2228 2229 402690 8 API calls 2227->2229 2230 4028d2 strcat 2228->2230 2231 4028cc 2228->2231 2232 4028eb 2229->2232 2230->2227 2231->2230 2232->2223 2105 402bec 2106 402bf0 fprintf 2105->2106 2107 401270 __set_app_type 2108 401150 436 API calls 2107->2108 2109 401288 2108->2109 2233 4022b0 FindResourceExA 2234 4022fd LoadResource 2233->2234 2235 40237f SetLastError atoi 2233->2235 2236 402370 atoi 2234->2236 2237 402316 LockResource 2234->2237 2237->2236 2238 402327 2237->2238 2238->2236 2239 40234f fprintf 2238->2239 2239->2236 2110 403071 2111 403080 GetModuleFileNameA 2110->2111 2112 4030b0 strrchr 2111->2112 2113 4030c5 2111->2113 2112->2113 2114 4039f1 2115 403a00 memset FindResourceExA 2114->2115 2116 403b38 SetLastError 2115->2116 2117 403a5a LoadResource 2115->2117 2118 403ad0 2116->2118 2119 403ad9 2116->2119 2117->2118 2120 403a72 LockResource 2117->2120 2118->2119 2121 403ae3 CreateMutexA GetLastError 2118->2121 2120->2118 2125 403a83 2120->2125 2121->2119 2122 403b28 2121->2122 2123 403b31 2122->2123 2124 403b59 fprintf 2122->2124 2124->2123 2125->2118 2126 403aaf fprintf 2125->2126 2126->2118 2240 402531 2241 402540 strchr 2240->2241 2242 40257d 2241->2242 2243 40256d strlen 2241->2243 2244 402597 strncpy strlen 2242->2244 2243->2242 2243->2244 2127 403b77 memset memset GetCurrentDirectoryA FindResourceExA 2128 403c10 LoadResource 2127->2128 2129 403cd7 SetLastError 2127->2129 2130 403cd0 2128->2130 2131 403c2d LockResource 2128->2131 2131->2130 2133 403c42 2131->2133 2132 403c73 strncpy strlen 2135 403c98 2132->2135 2136 403c9e strcat _chdir 2132->2136 2133->2132 2134 403cf4 fprintf 2133->2134 2134->2132 2135->2136 2136->2130 2137 403cbb fprintf 2136->2137 2137->2130 2138 401afc 2139 401b00 EnumWindows 2138->2139 2140 401a20 GetExitCodeProcess 2139->2140 2141 401a73 2140->2141 2142 401a46 KillTimer PostQuitMessage 2140->2142 2141->2142 2143 401a6f 2141->2143 2142->2143 2144 40397e 2145 403900 2144->2145 2146 403968 _close 2145->2146 2147 403957 strlen 2145->2147 2148 403976 2146->2148 2147->2146

                                                                                                                                                Callgraph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                • Disassembly available
                                                                                                                                                callgraph 0 Function_00404040 97 Function_00402CB0 0->97 1 Function_00404740 37 Function_00403D20 1->37 96 Function_004042B0 1->96 1->97 2 Function_00401149 3 Function_0040124A 31 Function_00406A10 3->31 48 Function_00406B30 3->48 4 Function_0040334C 100 Function_004023B0 4->100 5 Function_00402E4E 5->97 6 Function_00402E50 6->97 7 Function_00401E50 8 Function_00401150 17 Function_00406B60 8->17 8->31 8->48 9 Function_00403659 10 Function_00406859 11 Function_00401959 12 Function_00405B5E 13 Function_00401E60 14 Function_00401960 15 Function_00406860 22 Function_00406C70 15->22 16 Function_00405B60 16->22 18 Function_00404069 18->97 19 Function_00401269 19->8 20 Function_00401270 20->8 21 Function_00406B70 23 Function_00403071 24 Function_00403B77 25 Function_0040397E 26 Function_00406C00 98 Function_004012B0 26->98 27 Function_00401000 27->17 28 Function_00406A00 29 Function_00403100 29->22 29->100 30 Function_00403700 72 Function_004033F0 30->72 31->22 31->26 95 Function_004013B0 31->95 32 Function_00401C10 33 Function_00405010 33->22 34 Function_00403D17 35 Function_0040261C 36 Function_0040291C 37->22 37->29 84 Function_00402690 37->84 38 Function_00402620 39 Function_00401B20 40 Function_00402920 92 Function_004027A0 40->92 41 Function_00402829 41->84 42 Function_00401C2C 43 Function_0040682C 44 Function_00405D2C 45 Function_00405D30 45->1 45->16 45->22 45->29 46 Function_00401C30 45->46 63 Function_004051E0 45->63 45->72 82 Function_00405390 45->82 83 Function_00403790 45->83 46->22 47 Function_00406830 49 Function_00402531 50 Function_004020C0 51 Function_00401DC5 52 Function_004030CC 53 Function_00401FCC 54 Function_00406ACE 54->95 55 Function_00401DD0 56 Function_004030D0 57 Function_00401ED0 58 Function_004012D0 58->50 59 Function_004050D0 59->22 60 Function_00405CDC 61 Function_004052DE 61->29 62 Function_00402EDE 62->97 63->22 63->29 64 Function_004019E0 64->57 65 Function_00402EE0 65->97 66 Function_004025E0 67 Function_004069E0 68 Function_004033E5 69 Function_00406CE9 70 Function_004013E9 70->15 70->32 70->47 70->50 70->57 93 Function_004021A0 70->93 71 Function_00402BEC 91 Function_00406CA0 72->91 73 Function_004069F0 74 Function_004039F1 75 Function_00406BF9 76 Function_00401AFC 77 Function_00401B87 78 Function_00405387 79 Function_00403789 80 Function_0040268C 81 Function_0040398E 82->22 82->29 85 Function_00401290 85->8 86 Function_00402199 87 Function_00402799 88 Function_00406B99 88->98 89 Function_00406A9C 89->95 90 Function_00406BA0 90->98 92->84 94 Function_004042A7 95->15 95->32 95->45 95->47 95->50 95->57 95->93 97->40 99 Function_004022B0 101 Function_004020B9 102 Function_004012BC

                                                                                                                                                Executed Functions

                                                                                                                                                Function 00405D30 Relevance: 163.4, APIs: 70, Strings: 23, Instructions: 688librarystringloaderCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 0 405d30-405d5e call 406c70 GetModuleHandleA 3 405d70-405df2 memset GetModuleFileNameA 0->3 4 405d60-405d6e 0->4 5 406350-406360 3->5 6 405df8-405e16 strrchr 3->6 6->5 7 405e1c-405e39 call 401c30 6->7 7->4 10 405e3f-405e66 GetModuleHandleA GetProcAddress 7->10 11 405e68-405e7b GetCurrentProcess 10->11 12 405e7e-405e85 10->12 11->12 13 405eb0-405edd FindResourceExA 12->13 14 405e87-405e94 12->14 18 405ee3-405efa LoadResource 13->18 19 40638b-40639e SetLastError 13->19 16 405e96 14->16 17 405e9b-405eab fprintf 14->17 16->17 17->13 20 405f35-405f62 FindResourceExA 18->20 21 405efc-405f0b LockResource 18->21 22 4063a6-4063b9 SetLastError 19->22 20->22 23 405f68-405f7f LoadResource 20->23 21->20 24 405f0d 21->24 32 4063c1-4063d4 SetLastError 22->32 25 405f81-405f90 LockResource 23->25 26 405fba-405fe7 FindResourceExA 23->26 27 405f0f-405f1c 24->27 25->26 28 405f92 25->28 29 406361-406374 SetLastError 26->29 30 405fed-406004 LoadResource 26->30 27->27 31 405f1e-405f26 27->31 33 405f94-405fa1 28->33 34 406377-40637e 29->34 30->34 35 40600a-406019 LockResource 30->35 31->20 36 405f28-405f2f 31->36 37 4063dc-4063ef SetLastError 32->37 33->33 38 405fa3-405fab 33->38 34->5 40 406380-406389 34->40 35->34 39 40601f 35->39 36->20 41 40641f-406442 fprintf 36->41 45 4063f7-40641a fprintf 37->45 38->26 42 405fad-405fb4 38->42 43 406021-40602e 39->43 44 406335-406349 fprintf 40->44 41->20 42->26 46 406447-40646a fprintf 42->46 43->43 47 406030-406038 43->47 44->5 48 406047-406091 memset FindResourceExA 45->48 46->26 47->48 49 40603a-406041 47->49 48->32 50 406097-4060ae LoadResource 48->50 49->45 49->48 51 4060b0-4060bf LockResource 50->51 52 4060e6-4060ed 50->52 51->52 53 4060c1 51->53 54 406138-4061b7 memset * 2 GetCurrentDirectoryA FindResourceExA 52->54 55 4060ef-406132 CreateMutexA GetLastError 52->55 56 4060c3-4060cd 53->56 54->37 58 4061bd-4061d4 LoadResource 54->58 55->54 57 40646f-406476 55->57 56->56 59 4060cf-4060d7 56->59 60 406482-4064a1 fprintf 57->60 61 406478-40647d 57->61 62 406266-40627c call 404740 58->62 63 4061da-4061e9 LockResource 58->63 59->52 65 4060d9-4060e0 59->65 60->4 61->4 62->4 70 406282-40631d memset strcpy strlen memset GetEnvironmentVariableA strlen 62->70 63->62 66 4061eb 63->66 65->52 68 406796-4067b4 fprintf 65->68 69 4061ed-4061fb 66->69 68->52 69->69 71 4061fd-406205 69->71 72 4064c0-4064fc strlen strcat SetEnvironmentVariableA 70->72 73 406323-40632a 70->73 74 406214-406237 strncpy strlen 71->74 75 406207-40620e 71->75 72->73 77 406502-406555 call 4051e0 FindResourceExA 72->77 73->5 76 40632c-406331 73->76 79 406239 74->79 80 40623f-406260 strcat _chdir 74->80 75->74 78 4067b9-4067dd fprintf 75->78 76->44 84 406811-406824 SetLastError 77->84 85 40655b-406572 LoadResource 77->85 78->74 79->80 80->62 81 4064a6-4064bb fprintf 80->81 81->62 86 4065c4-4065d9 atoi 85->86 87 406574-406583 LockResource 85->87 89 4067e2-4067f5 strlen 86->89 90 4065df-4065f2 strlen 86->90 87->86 88 406585 87->88 91 406587-406591 88->91 94 406803-406808 89->94 95 4067f7-4067fc 89->95 92 406600-406701 strcat GlobalMemoryStatusEx call 4033f0 * 2 memset call 403790 call 403100 call 405390 90->92 93 4065f4-4065f9 90->93 91->91 96 406593-40659b 91->96 108 406706-406718 call 405b60 92->108 93->92 94->84 95->94 96->86 98 40659d-4065a4 96->98 98->86 100 4065a6-4065bf fprintf 98->100 100->86 111 406724-406745 fprintf 108->111 112 40671a-40671f 108->112 111->112 113 406747-406769 fprintf 111->113 112->4 113->112 114 40676b-406791 strlen fprintf 113->114 114->4
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: ModuleResource$Handle$AddressCurrentFileFindLoadLockNameProcProcessfprintfmemsetstrrchr
                                                                                                                                                • String ID: -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre$-Xms$-Xmx$An error occurred while starting the application.$Args length:%d/32768 chars$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Error:%s$Instance already exists.$IsWow64Process$Laun$Launcher args:%s$Launcher:%s$Resource %d:%s$Startup error message not defined.$WOW64:%s$Working dir:%s$\bin$appendToPathVar failed.$bin\java.exe$bin\javaw.exe$ch4j$yes
                                                                                                                                                • API String ID: 919401838-2264506004
                                                                                                                                                • Opcode ID: e98f0b280fdfade851ebe13318b98efc7c14c0c3f0ba294e535c625494688a31
                                                                                                                                                • Instruction ID: bf9eff1d8a15de45e5a137a0cf06cc9be9fda6a92e4b939ea636d94b2118cc52
                                                                                                                                                • Opcode Fuzzy Hash: e98f0b280fdfade851ebe13318b98efc7c14c0c3f0ba294e535c625494688a31
                                                                                                                                                • Instruction Fuzzy Hash: 6A521EB09087018BD714EF29D58025EBBE1EF84344F15C87FE889AB391DB7C89658F4A
                                                                                                                                                Function 00404740 Relevance: 88.1, APIs: 43, Strings: 7, Instructions: 553stringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 185 404740-404794 FindResourceExA 186 40479a-4047b1 LoadResource 185->186 187 404c7b-404c8b SetLastError 185->187 188 404810-404859 FindResourceExA 186->188 189 4047b3-4047c2 LockResource 186->189 193 404c93-404ca6 SetLastError 187->193 190 404cae-404cc1 SetLastError 188->190 191 40485f-404876 LoadResource 188->191 189->188 192 4047c4-4047c9 189->192 197 404cc9-404ce0 call 402cb0 190->197 194 4048e0-4048f7 strchr 191->194 195 404878-404887 LockResource 191->195 196 4047d0-4047da 192->196 193->190 199 4048f9-404907 strlen 194->199 200 40490d-40491d strcpy 194->200 195->194 198 404889-40488c 195->198 196->196 201 4047dc-4047e4 196->201 211 404ce6-404cee 197->211 212 404f7d-404f92 call 402cb0 197->212 203 404890-40489d 198->203 199->200 204 404afc-404b4c strncpy strlen strcat 199->204 205 404922-404950 FindResourceExA 200->205 201->188 206 4047e6-4047ed 201->206 203->203 209 40489f-4048a7 203->209 204->205 205->193 210 404956-40496c LoadResource 205->210 206->188 207 4047ef-40480d fprintf 206->207 207->188 209->194 213 4048a9-4048b0 209->213 214 4049e0-4049f7 strchr 210->214 215 40496e-40497d LockResource 210->215 217 404cf4-404d10 strcpy 211->217 218 404a39-404a53 call 403d20 211->218 237 404f97-404fae call 402cb0 212->237 213->194 221 4048b2-4048d9 fprintf 213->221 219 4049f9-404a07 strlen 214->219 220 404a0d-404a1d strcpy 214->220 215->214 222 40497f-404981 215->222 225 404a55-404a5f 217->225 226 404d16-404d22 217->226 218->225 239 404a97-404aa6 call 4042b0 218->239 219->220 227 404aa7-404af7 strncpy strlen strcat 219->227 228 404a22-404a2a 220->228 221->194 223 404990-40499d 222->223 223->223 230 40499f-4049a7 223->230 231 404d24 226->231 232 404d29-404d47 fprintf 226->232 227->228 233 404a60-404a6d call 403d20 228->233 234 404a2c-404a33 228->234 230->214 236 4049a9-4049b0 230->236 231->232 232->225 246 404a72-404a74 233->246 234->218 238 404b51-404b8f FindResourceExA 234->238 236->214 241 4049b2-4049d9 fprintf 236->241 254 404fb4-404fc0 237->254 255 404e97-404e9f 237->255 244 404f33-404f43 SetLastError 238->244 245 404b95-404bac LoadResource 238->245 241->214 257 404f4b-404f62 call 402cb0 244->257 250 404bea-404bfa atoi 245->250 251 404bae-404bbd LockResource 245->251 246->225 247 404a76-404a84 246->247 252 404a8a-404a95 247->252 253 404d7e-404dbb FindResourceExA 247->253 258 404c00-404c18 call 402cb0 250->258 259 404d4c-404d63 call 402cb0 250->259 251->250 256 404bbf-404bc1 251->256 252->225 252->239 264 404dc1-404dd8 LoadResource 253->264 265 404fc9-404fd9 SetLastError 253->265 254->265 255->252 260 404ea5-404ec1 strcpy 255->260 262 404bd0-404bda 256->262 275 404e55-404e5d 257->275 276 404f68-404f74 257->276 278 404c1a-404c2a call 402cb0 258->278 279 404c2f-404c37 258->279 259->279 283 404d69-404d75 259->283 270 404ec3-404ecf 260->270 271 404ef4-404efb 260->271 262->262 273 404bdc-404be4 262->273 267 404e10-404e20 atoi 264->267 268 404dda-404de9 LockResource 264->268 285 404fe1-404fff fprintf 265->285 267->257 282 404e26-404e3e call 402cb0 267->282 268->267 277 404deb 268->277 280 404ed1 270->280 281 404ed6-404eef fprintf 270->281 284 404f03-404f0a 271->284 273->250 273->284 275->260 291 404e5f-404e62 275->291 276->212 286 404ded-404df7 277->286 278->279 279->217 288 404c3d-404c40 279->288 280->281 281->271 282->275 298 404e40-404e50 call 402cb0 282->298 283->253 284->250 290 404f10-404f2e fprintf 284->290 285->267 286->286 292 404df9-404e01 286->292 288->197 293 404c46-404c5e call 402cb0 288->293 290->250 291->237 295 404e68-404e80 call 402cb0 291->295 292->267 296 404e03-404e0a 292->296 293->211 304 404c64-404c79 call 402cb0 293->304 295->255 303 404e82-404e92 call 402cb0 295->303 296->267 296->285 298->275 303->255 304->211
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$FindLoadLock$fprintf$ErrorLaststrchrstrcpystrlen
                                                                                                                                                • String ID: 1.8.0$1.8.0$C:\Users\user\AppData\Roaming\InstallerPDW\jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Resource %d:%s$Runtime used:%s (%s-bit)$true
                                                                                                                                                • API String ID: 1095060389-2240388983
                                                                                                                                                • Opcode ID: 1e1ebbd2596e796659a365ff710677ee0d78a079d6b67fc0678fadb0c843e369
                                                                                                                                                • Instruction ID: 877def55760d6699fa8b0a675f498fd38e355f95ffd6f34839a3e279e3ce58b8
                                                                                                                                                • Opcode Fuzzy Hash: 1e1ebbd2596e796659a365ff710677ee0d78a079d6b67fc0678fadb0c843e369
                                                                                                                                                • Instruction Fuzzy Hash: 70225DB4A083019BD700AF65D64435FBBE1AB84344F01C87FE989AB3C2D77C9955DB8A
