Windows Analysis Report
PWMinderInstaller-3.3.1.1.msi

Overview

General Information

Sample Name:	PWMinderInstaller-3.3.1.1.msi
Analysis ID:	752911
MD5:	9661ec2a8a20c92f691e50cd91750a1d
SHA1:	092ee11b9c2805f808e0a072c5db1cced5648418
SHA256:	d621d35135fe84d33a85da02b68dd2e327cd01d6185b0cddda98042259c2da0c
Infos:

Detection

Score:	13
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Creates autostart registry keys to launch java

Drops files with a non-matching file extension (content does not match file extension)

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Adds / modifies Windows certificates

Drops PE files

Tries to load missing DLLs

Deletes files inside the Windows folder

Drops PE files to the windows directory (C:\Windows)

Creates files inside the system directory

Binary contains a suspicious time stamp

Stores files to the Windows start menu directory

Checks for available system drives (often done to infect USB drives)

Found dropped PE file which has not been started or loaded

Classification

Signatures

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\README.txt

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{057BD86F-54F3-343C-AD7C-A5491C1BF591}

Jump to behavior

Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: keytool.pdb source: keytool.exe.1.dr
Source:	Binary string: j2gss.pdb source: j2gss.dll.1.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: api-ms-win-core-handle-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: api-ms-win-core-console-l1-1-0.dll.1.dr
Source:	Binary string: rmi.pdb source: rmi.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-2-0.pdb source: api-ms-win-core-console-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source:	Binary string: keytool.pdb source: keytool.exe.1.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: nio.pdb source: nio.dll.1.dr
Source:	Binary string: nio.pdb** source: nio.dll.1.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: api-ms-win-core-string-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: api-ms-win-crt-string-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-2-0.pdbGCTL source: api-ms-win-core-console-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.1.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

PE file does not import any functions

Source: api-ms-win-core-handle-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: API-MS-Win-core-xstate-l2-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.1.dr	Static PE information: No import functions for PE file found

Tries to load missing DLLs

Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIFF0F.tmp

Jump to behavior

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\63e8f7.msi

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PWMinderInstaller-3.3.1.1.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 483844CA7CD225D329998D5B1C5B7780 C
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding BD76792E804F7BE88D040374A60ADC55
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 483844CA7CD225D329998D5B1C5B7780 C	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding BD76792E804F7BE88D040374A60ADC55	Jump to behavior

Source: PWMinderInstaller-3.3.1.1.msi

Static file information: TRID: Microsoft Windows Installer (77509/1) 63.77%

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\PWMinder

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\Public\Desktop\PWMinder.lnk

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Local\Temp\MSIBC68.tmp

Jump to behavior

Source: nio.dll.1.dr

Binary string: java/net/PortUnreachableExceptionWSARecv failedWSASend failedLjava/io/FileDescriptor;fdshould never call map on platform where MAP_SYNC is unimplementedMap failedUnmap failedSetFilePointerEx failedtransfer failedInvalid handleRead failedSeek failedWrite failedForce failedTruncation failedSize failedLock failedRelease failedClose failedDuplicateHandle failedDirectIO setup failedJdwVolumeSerialNumbernFileIndexHighnFileIndexLowGetFileInformationByHandle failedjava/io/FileDescriptorIhandleRead/write failedrecv failedsend failedsun/nio/ch/Iocp$CompletionStatuserrorbytesTransferredcompletionKeyoverlappedCreateIoCompletionPort failedGetQueuedCompletionStatus failedPostQueuedCompletionStatusFlush failedjava/net/InetSocketAddress(Ljava/net/InetAddress;I)V<init>socketfastLoopbackbindlistenconnectAccept failedgetsocknameshutdowngetsockoptConnection resetsun/net/ConnectionResetExceptionVector read failedConnection reset by peerVector write failedSocket close failedUnix domain path not presentjava/net/SocketExceptionUnix domain path too longepoll_create1 failedepoll_wait failedReadFile failedWriteFile failedLockFile failedsocket failedWSAIoctl failedAcceptEx failedclosesocket failedConnectEx failedshutdown failed(I)Vsun/nio/fs/WindowsExceptionsun/nio/fs/WindowsNativeDispatcher$FirstFileLjava/lang/String;nameattributessun/nio/fs/WindowsNativeDispatcher$FirstStreamsun/nio/fs/WindowsNativeDispatcher$VolumeInformationfileSystemNamevolumeNamevolumeSerialNumberflagssun/nio/fs/WindowsNativeDispatcher$DiskFreeSpacefreeBytesAvailabletotalNumberOfBytestotalNumberOfFreeBytesbytesPerSectorsun/nio/fs/WindowsNativeDispatcher$Accountdomainusesun/nio/fs/WindowsNativeDispatcher$AclInformationaceCountsun/nio/fs/WindowsNativeDispatcher$CompletionStatusUnable to allocate LUID structureGetFullPathNameW failednative memory allocation failureGetFinalPathNameByHandleW failedSelect failed\Device\Afd\Wepollntdll.dllNtCancelIoFileExNtCreateFileNtCreateKeyedEventNtDeviceIoControlFileNtReleaseKeyedEventNtWaitForKeyedEventRtlNtStatusToDosError