                                                                                                                                                Function 004013B0 Relevance: 58.1, APIs: 27, Strings: 6, Instructions: 365stringtimewindowCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 308 4013b0-4013cc call 405d30 311 4013d2-4013d3 308->311 312 40185b-40188a memset call 4020c0 308->312 313 4013f0-401400 call 4021a0 311->313 314 4013d5-4013da call 401ed0 311->314 321 4018bc-4018e1 FindWindowExA 312->321 322 40188c 312->322 324 401402-401415 strstr 313->324 325 40141b-401436 call 4021a0 313->325 326 4013df-4013e6 314->326 321->322 323 4018e3 321->323 327 40188e-4018b2 ShowWindow SetForegroundWindow call 401c10 322->327 329 4018e9-40190f GetWindowTextA strstr 323->329 324->325 330 40180d-401812 324->330 336 4015e9-4015f7 call 4021a0 325->336 337 40143c 325->337 327->321 329->327 333 401915-401938 FindWindowExA 329->333 330->325 333->329 335 40193a 333->335 335->322 339 401441-40144e 336->339 346 4015fd-401610 strstr 336->346 337->339 340 401450-401452 339->340 341 401458-4014c6 CreateWindowExA 339->341 340->341 343 4017e6-4017e8 340->343 344 40161b-401644 call 4020c0 341->344 345 4014cc-4014d4 341->345 348 4014d6-401504 SetTimer 343->348 351 4017ee 343->351 355 401646-401657 atoi 344->355 356 401668-401688 call 4021a0 344->356 345->348 349 40150a-40151a call 406860 345->349 346->339 350 401616 346->350 348->314 348->349 357 40151f-401521 349->357 350->344 354 4017f3-4017fa 351->354 358 401837-401859 fwrite 354->358 359 4017fc-401808 call 406830 call 401c10 354->359 360 40165d-401662 355->360 361 40193f-401944 355->361 369 4016a3-4016ee call 4021a0 LoadImageA 356->369 370 40168a-40169d strstr 356->370 357->314 363 401527-40152f 357->363 358->359 359->326 360->356 361->356 366 401531-401539 363->366 367 40153f-401545 363->367 366->354 366->367 371 40155d-40157c GetMessageA 367->371 369->314 382 4016f4-4017de SendMessageA GetWindowRect GetSystemMetrics * 2 SetWindowPos ShowWindow UpdateWindow 369->382 370->369 373 401949-40194e 370->373 375 401547-40155a TranslateMessage DispatchMessageA 371->375 376 40157e-401586 371->376 373->369 375->371 379 4015b0-4015bc call 406830 376->379 380 401588-40158f 376->380 387 4015cc-4015d4 379->387 388 4015be-4015c6 379->388 380->379 383 401591-401599 380->383 385 4017e1 382->385 383->379 386 40159b-4015ab fprintf 383->386 385->343 386->379 389 401817-40182d fprintf 387->389 390 4015da-4015e4 call 401c10 387->390 388->385 388->387 389->358 390->326
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 00405D30: GetModuleHandleA.KERNEL32(?,004013C7), ref: 00405D4D
                                                                                                                                                • strstr.MSVCRT ref: 0040140E
                                                                                                                                                • CreateWindowExA.USER32 ref: 004014B1
                                                                                                                                                • SetTimer.USER32 ref: 004014FA
                                                                                                                                                • GetMessageA.USER32 ref: 00401572
                                                                                                                                                  • Part of subcall function 00401ED0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401ED7
                                                                                                                                                  • Part of subcall function 00401ED0: puts.MSVCRT ref: 00401F11
                                                                                                                                                  • Part of subcall function 00401ED0: ShellExecuteA.SHELL32 ref: 00401F5A
                                                                                                                                                • memset.MSVCRT ref: 00401873
                                                                                                                                                • ShowWindow.USER32 ref: 0040189A
                                                                                                                                                • SetForegroundWindow.USER32 ref: 004018A5
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Window$CreateErrorExecuteForegroundHandleLastMessageModuleShellShowTimermemsetputsstrstr
                                                                                                                                                • String ID: --l4j-dont-wait$--l4j-no-splash$--l4j-no-splash-err$Exit code:%d$Exit code:%d, restarting the application!$STATIC
                                                                                                                                                • API String ID: 2862500452-2488410787
                                                                                                                                                • Opcode ID: ef69a45fb9a8d98a3e7d4beaa163ba7c94590803dc5b94dc991fefc783aab643
                                                                                                                                                • Instruction ID: 24b147bc9a002fea4a62b88368d981a48f0c15b8e85cb8378e8374e035e88a4e
                                                                                                                                                • Opcode Fuzzy Hash: ef69a45fb9a8d98a3e7d4beaa163ba7c94590803dc5b94dc991fefc783aab643
                                                                                                                                                • Instruction Fuzzy Hash: CBE14CB19083018BD714EF3AD54131BBAE5AF84344F01C93FE989A73A1DB78D8519B8B
                                                                                                                                                Function 00401150 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _setmode$ExceptionExitFilterProcessUnhandled__getmainargs__p__environ__p__fmode_cexit
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 3695137517-0
                                                                                                                                                • Opcode ID: 60854d5bb89194ddad18fca627b3fed1a2910dcd429b76d8ba96fdf7a2bac1dc
                                                                                                                                                • Instruction ID: 9b036dcc62e5206002a8964a93b809c6819fe7ae1a2a78e05521c6610f765c41
                                                                                                                                                • Opcode Fuzzy Hash: 60854d5bb89194ddad18fca627b3fed1a2910dcd429b76d8ba96fdf7a2bac1dc
                                                                                                                                                • Instruction Fuzzy Hash: 34212AB4A053048FC704FF65D58161ABBF5BF88344F01C93EE895A73A6DB389850CB5A
                                                                                                                                                Function 00405390 Relevance: 121.2, APIs: 58, Strings: 11, Instructions: 479stringfileCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 115 405390-40545e call 406c70 memset * 4 FindResourceExA 118 405464-40547b LoadResource 115->118 119 405a9e-405ab1 SetLastError 115->119 120 4054cd-405517 FindResourceExA 118->120 121 40547d-40548c LockResource 118->121 122 405ab9-405ad3 strcat strlen 119->122 124 405a83-405a96 SetLastError 120->124 125 40551d-405533 LoadResource 120->125 121->120 123 40548e 121->123 126 405ad8-405add 122->126 127 405490-40549a 123->127 124->119 128 405535-405544 LockResource 125->128 129 405597-4055c4 FindResourceExA 125->129 136 405ae9-405b0b strcat strlen 126->136 127->127 132 40549c-4054a4 127->132 128->129 133 405546-405549 128->133 130 4058e6-4058f9 SetLastError 129->130 131 4055ca-4055e1 LoadResource 129->131 134 4058fc-4058fe 130->134 131->134 135 4055e7-4055f6 LockResource 131->135 132->120 137 4054a6-4054ad 132->137 138 405550-40555e 133->138 139 405900-405942 strlen strcat strlen 134->139 140 40595b-4059a9 strlen strncat strlen 134->140 135->134 141 4055fc-4055fe 135->141 136->126 137->120 142 4054af-4054c8 fprintf 137->142 138->138 143 405560-405568 138->143 144 405947-40595a 139->144 146 4059b7-4059d9 strcat strlen 140->146 147 4059ab-4059b0 140->147 145 405600-40560d 141->145 142->120 143->129 148 40556a-405571 143->148 145->145 150 40560f-405617 145->150 146->144 147->146 148->129 149 405573-405592 fprintf 148->149 149->129 151 405626-405653 FindResourceExA 150->151 152 405619-405620 150->152 154 405a39-405a4c SetLastError 151->154 155 405659-405670 LoadResource 151->155 152->151 153 405b0d-405b30 fprintf 152->153 153->151 157 405a4f-405a56 154->157 156 405676-405685 LockResource 155->156 155->157 156->157 158 40568b 156->158 159 4056b4-405713 call 403100 strlen 157->159 160 405a5c-405a7e fwrite 157->160 162 40568d-40569b 158->162 159->122 165 405719-405720 159->165 160->159 162->162 164 40569d-4056a5 162->164 164->159 166 4056a7-4056ae 164->166 165->136 167 405726-405741 strtok 165->167 166->159 168 405b35-405b59 fprintf 166->168 169 405897-4058e5 strlen * 2 strcat 167->169 170 405747-405749 167->170 168->159 171 405750-405757 170->171 172 40575d-405770 strpbrk 171->172 173 4059de-405a06 fprintf strpbrk 171->173 174 405776-40578b strrchr 172->174 175 405a0c-405a34 strcat strlen 172->175 173->174 173->175 176 405792-4057d2 strncpy _findfirst 174->176 177 40578d-40578f 174->177 178 405878-405891 strtok 175->178 179 405870-405873 _findclose 176->179 180 4057d8-4057de 176->180 177->176 178->169 178->171 179->178 181 4057f6-405837 strcpy strcat strlen 180->181 182 4057e0-4057f4 _findnext 181->182 183 405839-405868 fprintf _findnext 181->183 182->179 182->181 183->181 184 40586a 183->184 184->179
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$strlen$strcat$ErrorFindLastLoadLockfprintfmemset$_findnextstrpbrkstrtok$_findclose_findfirstfwritestrcpystrncatstrncpystrrchr
                                                                                                                                                • String ID: " :%s$-Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre$-cla$-jar$-jar$Add classpath:%s$Resource %d:%s$org.develnext.jphp.ext.javafx.FXLauncher$sspa$th "$true
                                                                                                                                                • API String ID: 689643918-2559466555
                                                                                                                                                • Opcode ID: f3cc387d6fe282e7dd2616dd62daa608cb237d8618ec9fd67493d2c34684ebff
                                                                                                                                                • Instruction ID: 45e07854ae54010095be9281c7dcb4a820f195fbc1c947dc7b9175b2af9540e9
                                                                                                                                                • Opcode Fuzzy Hash: f3cc387d6fe282e7dd2616dd62daa608cb237d8618ec9fd67493d2c34684ebff
                                                                                                                                                • Instruction Fuzzy Hash: AE1261B09087018BD710AF29C54065BBBE5EF94304F0589BFE8C9AB391D77D8995CF8A
                                                                                                                                                Function 00403D20 Relevance: 44.0, APIs: 18, Strings: 7, Instructions: 207stringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 393 403d20-403d7d call 406c70 memset FindResourceExA 396 403e91-403ea9 SetLastError 393->396 397 403d83-403d9a LoadResource 393->397 398 403eb0-403eb9 396->398 397->398 399 403da0-403daf LockResource 397->399 399->398 400 403db5-403db9 399->400 401 403dc0-403dca 400->401 401->401 402 403dcc-403dd4 401->402 403 403de3-403e1e memset call 403100 402->403 404 403dd6-403ddd 402->404 408 403fc4-403fd4 fprintf 403->408 409 403e24-403e2b 403->409 404->403 406 403fde-403ffc fprintf 404->406 406->403 408->406 410 403e3a-403e45 strcpy 409->410 411 403e2d-403e34 409->411 413 403e4a-403e51 call 402690 410->413 411->410 412 403f77-403fa1 strncpy strlen 411->412 415 403fa3-403fa8 412->415 416 403faf-403fbf strcat 412->416 417 403e56-403e58 413->417 415->416 416->413 417->398 418 403e5a-403e62 417->418 419 403e64 418->419 420 403eba-403efb FindResourceExA 418->420 421 403e69-403e90 strcpy 419->421 422 404001-404017 SetLastError 420->422 423 403f01-403f18 LoadResource 420->423 424 403f50-403f6c 422->424 423->424 425 403f1a-403f29 LockResource 423->425 424->421 427 403f72 424->427 425->424 426 403f2b 425->426 428 403f2d-403f37 426->428 427->412 428->428 429 403f39-403f41 428->429 429->424 430 403f43-403f4a 429->430 430->424 431 40401c-40403a fprintf 430->431 431->424
                                                                                                                                                APIs
                                                                                                                                                • memset.MSVCRT ref: 00403D50
                                                                                                                                                • FindResourceExA.KERNEL32(00000003,00412360,?), ref: 00403D73
                                                                                                                                                • LoadResource.KERNEL32(?,?,?,00404A72), ref: 00403D90
                                                                                                                                                • LockResource.KERNEL32(?,?,?,?,?,00404A72), ref: 00403DA3
                                                                                                                                                • memset.MSVCRT ref: 00403DFB
                                                                                                                                                • strcpy.MSVCRT ref: 00403E45
                                                                                                                                                • strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403E7F
                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00404A72), ref: 00403E98
                                                                                                                                                • FindResourceExA.KERNEL32 ref: 00403EF1
                                                                                                                                                • LoadResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403F0E
                                                                                                                                                • LockResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403F1D
                                                                                                                                                • strncpy.MSVCRT ref: 00403F89
                                                                                                                                                • strlen.MSVCRT ref: 00403F95
                                                                                                                                                • strcat.MSVCRT ref: 00403FBA
                                                                                                                                                • fprintf.MSVCRT ref: 00403FD4
                                                                                                                                                • fprintf.MSVCRT ref: 00403FF7
                                                                                                                                                • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00404008
                                                                                                                                                • fprintf.MSVCRT ref: 00404035
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$fprintf$ErrorFindLastLoadLockmemsetstrcpy$strcatstrlenstrncpy
                                                                                                                                                • String ID: :$Bundled JRE:%s$C:\Users\user\AppData\Roaming\InstallerPDW\jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Resource %d:%s$\$true