Source: classification engine

Classification label: clean13.winMSI@6/240@0/0

Source: C:\Windows\System32\msiexec.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Automated click: Next
Source: C:\Windows\System32\msiexec.exe	Automated click: I accept the terms in the License Agreement
Source: C:\Windows\System32\msiexec.exe	Automated click: Next
Source: C:\Windows\System32\msiexec.exe	Automated click: Next
Source: C:\Windows\System32\msiexec.exe	Automated click: Next
Source: C:\Windows\System32\msiexec.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: PWMinderInstaller-3.3.1.1.msi

Static file information: File size 73277440 > 1048576

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{057BD86F-54F3-343C-AD7C-A5491C1BF591}

Jump to behavior

Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: keytool.pdb source: keytool.exe.1.dr
Source:	Binary string: j2gss.pdb source: j2gss.dll.1.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: api-ms-win-core-handle-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: api-ms-win-core-console-l1-1-0.dll.1.dr
Source:	Binary string: rmi.pdb source: rmi.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-2-0.pdb source: api-ms-win-core-console-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source:	Binary string: keytool.pdb source: keytool.exe.1.dr
Source:	Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source:	Binary string: nio.pdb source: nio.dll.1.dr
Source:	Binary string: nio.pdb** source: nio.dll.1.dr
Source:	Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: api-ms-win-core-string-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: api-ms-win-crt-string-l1-1-0.dll.1.dr
Source:	Binary string: api-ms-win-core-console-l1-2-0.pdbGCTL source: api-ms-win-core-console-l1-2-0.dll.1.dr
Source:	Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.1.dr

Binary contains a suspicious time stamp

Source: MSIC0BF.tmp.0.dr

Static PE information: 0xB3CB4BA4 [Sun Aug 2 13:20:36 2065 UTC]

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\JpARPPRODUCTICON

Jump to dropped file

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\API-MS-Win-core-xstate-l2-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\jrunscript.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\fontmanager.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFF0F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\rmiregistry.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSIC0BF.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\kinit.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\klist.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\client\jvm.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\jli.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\nio.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\jsound.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\w2k_lsa_auth.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\java.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\mlib_image.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\zip.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\awt.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\dna.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\j2gss.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\keytool.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\ucrtbase.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSIBC68.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\jawt.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\lcms.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\sspi_bridge.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\javaw.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\javajpeg.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\ktab.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\JpARPPRODUCTICON	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\jimage.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\PWMinder.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\freetype.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\prefs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\splashscreen.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\server\jvm.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\rmi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\java.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\verify.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIFF0F.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\JpARPPRODUCTICON			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\README.txt

Jump to behavior

Boot Survival

Creates autostart registry keys to launch java

Source: C:\Windows\System32\msiexec.exe

Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED66DB19D083C1D35872AAF3CA720EDE F68DB7503F45C343DAC75A94C1B15F19 C:\Program Files (x86)\PWMinder\runtime\bin\javaw.exe

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PWMinder Desktop			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PWMinder Desktop\PWMinder.lnk			Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\API-MS-Win-core-xstate-l2-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\management.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\fontmanager.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\jrunscript.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\rmiregistry.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\kinit.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\klist.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\client\jvm.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\jli.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\nio.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\jsound.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\w2k_lsa_auth.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\java.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\mlib_image.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\zip.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\awt.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\dna.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\j2gss.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\keytool.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\jawt.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-errorhandling-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\sspi_bridge.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\lcms.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\msvcp140.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\javaw.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-private-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\javajpeg.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\ktab.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\JpARPPRODUCTICON	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\jimage.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\PWMinder.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-datetime-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\freetype.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\prefs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-fibers-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\splashscreen.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\server\jvm.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\rmi.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\java.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-debug-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\verify.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-multibyte-l1-1-0.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Adds / modifies Windows certificates

Source: C:\Windows\System32\msiexec.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\Config.Msi\63e8f8.rbs	data	ED6EBDB3C6E3EA2AA0C86E8D460F8B09	9B5FC0A522DA5F75E0CBE1E3C73CBCD02EF9963C	452DB483B257F63390FF7D31C0E48EFA2F727515F5289EBAB3709B5F88372AFE
C:\Program Files (x86)\PWMinder\PWMinder.exe	PE32 executable (GUI) Intel 80386, for MS Windows	70A3C9C307218D28ADA05803643C2B10	A105753F73D5068DC6416E533AB2E51BF23A2060	1499B9DCD5B223A2BFEE521FC9FDC4C440E60286C54AC631D3DA9575CD787932