                                                                                                                                                • API String ID: 1825146110-2821499453
                                                                                                                                                • Opcode ID: b93b39cbe82f5e2f208a7984e44e89cdccab112937a32fab5cc704911dd864f8
                                                                                                                                                • Instruction ID: a351f2335a7c1ffd526f9bc51b8a145b2b5fd6ff43207c8f2e401759d570546c
                                                                                                                                                • Opcode Fuzzy Hash: b93b39cbe82f5e2f208a7984e44e89cdccab112937a32fab5cc704911dd864f8
                                                                                                                                                • Instruction Fuzzy Hash: 178160B09083019BD710AF29D54035ABFE9EF84344F05C87FE989AB3D1DB7C99558B8A
                                                                                                                                                Function 00403790 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 171stringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 432 403790-4037cc FindResourceExA 433 4037d2-4037e9 LoadResource 432->433 434 4039b4-4039c6 SetLastError 432->434 435 40383a-40389f memset strlen strncpy strlen _open 433->435 436 4037eb-4037fa LockResource 433->436 437 4039ce-4039ec fprintf 434->437 438 4038a5-4038ac 435->438 439 403976-40397d 435->439 436->435 440 4037fc-4037fe 436->440 441 403826-403834 strlen 437->441 442 4038b2-4038f4 strlen _read 438->442 443 40399a-4039af fprintf 438->443 444 403800-40380d 440->444 441->435 445 403944-40394f 442->445 446 4038f6-4038f9 442->446 443->442 444->444 447 40380f-403817 444->447 448 403951-403955 445->448 449 403968-403971 _close 445->449 450 403900-403906 446->450 447->441 451 403819-403820 447->451 448->449 452 403957-403962 strlen 448->452 449->439 453 403990-403998 450->453 454 40390c-40391c 450->454 451->437 451->441 452->449 457 403940-403942 453->457 455 403980-403988 454->455 456 40391e-40392c 454->456 455->457 459 40398a-40398c 455->459 456->457 458 40392e-403932 456->458 457->445 457->450 458->457 460 403934 458->460 461 403937-403939 459->461 460->461 461->457
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: strlen$Resource$ErrorFindLastLoadLock_close_open_readmemsetstrncpy
                                                                                                                                                • String ID: Loading:%s$Resource %d:%s$ini
                                                                                                                                                • API String ID: 3498103655-913749543
                                                                                                                                                • Opcode ID: 1aeefc6938f78fb95fdeba6918e8ca31fde1e41f92e779772340ee2ce77c709b
                                                                                                                                                • Instruction ID: ffe5270cda513766b45dd1113f6f5d5a6076afea4e1b231d249c2800047aef03
                                                                                                                                                • Opcode Fuzzy Hash: 1aeefc6938f78fb95fdeba6918e8ca31fde1e41f92e779772340ee2ce77c709b
                                                                                                                                                • Instruction Fuzzy Hash: 4E6181B59083118BDB10AF29C58035EBFE5AF44344F05847FE9C9A7382D7789A51CB8A
                                                                                                                                                Function 00406860 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 105stringprocesssynchronizationCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                • memset.MSVCRT ref: 0040689C
                                                                                                                                                • memset.MSVCRT ref: 004068BD
                                                                                                                                                • strcat.MSVCRT ref: 004068DA
                                                                                                                                                • strlen.MSVCRT ref: 004068E2
                                                                                                                                                • strcat.MSVCRT ref: 004068FE
                                                                                                                                                • CreateProcessA.KERNEL32 ref: 00406941
                                                                                                                                                • WaitForSingleObject.KERNEL32(?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 00406994
                                                                                                                                                • GetExitCodeProcess.KERNEL32 ref: 004069AC
                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 004069BD
                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 004069CE
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe, xrefs: 004068C7
                                                                                                                                                • D, xrefs: 004068A1
                                                                                                                                                • -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre, xrefs: 004068F2
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseHandleProcessmemsetstrcat$CodeCreateExitObjectSingleWaitstrlen
                                                                                                                                                • String ID: -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$D
                                                                                                                                                • API String ID: 196992964-769783707
                                                                                                                                                • Opcode ID: 925ee4bed1523179cba05dbda226f6a8605d2966789c7c8ca7956b0a3c785639
                                                                                                                                                • Instruction ID: c9cdd45e2a5c81e006214db6be6d40eb90bac674d27234413dd11b55ebfa4603
                                                                                                                                                • Opcode Fuzzy Hash: 925ee4bed1523179cba05dbda226f6a8605d2966789c7c8ca7956b0a3c785639
                                                                                                                                                • Instruction Fuzzy Hash: EF4129B19083009BD700EF69D58064EFBF0FF84310F02897EE599AB391D7789965CB8A
                                                                                                                                                Function 00402690 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 73stringCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 470 402690-4026c7 memset 471 402708-40271c strcpy 470->471 472 4026c9-4026d0 470->472 475 402776-402783 strlen 471->475 476 40271e-40272b strlen 471->476 473 4026d2-4026d9 472->473 474 4026f9-402707 472->474 477 4026e0-4026f4 fprintf 473->477 478 4026db 473->478 481 402785 475->481 482 40278b-402794 475->482 479 402733-402738 476->479 480 40272d 476->480 477->474 478->477 483 40273c-40275c strcat _stat 479->483 480->479 481->482 482->483 483->472 484 402762-402771 SetLastError 483->484 484->472
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: strlen$ErrorLast_statfprintfmemsetstrcatstrcpy
                                                                                                                                                • String ID: (OK)$(not found)$Check launcher:%s %s$bin\java.exe$bin\javaw.exe
                                                                                                                                                • API String ID: 1479257852-1030199565
                                                                                                                                                • Opcode ID: 045868294d0a7ed06c315ae385c8820c2325015fc6260560a2149f7d46a293a6
                                                                                                                                                • Instruction ID: e8944f1a8106916e4475c21f7cef91e4a366f81d5ed1b62317d4ded5b41b0450
                                                                                                                                                • Opcode Fuzzy Hash: 045868294d0a7ed06c315ae385c8820c2325015fc6260560a2149f7d46a293a6
                                                                                                                                                • Instruction Fuzzy Hash: A63191B4908705DFD710AF65C58421EBBE0AF44304F16887FE888BB3D1D7B88941CB8A
                                                                                                                                                Function 004013E9 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 128windowstringtimeCOMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 485 4013e9-401400 call 4021a0 489 401402-401415 strstr 485->489 490 40141b-401436 call 4021a0 485->490 489->490 491 40180d-401812 489->491 494 4015e9-4015f7 call 4021a0 490->494 495 40143c 490->495 491->490 497 401441-40144e 494->497 504 4015fd-401610 strstr 494->504 495->497 498 401450-401452 497->498 499 401458-4014c6 CreateWindowExA 497->499 498->499 501 4017e6-4017e8 498->501 502 40161b-401644 call 4020c0 499->502 503 4014cc-4014d4 499->503 506 4014d6-401504 SetTimer 501->506 509 4017ee 501->509 514 401646-401657 atoi 502->514 515 401668-401688 call 4021a0 502->515 503->506 507 40150a-401521 call 406860 503->507 504->497 508 401616 504->508 506->507 511 4013d5-4013da call 401ed0 506->511 507->511 523 401527-40152f 507->523 508->502 513 4017f3-4017fa 509->513 529 4013df-4013e6 511->529 518 401837-401859 fwrite 513->518 519 4017fc-401808 call 406830 call 401c10 513->519 520 40165d-401662 514->520 521 40193f-401944 514->521 531 4016a3-4016ee call 4021a0 LoadImageA 515->531 532 40168a-40169d strstr 515->532 518->519 519->529 520->515 521->515 527 401531-401539 523->527 528 40153f-401545 523->528 527->513 527->528 533 40155d-40157c GetMessageA 528->533 531->511 544 4016f4-4017de SendMessageA GetWindowRect GetSystemMetrics * 2 SetWindowPos ShowWindow UpdateWindow 531->544 532->531 535 401949-40194e 532->535 537 401547-40155a TranslateMessage DispatchMessageA 533->537 538 40157e-401586 533->538 535->531 537->533 541 4015b0-4015bc call 406830 538->541 542 401588-40158f 538->542 549 4015cc-4015d4 541->549 550 4015be-4015c6 541->550 542->541 545 401591-401599 542->545 547 4017e1 544->547 545->541 548 40159b-4015ab fprintf 545->548 547->501 548->541 551 401817-40182d fprintf 549->551 552 4015da-4015e4 call 401c10 549->552 550->547 550->549 551->518 552->529
                                                                                                                                                APIs
                                                                                                                                                  • Part of subcall function 004021A0: FindResourceExA.KERNEL32 ref: 004021DD
                                                                                                                                                  • Part of subcall function 004021A0: LoadResource.KERNEL32 ref: 004021FA
                                                                                                                                                  • Part of subcall function 004021A0: LockResource.KERNEL32 ref: 00402209
                                                                                                                                                  • Part of subcall function 004021A0: fprintf.MSVCRT ref: 00402253
                                                                                                                                                • strstr.MSVCRT ref: 0040140E
                                                                                                                                                • CreateWindowExA.USER32 ref: 004014B1
                                                                                                                                                • SetTimer.USER32 ref: 004014FA
                                                                                                                                                • TranslateMessage.USER32 ref: 0040154A
                                                                                                                                                • DispatchMessageA.USER32 ref: 00401555
                                                                                                                                                • GetMessageA.USER32 ref: 00401572
                                                                                                                                                • fprintf.MSVCRT ref: 004015AB
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: MessageResource$fprintf$CreateDispatchFindLoadLockTimerTranslateWindowstrstr
                                                                                                                                                • String ID: --l4j-no-splash$Exit code:%d, restarting the application!$STATIC
                                                                                                                                                • API String ID: 2241055113-1185063601
                                                                                                                                                • Opcode ID: 33ac18716a739c8569af302160795fed5acb0a4af97f80bbe930cd5371412de7
                                                                                                                                                • Instruction ID: 67a90b80666c473e9742fa792ab923d60fcf46590e4eeb89ab99995b83f5f157
                                                                                                                                                • Opcode Fuzzy Hash: 33ac18716a739c8569af302160795fed5acb0a4af97f80bbe930cd5371412de7
                                                                                                                                                • Instruction Fuzzy Hash: 4F514B71A043058BD714DF2AD94035BB7F1ABC4300F15C83FE989AB3A0EB39C8519B8A
                                                                                                                                                Function 0040124A Relevance: 10.5, APIs: 7, Instructions: 41COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _setmode$ExitProcess__p__environ__p__fmode_cexit
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2747451157-0
                                                                                                                                                • Opcode ID: 55b44065cfc3671dcbda3173ad3e590a602a7e1e9e535e6ec2c50fd80800269a
                                                                                                                                                • Instruction ID: 6dd9965de3e649a4df042f89f412d9c8f3f420679e1b57de8b71a4d36494cbca
                                                                                                                                                • Opcode Fuzzy Hash: 55b44065cfc3671dcbda3173ad3e590a602a7e1e9e535e6ec2c50fd80800269a