C:\Program Files (x86)\PWMinder\PWMinder.ico	MS Windows icon resource - 10 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel	2F6FC0D077719768CBF4E665E87B2AAD	C0147734DEFD436D780DCB0CEA0B72B291D671A8	4C6F8D73849A354FDB1D89FD93BDF83C7EE5DA2605CCE4AF3849DE1C9C8D5E3C
C:\Program Files (x86)\PWMinder\app\EaSynthLookAndFeel.jar	Java archive data (JAR)	AB9DACE5C381013951A6036E74BBD28D	39A722F6FF96E8C9C0A11629B16E51BAFCDC4B75	F91E89A2B4FD70F081442D13F1E0E6541801EDCF6CCF3AFC7F0993175B0765B1
C:\Program Files (x86)\PWMinder\app\LGoodDatePicker-11.2.1.jar	Java archive data (JAR)	DA308F9FB736857875F1A8986813A089	D4FE83557D1E38CB0F1EC29B867C3A59FC0DFC1D	2FA8252F3292286376A32B5494F72890EC6A2DF85E36D295960098D8DD5F8092
C:\Program Files (x86)\PWMinder\app\PWMinder-3.3.1.jar	Zip archive data, at least v1.0 to extract, compression method=deflate	3A948CAAAFB31D4F8785CB32D8A159CA	472D09688B73A5D980DE71CF14726BB5EBD59B81	C37DA7828BD3A368284E43C151EF862726FBA446E55CAED1BB37876617B93A4C
C:\Program Files (x86)\PWMinder\app\PWMinder.cfg	Generic INItialization configuration [JavaOptions]	35129E80446AE0A27B0D017C04B730F9	F50F14155297058CB02A540C6078C7EA14A8FE79	9400A089252C669EF2F12075D7B557C445DD3C8EFE42F61D7CAB0F151A583E00
C:\Program Files (x86)\PWMinder\app\bcprov-ext-jdk15on-1.60.jar	Java archive data (JAR)	C80A49D3E1075C44923570EAC95DE3D7	0FAEA4C950BBFA6E8882830F0266BC9185755D37	2D927919BF4AD006174D4E9B490B795C557F8A66F62F07A18E7C4D50A48D3E51
C:\Program Files (x86)\PWMinder\app\bcprov-jdk15on-1.60.jar	Java archive data (JAR)	435FF931AF9ED4430D2A27456B0386B2	BD47AD3BD14B8E82595C7ADAA143501E60842A84	7F1A0E6BADAB38666F8467A9A0EE96656B2F8EC8623867ED34F3CDC173B7EE07
C:\Program Files (x86)\PWMinder\app\commons-codec-1.15.jar	Zip archive data, at least v2.0 to extract, compression method=deflate	303BAF002CE6D382198090AEDD9D79A2	49D94806B6E3DC933DACBD8ACB0FDBAB8EBD1E5D	B3E9F6D63A790109BF0D056611FBED1CF69055826DEFEB9894A71369D246ED63
C:\Program Files (x86)\PWMinder\app\commons-httpclient-3.1.jar	Java archive data (JAR)	8AD8C9229EF2D59AB9F59F7050E846A5	964CD74171F427720480EFDEC40A7C7F6E58426A	DBD4953D013E10E7C1CC3701A3E6CCD8C950C892F08D804FABFAC21705930443
C:\Program Files (x86)\PWMinder\app\commons-io-2.11.0.jar	Zip archive data, at least v2.0 to extract, compression method=deflate	3B4B7CCFAECEEAC240B804839EE1A1CA	A2503F302B11EBDE7EBC3DF41DAEBE0E4EEA3689	961B2F6D87DBACC5D54ABF45AB7A6E2495F89B75598962D8C723CEA9BC210908
C:\Program Files (x86)\PWMinder\app\commons-lang3-3.12.0.jar	Zip archive data, at least v2.0 to extract, compression method=deflate	19FE50567358922BDAD277959EA69545	C6842C86792FF03B9F1D1FE2AAB8DC23AA6C6F0E	D919D904486C037F8D193412DA0C92E22A9FA24230B9D67A57855C5C31C7E94E
C:\Program Files (x86)\PWMinder\app\commons-logging-1.2.jar	Zip archive data, at least v1.0 to extract, compression method=store	040B4B4D8EAC886F6B4A2A3BD2F31B00	4BFC12ADFE4842BF07B657F0369C4CB522955686	DADDEA1EA0BE0F56978AB3006B8AC92834AFEEFBD9B7E4E6316FCA57DF0FA636
C:\Program Files (x86)\PWMinder\app\custom-components-2.0.0.jar	Zip archive data, at least v1.0 to extract, compression method=deflate	84F46F40503F335D3953F87387EC8162	001B49ED5DE13C651C8DCD3CC8AF3DB17AF6E863	0B22A5A3A9E8F54BA71A59DF04E162C976BFF084E40400AB4BBFD51437255B6E
C:\Program Files (x86)\PWMinder\app\dropbox-core-sdk-5.4.4.jar	Zip archive data, at least v1.0 to extract, compression method=deflate	245C7EF06C51700DA9C46B9974B2A2EF	9BEA02CD9388B3B3E084CD9A919A8937ABFA02EB	BE5D859649F08C58E0D8B724A5BCEBF561C343ADF01D5227BFD1493B7D599E7B