                                                                                                                                                • Instruction Fuzzy Hash: CD1109746057108FC304FF25D9C181A77B1BF88304B12CA7EE986AB3A6C738D850DB4A
                                                                                                                                                Function 00406A10 Relevance: 4.6, APIs: 3, Instructions: 95COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 580 406a10-406a40 call 406c70 call 406c00 GetCommandLineA GetStartupInfoA 585 406a42 580->585 586 406a48-406a5b 580->586 587 406ae6-406afe GetModuleHandleA 585->587 588 406a47 586->588 589 406a5d-406a60 586->589 590 406b00 587->590 591 406b04-406b21 call 4013b0 587->591 588->586 592 406aa0-406ab3 589->592 593 406a62-406a72 589->593 590->591 592->592 597 406ab5-406ab8 592->597 595 406ac0-406acc 593->595 596 406a74-406a7a 593->596 602 406ae0-406ae4 595->602 599 406a80-406a82 596->599 600 406b22-406b26 597->600 601 406aba 597->601 599->595 604 406a84-406a98 599->604 600->595 601->595 602->587 603 406ad0-406add 602->603 603->602 604->599 605 406a9a 604->605 605->595
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CommandHandleInfoLineModuleStartup
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1628297973-0
                                                                                                                                                • Opcode ID: 426b7e169bc4001adf4ac2880b2c14a6d5950ebf415b9d4ab6f3d543cdd5321b
                                                                                                                                                • Instruction ID: ebf8bf4e4e20132a1a66f6807e23304a966a01df456f573df18988500c29227c
                                                                                                                                                • Opcode Fuzzy Hash: 426b7e169bc4001adf4ac2880b2c14a6d5950ebf415b9d4ab6f3d543cdd5321b
                                                                                                                                                • Instruction Fuzzy Hash: 00215CB67047154FEB147636C4A23AB7BE26F42344F8AC03BC583321C3D23C5AB59A06
                                                                                                                                                Function 00406A9C Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 606 406a9c 607 406aa0-406ab3 606->607 607->607 608 406ab5-406ab8 607->608 609 406b22-406b26 608->609 610 406aba 608->610 611 406ac0-406acc 609->611 610->611 612 406ae0-406ae4 611->612 613 406ad0-406add 612->613 614 406ae6-406afe GetModuleHandleA 612->614 613->612 615 406b00 614->615 616 406b04-406b21 call 4013b0 614->616 615->616
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: HandleModule
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                                • Opcode ID: 661c79fa3b8ac9abb4e224266d4cded6d62ffdd14050f3927dba7b757e43ebb2
                                                                                                                                                • Instruction ID: f042ff4e9afc238231ba2f0a1a21a068439de561cfa6daf720de4363d65ecbf7
                                                                                                                                                • Opcode Fuzzy Hash: 661c79fa3b8ac9abb4e224266d4cded6d62ffdd14050f3927dba7b757e43ebb2
                                                                                                                                                • Instruction Fuzzy Hash: 23F0F4B1A047154BDB14AF39C09139BBBF2AF40348F86C43EC987732C2D37C99608A02
                                                                                                                                                Function 00406ACE Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 619 406ace 620 406ad0-406ae4 619->620 622 406ae6-406afe GetModuleHandleA 620->622 623 406b00 622->623 624 406b04-406b21 call 4013b0 622->624 623->624
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: HandleModule
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                                • Opcode ID: acdd093e482f5bde7bba130dde77f32350e70ae8059faee5c55a3686f59b36ed
                                                                                                                                                • Instruction ID: 3ce4b8eff68f737e1e19327138148219799e312e833f16ad5da121a4cd60d1db
                                                                                                                                                • Opcode Fuzzy Hash: acdd093e482f5bde7bba130dde77f32350e70ae8059faee5c55a3686f59b36ed
                                                                                                                                                • Instruction Fuzzy Hash: 1DF0A0B6A083244ADB04AF7AC18136AFFF1AF45358F45C47ED985626D2D27C8550CB52
                                                                                                                                                Function 00401290 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                Download Yara Rule

                                                                                                                                                Control-flow Graph

                                                                                                                                                • Executed
                                                                                                                                                • Not Executed
                                                                                                                                                control_flow_graph 627 401290-4012a3 __set_app_type call 401150 629 4012a8-4012a9 627->629
                                                                                                                                                APIs
                                                                                                                                                • __set_app_type.MSVCRT ref: 0040129D
                                                                                                                                                  • Part of subcall function 00401150: SetUnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,004012A8), ref: 00401161
                                                                                                                                                  • Part of subcall function 00401150: __getmainargs.MSVCRT ref: 0040119A
                                                                                                                                                  • Part of subcall function 00401150: _setmode.MSVCRT ref: 004011D5
                                                                                                                                                  • Part of subcall function 00401150: _setmode.MSVCRT ref: 004011FB
                                                                                                                                                  • Part of subcall function 00401150: __p__fmode.MSVCRT ref: 00401200
                                                                                                                                                  • Part of subcall function 00401150: __p__environ.MSVCRT ref: 00401215
                                                                                                                                                  • Part of subcall function 00401150: _cexit.MSVCRT ref: 00401239
                                                                                                                                                  • Part of subcall function 00401150: ExitProcess.KERNEL32 ref: 00401241
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: _setmode$ExceptionExitFilterProcessUnhandled__getmainargs__p__environ__p__fmode__set_app_type_cexit
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 250851222-0
                                                                                                                                                • Opcode ID: f8f8779216d611a18a63dbf5b8c311eb09e190107aa71f1f2c959bcc01329ce4
                                                                                                                                                • Instruction ID: f3566ed841fe2c78bbec3e3585cf37c7a6b3b3915cdcc1304e07bfa49eda4ab5
                                                                                                                                                • Opcode Fuzzy Hash: f8f8779216d611a18a63dbf5b8c311eb09e190107aa71f1f2c959bcc01329ce4
                                                                                                                                                • Instruction Fuzzy Hash: F3C09B3041421497C3003FB5DC0E359BBA87B05305F41443CD5C967261D67839054796

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 00401ED0 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 116stringwindowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401ED7
                                                                                                                                                • puts.MSVCRT ref: 00401F11
                                                                                                                                                • ShellExecuteA.SHELL32 ref: 00401F5A
                                                                                                                                                • printf.MSVCRT ref: 00401F89
                                                                                                                                                • fclose.MSVCRT ref: 00401F93
                                                                                                                                                • MessageBoxA.USER32 ref: 00401FBF
                                                                                                                                                • FormatMessageA.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401FFD
                                                                                                                                                • strlen.MSVCRT ref: 0040201F
                                                                                                                                                • strcat.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 00402040
                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 0040204B
                                                                                                                                                • fprintf.MSVCRT ref: 0040206D
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Message$ErrorExecuteFormatFreeLastLocalShellfclosefprintfprintfputsstrcatstrlen
                                                                                                                                                • String ID: An error occurred while starting the application.$Error msg:%s$Error:%s$Open URL:%s$open
                                                                                                                                                • API String ID: 1449747937-1100426463
                                                                                                                                                • Opcode ID: 1d01a69e9d7fb2250e9da01269d9a9a695086d462b34391a24b83a14a180ea29
                                                                                                                                                • Instruction ID: 2d12064388d49b1e09197d997951df6f1fa04ecba0d9f77cc5412a013d33004a
                                                                                                                                                • Opcode Fuzzy Hash: 1d01a69e9d7fb2250e9da01269d9a9a695086d462b34391a24b83a14a180ea29
                                                                                                                                                • Instruction Fuzzy Hash: 5041F1B0B083019BD704EF29D68525FBAE1BB84344F11C83FE589A7391D77C89559B8B
                                                                                                                                                Function 004042B0 Relevance: 61.5, APIs: 29, Strings: 6, Instructions: 286stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$FindLoadLockstrlen$strcat$ErrorLastfprintf
                                                                                                                                                • String ID: - $-bit$1.8.0$1.8.0$An error occurred while starting the application.$Resource %d:%s
                                                                                                                                                • API String ID: 484976878-253376002
                                                                                                                                                • Opcode ID: b992894269d4df67585a336ef44875f4a4d0f1fa0297b5c6ea2c178211651a31
                                                                                                                                                • Instruction ID: 34e31f97e9555f3506bafa7709ed99a0cf1f3aa383949e3ef6a0ea41d6191ac0
                                                                                                                                                • Opcode Fuzzy Hash: b992894269d4df67585a336ef44875f4a4d0f1fa0297b5c6ea2c178211651a31
                                                                                                                                                • Instruction Fuzzy Hash: 50B170B07183018BD704EF3AD64035ABAE1BB84344F05C93ED989E7391D77DC9658B9A
                                                                                                                                                Function 00402920 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 218stringregistryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: strcpy$memsetstrcmpstrlen$fprintfstrcat$EnumOpenstrchrstrncpy
                                                                                                                                                • String ID: %s-bit search:%s...$1.8.0$Check:%s$Ignore:%s$Match:%s
                                                                                                                                                • API String ID: 972160396-125968938
                                                                                                                                                • Opcode ID: c86c034fc67a71293e03635b1d03b0b522562ab163ebdae5596db442e3a19ad0
                                                                                                                                                • Instruction ID: 9a2c2f7deab8620c59848cd1e9c546dad7476eac0264ac07e1180a0b30e31d97
                                                                                                                                                • Opcode Fuzzy Hash: c86c034fc67a71293e03635b1d03b0b522562ab163ebdae5596db442e3a19ad0
                                                                                                                                                • Instruction Fuzzy Hash: 25A12AB49087149BC711EF25C98429EFBF5AF84704F0188BFE489A7391D7789A858F86
                                                                                                                                                Function 00403100 Relevance: 43.9, APIs: 16, Strings: 9, Instructions: 186stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: strcat$strncat$memsetstrchr$CurrentDirectoryEnvironmentVariablestrlenstrstr
                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\jre$EXEDIR$EXEFILE$HKEY$JREHOMEDIR$OLDPWD$PWD$Substitute:%s = %s
                                                                                                                                                • API String ID: 3324974479-1623937630
                                                                                                                                                • Opcode ID: 6614e760f1d2ee19f4b253176852c44bfd1491407e5a90ce63a812219ddd9ebb