C:\Program Files (x86)\PWMinder\app\flatlaf-2.6.jar	Zip archive data, at least v2.0 to extract, compression method=deflate	8C4F71BF62708FA7881B82C62579824F	4DD2BA228E3C57EB3D80E3927B5A6A33265EB69B	6A897CAC19C4F48B22884A21A7DDCBFA47C7FDA266DBA69804A6F847AB9E97C8
C:\Program Files (x86)\PWMinder\app\flatlaf-jide-oss-2.6.jar	Zip archive data, at least v1.0 to extract, compression method=deflate	342238D042F12709E30FC25D7EEF48A0	6F4D2197B9105A1917C2E0EB72E3EEA19FE90699	711080466C977302AB3D9523F933CD25B753EA9547CFF114C88D0BEDFA6F8E4D
C:\Program Files (x86)\PWMinder\app\gson-2.9.1.jar	Zip archive data, at least v1.0 to extract, compression method=store	0D507D266DCF7EEA4B53FC3778D901C9	02CC2131B98EBFB04E2B2C7DFB84431F4045096B	378534E339E6E6D50B1736FB3ABB76F1C15D1BE3F4C13CEC6D536412E23DA603
C:\Program Files (x86)\PWMinder\app\httpclient-4.5.13.jar	Zip archive data, at least v1.0 to extract, compression method=deflate	40D6B9075FBD28FA10292A45A0DB9457	E5F6CAE5CA7ECAAC1EC2827A9E2D65AE2869CADA	6FE9026A566C6A5001608CF3FC32196641F6C1E5E1986D1037CCDBD5F31EF743
C:\Program Files (x86)\PWMinder\app\httpcore-4.4.15.jar	Zip archive data, at least v1.0 to extract, compression method=deflate	BE7C67929DF007FCAC6C8EFF5322D3A0	7F2E0C573EAA7A74BAC2E89B359E1F73D92A0A1D	3CBAED088C499A10F96DDE58F39DC0E7985171ABD88138CA1655A872011BB142
C:\Program Files (x86)\PWMinder\app\jackson-core-2.7.9.jar	Java archive data (JAR)	F5D0DFE03814113D792E75E885699640	09B530CEC4FD2EB841AB8E79F19FC7CF0EC487B2	BD90721420BB899A974ED09A107FEF42CA8CC7C8E055762F6C81576132E5BBC5
C:\Program Files (x86)\PWMinder\app\jasypt-1.9.3.jar	Zip archive data, at least v1.0 to extract, compression method=store	39327C7E38782102ECDB3C9DC4E8DCD3	0D99EF9540F51C617F2A293B460F025D2EE563DD	F481FBB8DD8CE754BFDE7552AF4FCBE8C5E303D53663BB3D8CE9D4338E0E55AA
C:\Program Files (x86)\PWMinder\app\javax.activation-1.2.0.jar	Zip archive data, at least v1.0 to extract, compression method=store	BE7C430DF50B330CFFC4848A3ABEDBFB	BF744C1E2776ED1DE3C55C8DAC1057EC331EF744	993302B16CD7056F21E779CC577D175A810BB4900EF73CD8FBF2B50F928BA9CE
C:\Program Files (x86)\PWMinder\app\jaxen-1.1.6.jar	Java archive data (JAR)	A140517286B56EEA981E188DCC3A13F6	3F8C36D9A0578E8E98F030C662B69888B1430AC0	5AC9C74BBB3964B34A886BA6B1B6C0B0DC3EBEEBC1DC4A44942A76634490B3EB
C:\Program Files (x86)\PWMinder\app\jdom2-2.0.6.1.jar	Java archive data (JAR)	5BE72710C66F3C9BA71F8009E92597D1	DC15DFF8F701B227EE523EEB7A17F77C10EAFE2F	0B20F45E3A0FD8F0D12CDC5316B06776E902B1365DB00118876F9175C60F302C
C:\Program Files (x86)\PWMinder\app\jgoodies-common-1.8.1.jar	Java archive data (JAR)	7E6BC1CD169E4F78D9529AF34A876F00	DFFC159CF71BDE5DCBB65916305684F6B43D45B1	DDCA10C16E1DC7A1B399C14580F0AAE23014851E57D224CB96C260E6D649D2AD
C:\Program Files (x86)\PWMinder\app\jgoodies-looks-2.7.0.jar	Java archive data (JAR)	F6F746EE51C49A2D91E30BDFC8043443	7679705B2D036267407138983611A4DD3EC9B72C	D7DFB4D041C28EAE836AA0910C91C1B95B29C28E833200D2EF6D311FA66B4C6D
C:\Program Files (x86)\PWMinder\app\jide-oss-3.7.12.jar	Zip archive data, at least v1.0 to extract, compression method=deflate	DF5B14FC6E71FD1D925DAB22AA720E61	D2909BECA24844D0E073226C8C9732C5F39A2B5F	C22DA104E865657FEE24A8EF739A4827545C73132DCF3D584E9551D80DFBD82F
C:\Program Files (x86)\PWMinder\app\jnr-11.jar	Java archive data (JAR)	CC98F540F89DDFEBE6C62A7ACB9290DD	F31579BDC6535D7BA6004F503AB08DA8D1FC874E	2108C31568860783F13097449356DA945504B92A62AFCE2198558094B5B9659E