                                                                                                                                                • Instruction ID: ed202c75566bdcf25b9861d036979bf7c043f81e68319857b6959b64db836d4b
                                                                                                                                                • Opcode Fuzzy Hash: 6614e760f1d2ee19f4b253176852c44bfd1491407e5a90ce63a812219ddd9ebb
                                                                                                                                                • Instruction Fuzzy Hash: 80711C759043159BCB54DF25C88025ABBE5FF84314F41C8BEE98DA7381DB389E85CB8A
                                                                                                                                                Function 004033F0 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 228stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • Heap limit:Reduced %d MB heap size to 32-bit maximum %d MB, xrefs: 004036B0
                                                                                                                                                • Resource %d:%s, xrefs: 004034A3, 00403563
                                                                                                                                                • Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB, xrefs: 00403688
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$FindLoadLockatoifprintfstrlen$ErrorLast_itoastrcat
                                                                                                                                                • String ID: Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB$Heap limit:Reduced %d MB heap size to 32-bit maximum %d MB$Resource %d:%s
                                                                                                                                                • API String ID: 1284713559-335395982
                                                                                                                                                • Opcode ID: 49b52521ad4b28281b4610723bdc3fecec1105f7fc221ab9df715c009cf8496d
                                                                                                                                                • Instruction ID: 556c7044ae09a008ffae0a8d9fc69ada731a51744f4509117c473fc4c8ef08ad
                                                                                                                                                • Opcode Fuzzy Hash: 49b52521ad4b28281b4610723bdc3fecec1105f7fc221ab9df715c009cf8496d
                                                                                                                                                • Instruction Fuzzy Hash: CC916FB19083159BDB14EF69C58025FBBF5BF88304F05883EE889AB391D738D915CB86
                                                                                                                                                Function 00401C30 Relevance: 36.9, APIs: 12, Strings: 9, Instructions: 108stringfileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: strstr$fprintfmemset$EnvironmentVariablefopenstrlenstrncpy
                                                                                                                                                • String ID: Version:%s$--l4j-debug$--l4j-debug-all$3.9$CmdLine:%s %s$debug$debug-all$j.lo$nch4
                                                                                                                                                • API String ID: 1991431792-3923029096
                                                                                                                                                • Opcode ID: a285fad08061a693a5248468f59be63a75b3341ece323a7797179705ea493636
                                                                                                                                                • Instruction ID: 60ffc86f505bfdbbbba3efb310094abc59b8358325a5033e9b193ab27e218064
                                                                                                                                                • Opcode Fuzzy Hash: a285fad08061a693a5248468f59be63a75b3341ece323a7797179705ea493636
                                                                                                                                                • Instruction Fuzzy Hash: AA411DB49083059BC710AF6AC58056EFBE5EF84754F01C83FE989AB391D738D851DB8A
                                                                                                                                                Function 00405B60 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 121stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • --l4j-, xrefs: 00405C50, 00405C8E
                                                                                                                                                • Resource %d:%s, xrefs: 00405D11
                                                                                                                                                • -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre, xrefs: 00405C13, 00405C2F, 00405CAE, 00405CCA
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$strcatstrlenstrstr$ErrorFindLastLoadLockmemsetstrchrstrcpy
                                                                                                                                                • String ID: --l4j-$-Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre$Resource %d:%s
                                                                                                                                                • API String ID: 782867121-196463637
                                                                                                                                                • Opcode ID: ac6294b31dbabfa38df6261dad10e70e22e75e7ae9a4ecf5308ff82ecc24c60d
                                                                                                                                                • Instruction ID: d40fd4806269129820aebf3143e2994a5f350a870bc7b93ef3ae692e42a163e9
                                                                                                                                                • Opcode Fuzzy Hash: ac6294b31dbabfa38df6261dad10e70e22e75e7ae9a4ecf5308ff82ecc24c60d
                                                                                                                                                • Instruction Fuzzy Hash: E6414DB0908B019AE714AF29C54432BBAE5EF45704F01C87FE589A73C2D73D88958F9B
                                                                                                                                                Function 004023B0 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 118stringregistryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: strstr$Open$CloseQueryValuestrchrstrrchr
                                                                                                                                                • String ID: HKEY$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS
                                                                                                                                                • API String ID: 356245303-4236897492
                                                                                                                                                • Opcode ID: a1b4684ee25663612e490b4be978381a64ee457d4bbee82a063a929b877f78fc
                                                                                                                                                • Instruction ID: 2ae7df6790b6f1853f37995f78c893f74154cd1711da3b843cecc37fcb260c67
                                                                                                                                                • Opcode Fuzzy Hash: a1b4684ee25663612e490b4be978381a64ee457d4bbee82a063a929b877f78fc
                                                                                                                                                • Instruction Fuzzy Hash: 2B414FB5D087069BDB00EF69C98425EFBE1BF84314F05883FE988A7381D77899448B96
                                                                                                                                                Function 00403B77 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 111stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • Working dir:%s, xrefs: 00403CBF
                                                                                                                                                • Resource %d:%s, xrefs: 00403CFD
                                                                                                                                                • C:\Users\user\AppData\Roaming\InstallerPDW, xrefs: 00403BCC
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$fprintfmemset$CurrentDirectoryErrorFindLastLoadLock_chdirstrcatstrlenstrncpy
                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\InstallerPDW$Resource %d:%s$Working dir:%s
                                                                                                                                                • API String ID: 422477114-958256636
                                                                                                                                                • Opcode ID: 9c9ccb99f420a877555200c07f2862f7891259c708e168cf86730445fea71b0e
                                                                                                                                                • Instruction ID: 349f221890d6d40fe71c0e96cafd37487ebf52b12bf3dfd57c186abffd885e97
                                                                                                                                                • Opcode Fuzzy Hash: 9c9ccb99f420a877555200c07f2862f7891259c708e168cf86730445fea71b0e
                                                                                                                                                • Instruction Fuzzy Hash: B1416BB19087119BE700AF29D58135EBFE4EF84344F01883EE989A7381D7389994CB8A
                                                                                                                                                Function 00404040 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 155stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • 1.8.0, xrefs: 00404051
                                                                                                                                                • C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe, xrefs: 004041A5
                                                                                                                                                • Runtime used:%s (%s-bit), xrefs: 004041DF
                                                                                                                                                • Resource %d:%s, xrefs: 0040428D
                                                                                                                                                • C:\Users\user\AppData\Roaming\InstallerPDW\jre, xrefs: 004041AC
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$FindLoadLockatoifprintfstrcpy
                                                                                                                                                • String ID: 1.8.0$C:\Users\user\AppData\Roaming\InstallerPDW\jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Resource %d:%s$Runtime used:%s (%s-bit)
                                                                                                                                                • API String ID: 1856142485-556381628
                                                                                                                                                • Opcode ID: d297cc4e5c952a856f3d68dfdf06d37a651345b527a0279046be52caef7b7906
                                                                                                                                                • Instruction ID: 209fe916da85df5c911ae4276ce2f96064c2a1019c36ad74d5d97ab76ae223e1
                                                                                                                                                • Opcode Fuzzy Hash: d297cc4e5c952a856f3d68dfdf06d37a651345b527a0279046be52caef7b7906
                                                                                                                                                • Instruction Fuzzy Hash: A8513AB0A083059BD704AF65D54436EBBE1ABC4304F01C87EE989AB3D2D77D9C919B4A
                                                                                                                                                Function 004051E0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 117stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • memset.MSVCRT ref: 00405211
                                                                                                                                                • memset.MSVCRT ref: 00405228
                                                                                                                                                • FindResourceExA.KERNEL32(?,00000000,?), ref: 00405250
                                                                                                                                                • LoadResource.KERNEL32(?,?,?,00406514), ref: 0040526D
                                                                                                                                                • LockResource.KERNEL32(?,?,?,?,?,00406514), ref: 0040527C
                                                                                                                                                • fprintf.MSVCRT ref: 004052C8
                                                                                                                                                • SetEnvironmentVariableA.KERNEL32 ref: 004052EC
                                                                                                                                                • strtok.MSVCRT(?,?,?,?,00406514), ref: 004052FF
                                                                                                                                                • strchr.MSVCRT ref: 00405316
                                                                                                                                                • fprintf.MSVCRT ref: 0040535A
                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00406514), ref: 00405373
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$fprintfmemset$EnvironmentErrorFindLastLoadLockVariablestrchrstrtok
                                                                                                                                                • String ID: Resource %d:%s$Set var:%s = %s
                                                                                                                                                • API String ID: 301265589-2172967655
                                                                                                                                                • Opcode ID: 269e6b674d12423d849caec9e5e778c3ff3d2c18b953fcfb33869b71bd7f8dc3
                                                                                                                                                • Instruction ID: afa5dd9bf5237a591f145b88366e3ef618c797e9271656589243b0a106b18b75
                                                                                                                                                • Opcode Fuzzy Hash: 269e6b674d12423d849caec9e5e778c3ff3d2c18b953fcfb33869b71bd7f8dc3
                                                                                                                                                • Instruction Fuzzy Hash: DA4138B0A087019BD710AF2AD58035FBBE4EF88340F41C87EE489A7391D738D9559F9A
                                                                                                                                                Function 004050D0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 79stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe, xrefs: 004050F1
                                                                                                                                                • appendToPathVar failed., xrefs: 00405186
                                                                                                                                                • Error:%s, xrefs: 0040518B
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: strlen$EnvironmentVariablememset$fprintfstrcatstrcpy
                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Error:%s$appendToPathVar failed.
                                                                                                                                                • API String ID: 495583820-990358033
                                                                                                                                                • Opcode ID: 1bd0987b0e2fc78d473a59205c3eea85c459be8ceac31c8754d4a8f2c5af2878
                                                                                                                                                • Instruction ID: f6e45bb88e98a1b81569ded4109919bd0ed7862b498e3da174d31cb25c7df640
                                                                                                                                                • Opcode Fuzzy Hash: 1bd0987b0e2fc78d473a59205c3eea85c459be8ceac31c8754d4a8f2c5af2878
                                                                                                                                                • Instruction Fuzzy Hash: 232161B5A087109AD710AF2AD44016FBBE5EFC4704F42C43FE489AB391D73C88528B8A
                                                                                                                                                Function 004039F1 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 103synchronizationCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$ErrorLastfprintf$CreateFindLoadLockMutexmemset
                                                                                                                                                • String ID: Error:%s$Instance already exists.$Resource %d:%s
                                                                                                                                                • API String ID: 1676011544-3441027790
                                                                                                                                                • Opcode ID: 5d703d892fcee4d035bb5678ce239c4aadbc0211198db526eb703aee52715d62
                                                                                                                                                • Instruction ID: 63ebb8a2186d1c087548a531fdd3118c811b0fdf88078b365d510e972c39d1b2
                                                                                                                                                • Opcode Fuzzy Hash: 5d703d892fcee4d035bb5678ce239c4aadbc0211198db526eb703aee52715d62
                                                                                                                                                • Instruction Fuzzy Hash: 7E414F70A083059BDB14EF39D58135ABBE4AB84344F00C87EE48EE73C1E678D9959F56
                                                                                                                                                Function 004027A0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 96registrystringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: memset$CloseOpenQueryValuestrcatstrcpystrlen
                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$JavaHome$jre
                                                                                                                                                • API String ID: 2991842512-1900418546
                                                                                                                                                • Opcode ID: d8b368d274ae85d4bc000698528c95442d51d74e1ab4d3ee601e9f643d251c95
                                                                                                                                                • Instruction ID: f9c37e86e1fa10c1b6e9cf4516faf301a59072f01b137ca7bee1a517f153a641
                                                                                                                                                • Opcode Fuzzy Hash: d8b368d274ae85d4bc000698528c95442d51d74e1ab4d3ee601e9f643d251c95
                                                                                                                                                • Instruction Fuzzy Hash: 7A4152B5D047159BD710EF29C94425ABBE0EF84310F01C5BEE88DA7381D7789A84CF86
                                                                                                                                                Function 00404069 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 107stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe, xrefs: 004041A5
                                                                                                                                                • Runtime used:%s (%s-bit), xrefs: 004041DF
                                                                                                                                                • C:\Users\user\AppData\Roaming\InstallerPDW\jre, xrefs: 004041AC
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$fprintf$ErrorFindLastLoadLockatoistrcpy
                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Runtime used:%s (%s-bit)
                                                                                                                                                • API String ID: 440416407-1683018420
                                                                                                                                                • Opcode ID: b3bc536126c4a8c1264af20974626aece3c182a84d0fe9925ec699f1c1c00d30
                                                                                                                                                • Instruction ID: 5389436385b8e7cd97168d55a14ed6d8c30c170912d26635384efc32abc192e5
                                                                                                                                                • Opcode Fuzzy Hash: b3bc536126c4a8c1264af20974626aece3c182a84d0fe9925ec699f1c1c00d30
                                                                                                                                                • Instruction Fuzzy Hash: D3415CB0A043019BD714AF25D58436EBBE1ABC4304F05C87ED989AB3D2D77D9C918B4A
                                                                                                                                                Function 00402829 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 64stringregistryCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CloseQueryValuememsetstrcatstrcpystrlen
                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$JavaHome$jre
                                                                                                                                                • API String ID: 2049115317-1900418546
                                                                                                                                                • Opcode ID: 5ea3d1e5677a1b9a5e222b99d69bfb2b1b3225a46dc7237ee8f34001a989facb
                                                                                                                                                • Instruction ID: 0f7c0f34ce8200dd43c2f0bb0ff6e98dc681f3c32799e7a142d2370fabdcc0ea
                                                                                                                                                • Opcode Fuzzy Hash: 5ea3d1e5677a1b9a5e222b99d69bfb2b1b3225a46dc7237ee8f34001a989facb
                                                                                                                                                • Instruction Fuzzy Hash: DB217F759087158AD710EF29C58439ABBE1EF84304F05C9BEE58967381D7789A84CB86
                                                                                                                                                Function 00402CB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 122COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$FindLoadLockatoifprintf
                                                                                                                                                • String ID: Resource %d:%s$`O@
                                                                                                                                                • API String ID: 2193512306-2494596910
                                                                                                                                                • Opcode ID: d2c659763aea7fa65e5a142a8afab7499bcdc8dbce1d9b0d6845306160327ef1
                                                                                                                                                • Instruction ID: 0e451c3d1c8705976eb6372eae49d11802872584f9afc5ab120ed64a9f793ad4
                                                                                                                                                • Opcode Fuzzy Hash: d2c659763aea7fa65e5a142a8afab7499bcdc8dbce1d9b0d6845306160327ef1
                                                                                                                                                • Instruction Fuzzy Hash: 1C4151709083059BDB149F29D68426EBBE1EF84300F14847FD885B73D0D6B8DD519B8A
                                                                                                                                                Function 004022B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 77COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$atoi$ErrorFindLastLoadLockfprintf
                                                                                                                                                • String ID: Resource %d:%s
                                                                                                                                                • API String ID: 1405122715-3770364717
                                                                                                                                                • Opcode ID: 860e33d9464aaac1aaf4294ce0ce0efbf730c1f33b9003797695dbf45b4547a1
                                                                                                                                                • Instruction ID: 173d0b95324560bc3b63ac67752d65b29fca71815bb9e03dc755f331b579f335
                                                                                                                                                • Opcode Fuzzy Hash: 860e33d9464aaac1aaf4294ce0ce0efbf730c1f33b9003797695dbf45b4547a1
                                                                                                                                                • Instruction Fuzzy Hash: 5B21B2759083018BDB14EF3AD58076FBBE0AF84340F01883EE989A7391D73CD8658B96
                                                                                                                                                Function 004021A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$ErrorFindLastLoadLockfprintf
                                                                                                                                                • String ID: Resource %d:%s$true
                                                                                                                                                • API String ID: 2300709556-1650570159
                                                                                                                                                • Opcode ID: 81dd6341af696f5ba0067316c7a2603a014bd5558d3fa65d953e464f06248ab3
                                                                                                                                                • Instruction ID: edd0d00bdcf57973877bd5b19408a799ab47b92a6fbc58d7c0a8dfc23e37736a
                                                                                                                                                • Opcode Fuzzy Hash: 81dd6341af696f5ba0067316c7a2603a014bd5558d3fa65d953e464f06248ab3
                                                                                                                                                • Instruction Fuzzy Hash: DA21FB72A083155BDB10AF79D54436BBBE4FF80350F05847FE989A73C0D639DA148B95
                                                                                                                                                Function 00401DC5 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39libraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressCurrentHandleModuleProcProcessfprintf
                                                                                                                                                • String ID: IsWow64Process$WOW64:%s$yes
                                                                                                                                                • API String ID: 24026888-2072328098
                                                                                                                                                • Opcode ID: 79cba90a5c32919940d47014e4f11db2286ddd08fea7034ebff4aa08fe6649a9
                                                                                                                                                • Instruction ID: aea4bb79273e8d534990c21f24d6dc2711a2c6fda4608cbe9aad56ecb48cfa11
                                                                                                                                                • Opcode Fuzzy Hash: 79cba90a5c32919940d47014e4f11db2286ddd08fea7034ebff4aa08fe6649a9
                                                                                                                                                • Instruction Fuzzy Hash: 9001677060430597CB00BF75D58521B76E0AB84348F01C83ED5857B381D778DC25CB9A
                                                                                                                                                Function 00401DD0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 37libraryloaderCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: AddressCurrentHandleModuleProcProcessfprintf
                                                                                                                                                • String ID: IsWow64Process$WOW64:%s$yes
                                                                                                                                                • API String ID: 24026888-2072328098
                                                                                                                                                • Opcode ID: 0f449fa4e61134affe168ec5c855c7a0e9b7151d64be7ae9747b5a4d41c4c0fd
                                                                                                                                                • Instruction ID: a217be7bda152947c960663f56388daf3a3792abde6a83131336f65876ccd3cc
                                                                                                                                                • Opcode Fuzzy Hash: 0f449fa4e61134affe168ec5c855c7a0e9b7151d64be7ae9747b5a4d41c4c0fd
                                                                                                                                                • Instruction Fuzzy Hash: 52F03170A0830597DB00BF75D58511F7AE4AB84348F01C83ED985AB3D6EB78DC249B9A
                                                                                                                                                Function 00405CDC Relevance: 12.0, APIs: 6, Strings: 2, Instructions: 45stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • --l4j-, xrefs: 00405C50, 00405C8E
                                                                                                                                                • -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre, xrefs: 00405CAE, 00405CCA