C:\Program Files (x86)\PWMinder\app\log4j-api-2.19.0.jar	Zip archive data, at least v1.0 to extract, compression method=deflate	A7F8FC9751CDAA237A1E18059B4887DA	EA1B37F38C327596B216542BC636CFDC0B8036FA	5CCB24AD9F92E768D0BC456D3061A737951262DF803E004D2CAD096B75A88D60
C:\Program Files (x86)\PWMinder\app\log4j-core-2.19.0.jar	Zip archive data, at least v1.0 to extract, compression method=deflate	B7F521926226A16531F8E212B1DA1FFD	3B6EEB4DE4C49C0FE38A4EE27188FF5FEE44D0BB	B4A1796FAB7BFC36DF015C1B4052459147997E8D215A7199D71D05F9E747E4F4
C:\Program Files (x86)\PWMinder\app\miglayout-core-11.0.jar	Java archive data (JAR)	F0FA213B9170E80B1A5DFD09AF0CAE3F	99ECF243C6A64A038A568DBF8421928DB9B5C3B2	812B9C8A8F326098A43EB9550229DD31100C49F81680EECDF6649DA423F0BE9F
C:\Program Files (x86)\PWMinder\app\miglayout-swing-11.0.jar	Java archive data (JAR)	178B0CF219E824DD7BFFF4F63B838557	EA244BE3C4A16C541413C4FEBDEE539B348C744B	7AA9DA079E0ED628A3672F8DDD1B6B05A5A3EC27639F82370956748943989BA6
C:\Program Files (x86)\PWMinder\app\not-going-to-be-commons-ssl-0.3.20.jar	Zip archive data, at least v1.0 to extract, compression method=store	327A7CCFCBF2D5BD032634B8BDEAA83A	7502C294B7FEA7ABBD171A7DF15FED3BDB1E368C	0E748E762AAB3FC692BBAC984633668FF28C17CAB0671F0425F85DE81819C34D
C:\Program Files (x86)\PWMinder\app\swingx-all-1.6.5-1.jar	Zip archive data, at least v1.0 to extract, compression method=store	8F978C9184E5864EA90914052A781B1D	1EA704CD8779F8DF8A3D345EE1344239E7774D52	2A4F82979CD16D8F1C9EEA232A985DFF62BF69C4794A37B96099B20D322907C0
C:\Program Files (x86)\PWMinder\app\vappearances-3.jar	Java archive data (JAR)	0836FA7BB3668541FA31AF46356CF18F	1D3367522A1C8269489C8CB4E709E7BD75C83F78	F8E5B21D63C35F70E431A118F446D04EA6524D9C6677E4A0389DC8CB72FD2BB1
C:\Program Files (x86)\PWMinder\app\vaqua-10.jar	Java archive data (JAR)	B8C6865DFF79053CA7F510AD55B921E3	52A66177B7B03C81CF638EBDFA1F91BF5639C1A4	7B86606C5F4C765B36328530BDD27F9C7996D0D2B76B566328510013CC787312
C:\Program Files (x86)\PWMinder\runtime\bin\API-MS-Win-core-xstate-l2-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	DEFC34FAA61630DB1218170F389788AB	B6445CA0759B5D37D3341B4F760378BB17A09783	044CC370D38456DE51D85AED25681AE40240DCB5CB2F809B681EF6FD1866B90B
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	13FE5561EB3DB2CED126B79B79790799	384D673742AA451827F208DC05BECDF9958ACA85	6BE5B5755C8C864096279FF311E3B0A77865E0AA7C6FFC6E6CE2622C789E43B1
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	CE582E3A15CB6776599A8AAE328831AD	71989C59B61A97C365AAD70DB69BBF6BDEE99552	986A6C94776691DCC162D0AD49788C85E39BA255406CDDB42826FD98F12B4ECB
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-datetime-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	75D6DB7F779C887EE80962C18A411500	B76F21B4F8BC6D6F99F659CAF3A45E1C62E83B51	51EAAAB1E5955DEDB71E27E77F8BAE0F960969487D115C53F38955ED7F34935F
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-debug-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	FE7E3A0FE5CD4D960B208DB3F19F1945	13B5186FC3147DC9CC42648A265BD782E7BB6300	6CE67FA67155EC601F42FEACD7FAF91A7DD9BD81070A5BCCF0BD12B4D8563B83
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-errorhandling-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	91E6C1406BD499FF4B941D133D1898AF	4C9D0DAE41E235CD85C5665E42DBE92BE4FF9AB6	BCCAD347EFCCC5E791929E30DC3ABAFAAB636CDCF23A7B68F3DEED016DD32083
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-fibers-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	2ABB9BC8F00A5AD6EF2D6E4BE2B14ECF	51F1B7673FB63681809F8F69868A17076FF08C52	D151BECE745A4749C3C117DB0DFB61CCB2E2742C72D9B0F1DB49E70EE0239DD3