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: strstr$ErrorLaststrcatstrchrstrcpystrlen
                                                                                                                                                • String ID: --l4j-$-Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre
                                                                                                                                                • API String ID: 1304447673-1914445181
                                                                                                                                                • Opcode ID: d165a1be7fc4b68c02de8a7e451452b4915db2d7301cae9c236fcca6c72a7ef8
                                                                                                                                                • Instruction ID: 56afbf9f269423abcfbc407513a566e97e7e4f5f61a7ec7fa9ea9c2cf9926f11
                                                                                                                                                • Opcode Fuzzy Hash: d165a1be7fc4b68c02de8a7e451452b4915db2d7301cae9c236fcca6c72a7ef8
                                                                                                                                                • Instruction Fuzzy Hash: 950109745087109AE710AF65C44436BBAE1EF44304F45887FD589B73C2D77D88518B8A
                                                                                                                                                Function 004019E0 Relevance: 10.6, APIs: 7, Instructions: 74timewindowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: KillMessagePostQuitTimer$CodeEnumExitProcessShowWindowWindows
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1905518172-0
                                                                                                                                                • Opcode ID: ed7f04139cc10e99910bf818abc7fe4566fa36b293454e2dcc1566a67e520c2f
                                                                                                                                                • Instruction ID: 4aa06db3ae75fa459c5dc857b340d842a3fba66811b007700aa9ab28a47e10bc
                                                                                                                                                • Opcode Fuzzy Hash: ed7f04139cc10e99910bf818abc7fe4566fa36b293454e2dcc1566a67e520c2f
                                                                                                                                                • Instruction Fuzzy Hash: 75216F71B053048BC714EF39EA4571A77E1AB80348F00853EE885A73A0D739E915DB9B
                                                                                                                                                Function 004020C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$ErrorFindLastLoadLockfprintf
                                                                                                                                                • String ID: Resource %d:%s
                                                                                                                                                • API String ID: 2300709556-3770364717
                                                                                                                                                • Opcode ID: 5fdb7a8abfa6b102f5a50e062b281fc94a6f536b858fcc5aa029184cd9954bbf
                                                                                                                                                • Instruction ID: 7b4c6ba3150bb0ca76113f71d5647f24083859b2f22289e308b5470f49ef36ec
                                                                                                                                                • Opcode Fuzzy Hash: 5fdb7a8abfa6b102f5a50e062b281fc94a6f536b858fcc5aa029184cd9954bbf
                                                                                                                                                • Instruction Fuzzy Hash: D321C570A083018BDB00FF39DA8035ABBE4EF44344F00847FE989EB381D278D8558B86
                                                                                                                                                Function 00403659 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB, xrefs: 00403688
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: strlen$_itoafprintfstrcat
                                                                                                                                                • String ID: Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB
                                                                                                                                                • API String ID: 309510014-1709647519
                                                                                                                                                • Opcode ID: 4c106ecc713cc839283f90cd6b49804e0ebd0d678dfbdb3f99c2325a0ba98a86
                                                                                                                                                • Instruction ID: e9b7ccf47b61d8f8975171a80ab5ecc25053be3e66329a59218f8502b43fd955
                                                                                                                                                • Opcode Fuzzy Hash: 4c106ecc713cc839283f90cd6b49804e0ebd0d678dfbdb3f99c2325a0ba98a86
                                                                                                                                                • Instruction Fuzzy Hash: 2B1115B59083059FCB04DF59C08129EFBF2FF88300F12882EE899AB351C7389855CB86
                                                                                                                                                Function 00401B87 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35stringfileCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: fopenmemsetstrlenstrncpy
                                                                                                                                                • String ID: j.lo$nch4
                                                                                                                                                • API String ID: 80595551-1605737849
                                                                                                                                                • Opcode ID: 70a3b17f3908ebedc0b3180f6b19ea0b43561d51c620d0b91f5d0ff4da68ae63
                                                                                                                                                • Instruction ID: 17a981617f60ab97fca732e22f92d21c70fcd95c49624fe496cb553d8773ac1f
                                                                                                                                                • Opcode Fuzzy Hash: 70a3b17f3908ebedc0b3180f6b19ea0b43561d51c620d0b91f5d0ff4da68ae63
                                                                                                                                                • Instruction Fuzzy Hash: 0601E8B5D083049BC714AF25D48155AFBE0FF48314F42C86EA88D9B356D6389954CB96
                                                                                                                                                Function 00401000 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: signal
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1946981877-0
                                                                                                                                                • Opcode ID: dc29bf9aea78ba53ae1806de999a580e3e5e4b6085ce782c554fd26ddb7216e3
                                                                                                                                                • Instruction ID: 1bbb52622e8a19badba6bad6b28e715f43f04d6c83c205b25cbd975ffaf7a7a3
                                                                                                                                                • Opcode Fuzzy Hash: dc29bf9aea78ba53ae1806de999a580e3e5e4b6085ce782c554fd26ddb7216e3
                                                                                                                                                • Instruction Fuzzy Hash: 63312FB0A042408BD724AF69C58036EB6A0BF49354F16893FD9C5E77E1C6BECCD0974A
                                                                                                                                                Function 00405010 Relevance: 9.1, APIs: 6, Instructions: 53stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: EnvironmentVariablestrlen$memsetstrcat
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 2108680700-0
                                                                                                                                                • Opcode ID: d95cb74e045f58805c42f9113675087c7de655c0657359ccab51889906dee4cd
                                                                                                                                                • Instruction ID: 19ba68cff2aee44dae23cc5b56ef49d50704ee26ecf9892f5ebb6658b324295f
                                                                                                                                                • Opcode Fuzzy Hash: d95cb74e045f58805c42f9113675087c7de655c0657359ccab51889906dee4cd
                                                                                                                                                • Instruction Fuzzy Hash: 9D1119B5D087149BCB00EF69C54105DFBF1EF88314F1284BEE888A7355DA385A518BC6
                                                                                                                                                Function 00402620 Relevance: 9.0, APIs: 4, Strings: 2, Instructions: 34stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: strcatstrlen
                                                                                                                                                • String ID: bin\java.exe$bin\javaw.exe
                                                                                                                                                • API String ID: 1179760717-2770878578
                                                                                                                                                • Opcode ID: b65ea48d9e9f20d7926c5458ddd7f93f7f40326ce165c218aab041ff87f19a90
                                                                                                                                                • Instruction ID: 7687c5f18350c46cbce8d6c5260ce5ab4989a23d013a9ddc911cfd2f41cc631c
                                                                                                                                                • Opcode Fuzzy Hash: b65ea48d9e9f20d7926c5458ddd7f93f7f40326ce165c218aab041ff87f19a90
                                                                                                                                                • Instruction Fuzzy Hash: 01F062B4D183049EE710AF39D9C9A1ABBD4AF00308F46487EE4895F3D3D77A8450879A
                                                                                                                                                Function 004052DE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • SetEnvironmentVariableA.KERNEL32 ref: 004052EC
                                                                                                                                                • strtok.MSVCRT(?,?,?,?,00406514), ref: 004052FF
                                                                                                                                                • strchr.MSVCRT ref: 00405316
                                                                                                                                                  • Part of subcall function 00403100: memset.MSVCRT ref: 00403136
                                                                                                                                                  • Part of subcall function 00403100: memset.MSVCRT ref: 00403151
                                                                                                                                                  • Part of subcall function 00403100: strchr.MSVCRT ref: 0040316C
                                                                                                                                                  • Part of subcall function 00403100: strchr.MSVCRT ref: 0040318A
                                                                                                                                                  • Part of subcall function 00403100: strncat.MSVCRT ref: 004031AF
                                                                                                                                                  • Part of subcall function 00403100: strncat.MSVCRT ref: 004031D5
                                                                                                                                                  • Part of subcall function 00403100: strlen.MSVCRT ref: 004031EB
                                                                                                                                                  • Part of subcall function 00403100: strstr.MSVCRT ref: 0040327E
                                                                                                                                                • fprintf.MSVCRT ref: 0040535A
                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00406514), ref: 00405373
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: strchr$memsetstrncat$EnvironmentErrorLastVariablefprintfstrlenstrstrstrtok
                                                                                                                                                • String ID: Set var:%s = %s
                                                                                                                                                • API String ID: 3263537496-1184643595
                                                                                                                                                • Opcode ID: ee98d8c8936dcdd218bc3ae6b4bee14f3b7f662cf54e9fc7437ca12448ec09f5
                                                                                                                                                • Instruction ID: b35ccef8a7e5673246ed472a237be416f5c44ba05b5604b2d57a73e62d97e0d5
                                                                                                                                                • Opcode Fuzzy Hash: ee98d8c8936dcdd218bc3ae6b4bee14f3b7f662cf54e9fc7437ca12448ec09f5
                                                                                                                                                • Instruction Fuzzy Hash: FA01DAB05087109EC701AF2AC58031EBFE4AF88744F41C87FE4C8AB381D77889519F9A
                                                                                                                                                Function 00401FCC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32stringwindowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • FormatMessageA.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401FFD
                                                                                                                                                • strlen.MSVCRT ref: 0040201F
                                                                                                                                                • strcat.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 00402040
                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 0040204B
                                                                                                                                                • fprintf.MSVCRT ref: 004020A9
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FormatFreeLocalMessagefprintfstrcatstrlen
                                                                                                                                                • String ID: An error occurred while starting the application.
                                                                                                                                                • API String ID: 863393273-2110520379
                                                                                                                                                • Opcode ID: 9e24085052815f66a929547d79b0b0ecebc814cf3094997c733abd0dc5bb07b1
                                                                                                                                                • Instruction ID: 48929c70c90143ab4f29c9b601d13be01fb97ec1997cc056402bd9998a5ef999
                                                                                                                                                • Opcode Fuzzy Hash: 9e24085052815f66a929547d79b0b0ecebc814cf3094997c733abd0dc5bb07b1
                                                                                                                                                • Instruction Fuzzy Hash: 730116B0A083018BC300EF69C28025BBBF1BB84314F01886EE8C9A7245D77896548B8A
                                                                                                                                                Function 004012D0 Relevance: 7.6, APIs: 5, Instructions: 68stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • memset.MSVCRT ref: 004012F4
                                                                                                                                                  • Part of subcall function 004020C0: FindResourceExA.KERNEL32(?,?,?,00401888), ref: 004020EF
                                                                                                                                                  • Part of subcall function 004020C0: LoadResource.KERNEL32 ref: 00402108
                                                                                                                                                  • Part of subcall function 004020C0: LockResource.KERNEL32 ref: 00402117
                                                                                                                                                • FindWindowExA.USER32 ref: 0040132A
                                                                                                                                                • GetWindowTextA.USER32 ref: 00401350
                                                                                                                                                • strstr.MSVCRT ref: 0040135F
                                                                                                                                                • FindWindowExA.USER32 ref: 0040137F
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: FindResourceWindow$LoadLockTextmemsetstrstr
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 1871962372-0
                                                                                                                                                • Opcode ID: 1298e7c1909e02cac85a35fd553868d9f91c7302c22f4e1a6b2c68c72ce7dee5
                                                                                                                                                • Instruction ID: 5d52d5c0b459d14cb6f1974f7d56ade6fd7020e608e51b2663064d8790cfeea0
                                                                                                                                                • Opcode Fuzzy Hash: 1298e7c1909e02cac85a35fd553868d9f91c7302c22f4e1a6b2c68c72ce7dee5
                                                                                                                                                • Instruction Fuzzy Hash: 282160B2A083019BE714AF6AD54129FFBE4EF84354F01C83FE98CD3691E67885548B86
                                                                                                                                                Function 00402EE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 98stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • Runtime used:%s (%s-bit), xrefs: 00402FC4
                                                                                                                                                • C:\Users\user\AppData\Roaming\InstallerPDW\jre, xrefs: 00402F90
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: fprintfstrcpy
                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$Runtime used:%s (%s-bit)
                                                                                                                                                • API String ID: 1458319006-2880213405
                                                                                                                                                • Opcode ID: 5561c27fd72a1e767c22225ba6b48e1c42a17190cfea799da6d8e7f1897e806e
                                                                                                                                                • Instruction ID: e570360796af71997f007bbec0ddf7bd71377d3d7eeb5d391251dbc393d587ea
                                                                                                                                                • Opcode Fuzzy Hash: 5561c27fd72a1e767c22225ba6b48e1c42a17190cfea799da6d8e7f1897e806e
                                                                                                                                                • Instruction Fuzzy Hash: CA3139719093019BD715AF24864839FB6A1EB80748F01C87FE8887B3C6D7BD9C419B8A
                                                                                                                                                Function 00402EDE Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                • Runtime used:%s (%s-bit), xrefs: 00402FC4
                                                                                                                                                • C:\Users\user\AppData\Roaming\InstallerPDW\jre, xrefs: 00402F90
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: fprintfstrcpy
                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$Runtime used:%s (%s-bit)
                                                                                                                                                • API String ID: 1458319006-2880213405
                                                                                                                                                • Opcode ID: e34a0cca9953dcd10a531016e5b932c1cff74b83191ca0bd0e7937265830d13f
                                                                                                                                                • Instruction ID: 2e410cda6b073cc25c187766190d21a1da9afde98849d5476af63c368e3af956
                                                                                                                                                • Opcode Fuzzy Hash: e34a0cca9953dcd10a531016e5b932c1cff74b83191ca0bd0e7937265830d13f
                                                                                                                                                • Instruction Fuzzy Hash: 602181719043059BD7149F15C64439BB7A5EB80348F01C87EE8887B3C6C7BD9C519B89
                                                                                                                                                Function 00403700 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32 ref: 00403717
                                                                                                                                                  • Part of subcall function 004033F0: FindResourceExA.KERNEL32 ref: 00403440
                                                                                                                                                  • Part of subcall function 004033F0: LoadResource.KERNEL32 ref: 0040345C
                                                                                                                                                  • Part of subcall function 004033F0: LockResource.KERNEL32 ref: 0040346B
                                                                                                                                                  • Part of subcall function 004033F0: fprintf.MSVCRT ref: 004034B3
                                                                                                                                                  • Part of subcall function 004033F0: atoi.MSVCRT ref: 004034C3
                                                                                                                                                  • Part of subcall function 004033F0: FindResourceExA.KERNEL32 ref: 004034FE
                                                                                                                                                  • Part of subcall function 004033F0: LoadResource.KERNEL32 ref: 0040351B
                                                                                                                                                  • Part of subcall function 004033F0: LockResource.KERNEL32 ref: 0040352A
                                                                                                                                                  • Part of subcall function 004033F0: fprintf.MSVCRT ref: 00403573
                                                                                                                                                  • Part of subcall function 004033F0: atoi.MSVCRT ref: 00403583
                                                                                                                                                  • Part of subcall function 004033F0: strcat.MSVCRT(?), ref: 0040361A
                                                                                                                                                  • Part of subcall function 004033F0: strlen.MSVCRT ref: 00403622
                                                                                                                                                  • Part of subcall function 004033F0: _itoa.MSVCRT ref: 00403639
                                                                                                                                                  • Part of subcall function 004033F0: strlen.MSVCRT ref: 00403641
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: Resource$FindLoadLockatoifprintfstrlen$GlobalMemoryStatus_itoastrcat
                                                                                                                                                • String ID: -Xms$-Xmx$@
                                                                                                                                                • API String ID: 2157757142-2676391021
                                                                                                                                                • Opcode ID: dff8b46c210c447c65d657b453adb865e188cc97235aba00eb8c1e73047c40b0
                                                                                                                                                • Instruction ID: 0838842f76f9e4a7ac68c74f3cf3971a36c87926e8153908363a189b489a0147
                                                                                                                                                • Opcode Fuzzy Hash: dff8b46c210c447c65d657b453adb865e188cc97235aba00eb8c1e73047c40b0
                                                                                                                                                • Instruction Fuzzy Hash: 1D01D7B09097099FC704DF69E18154EBBF1EF88304F10883EF489A7385D738D9449B46
                                                                                                                                                Function 00401AFC Relevance: 6.0, APIs: 4, Instructions: 26timewindowCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: CodeEnumExitKillMessagePostProcessQuitTimerWindows
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 405088690-0
                                                                                                                                                • Opcode ID: 9d36f53bfc2b48dcf375a5f439baa85ef358b269035d827499970f5c7433ee0c
                                                                                                                                                • Instruction ID: 4530f2aae7447fe0df29e6f37fc7dc1219e95ab942fdeb78a325eac38ac8bd41
                                                                                                                                                • Opcode Fuzzy Hash: 9d36f53bfc2b48dcf375a5f439baa85ef358b269035d827499970f5c7433ee0c
                                                                                                                                                • Instruction Fuzzy Hash: 87F05EB59093008BC300BF34DA052197AE0AB40348F018A3FE8C5A33D1D77C9558EB9B
                                                                                                                                                Function 00401B20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: HandleModule
                                                                                                                                                • String ID: Laun$ch4j
                                                                                                                                                • API String ID: 4139908857-52159806
                                                                                                                                                • Opcode ID: ba5704b0daeddb5bd746fd9b5eed543a5f99ab6f6a48090e1268a62a4232c58d
                                                                                                                                                • Instruction ID: 3efb9f204aa9b6cf598ae448a7fd9fa3256bf58a8a3bede9923b47c04f3ea8c0
                                                                                                                                                • Opcode Fuzzy Hash: ba5704b0daeddb5bd746fd9b5eed543a5f99ab6f6a48090e1268a62a4232c58d
                                                                                                                                                • Instruction Fuzzy Hash: 30F01CB0A042058BD708EF3EEE053963AE2A784300F04C27ED409CB3B5EBB484618B8D
                                                                                                                                                Function 00402531 Relevance: 5.1, APIs: 4, Instructions: 51stringCOMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                APIs
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000002.00000002.1899247779.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                • Associated: 00000002.00000002.1899179253.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899679837.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899744949.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                • Associated: 00000002.00000002.1899806584.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_install.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID: strlen$strchrstrncpy
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID: 4793283-0
                                                                                                                                                • Opcode ID: c717c3167b26713e1d36be612c62a11c9a96452fabd6d96aff045e23f77e9a9b
                                                                                                                                                • Instruction ID: 1041cfa0432d9ad742072a7b848d71ebc1d8de872eff087a6a568f2cbe167894
                                                                                                                                                • Opcode Fuzzy Hash: c717c3167b26713e1d36be612c62a11c9a96452fabd6d96aff045e23f77e9a9b
                                                                                                                                                • Instruction Fuzzy Hash: 0E11D3B8D04728ABCB009F55C5841AEFBB1EF48310F1684AAE8547B381C779AA41CBC6

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 17023E4C Relevance: .1, Instructions: 60COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000003.00000003.1951924804.000000001701B000.00000004.00000020.00020000.00000000.sdmp, Offset: 1701B000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_3_3_1701b000_javaw.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 1a1f0bde184c3e4de13fd56246cac991f591fd01ae58c307f05fd7908af99dfe
                                                                                                                                                • Instruction ID: 5a2bd423b6492acb68109c358f7d19f83d8ccce27d2baf6839429a1ad110c91f
                                                                                                                                                • Opcode Fuzzy Hash: 1a1f0bde184c3e4de13fd56246cac991f591fd01ae58c307f05fd7908af99dfe
                                                                                                                                                • Instruction Fuzzy Hash: 0FE099A210F7C01FC34343248C215893F709E6720436A02CBD1C1DF1B3D2299A1AC322