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	070EFDCECB04C8CC7E1A8DED9A220940	5DF40DB56A5A60FB24E15D65A50780AE70200496	A4C20AFE0F39CC27BBD55F98F94057CA8FD2BA72B920FE0F70F0742B26559D76
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	6E4AF6C8B50295CE9D2C7C89F6827334	86154197AE4765B638F884B47527C800C37D9CB8	BE76CE72975A4E917325DB17410E50EC006BCD95432197370E601DC00E81444A
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l2-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	47B4DF281BE629B8823AE65946C51479	B2D0E2762FFBF1668AD059DDC3BC3404D9130465	B2BFA9DE580940824B81A96067D5715A14638F93F18EBDC9182A1DEEC3443CE8
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-handle-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	3C8648161E4FBF415E888626EB927957	485BDA61BCEB014B3E7818E98C4642A87CF1BAE3	E02506F98B4561BB3F6C07C6D9927649AD2FA7BFCB3174A5BEA29861739B6C55
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-heap-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	5EC595F2EBECD32B35AD2DFB2822EC73	03766443ED42646761B5B194C402B8123C22D876	D5F66804C31B26E79619601B87D313B55B7F7B94870622BB04F7C0AADA8678AE
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-interlocked-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	0BDC5D21A0F3A13FFA5C88A939C8C94C	54A9BBBAF4062B7DABEE866CDD3AE49DB8BA0255	B7BAAD7A6A3CF241CC00AFA0D126E68C1B0E42CC563335F74372C323CFEFD4A7
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-libraryloader-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	05C848C3D74ABCF7443A05780EA3AB92	102038B6E371D38E4CFED0DB8AB8B6FDACE3F0BE	96849368DD248502827EF59EAB2E7F070C7A2D245261F4124C2B8AB10870FA4B
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-localization-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	1F41511531BBF040F80DCEBE78155894	22B2DCA8C6F4BC1AC7E6C47E23B895DFC185B9D6	D4A2127300B6AF2E0DABE99BA7D72E6C852800666BD0E8C157553EBD43BB9BDA
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-memory-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	8B0AD9B09637E82720831A1D569068A0	ACAE75F37ACB33DF2A72DCA33DEEC3CA5A0A4914	F2965D9123AEF9C8BD49200C1F07E8E9E0B829134E5B83AF6EED92CC83B8AE35
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-namedpipe-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	80B207D4C097E89089DB871218FF1E61	0D8E9F07452520C52D931B6C7C6926C44DF292DA	90645C3729039D54191FA7E17E520A38B2EE7110AE541385D8F3231DB57D5855
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processenvironment-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	4CE2581038D217453CDCD11F082F9A52	1F47B61805881C9B3BCE0D954ECA9A6AF34F83BC	CF49C84BF62726928F5F75C4D08E2BFF74B5DBE710C8E914EA26104BCBED2302
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	CE3240C6D2768D60B70FFA3D3844B172	DADD22D79FAE4AAFB23BD8131C0DF4899AA5976E	FAED7625C78B6E040AE62B9D37824286724CF6776A2B9BBD728E21F5FFA97852
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-1.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	CD7430FFCF4DCB98DF8D78DDCFF1006D	D68E704166581AE79F8E8EB3CF08DBAA29701D86	2F9747A23A0A8BD1C6E70B3BC015DC45F8A9A8EEAAD96CA2302BD3E0C33FE63C
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-profile-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	700D4B768074DB0C0C3BB6DB65F32B22	6B6014BD328D1F0543BEF7BF0EAA811BD4968BB8	C0AA88C945072BABC04E549B9085EFE483F2EB2F60C66502FA68D956E45334C4
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	8CB7321D590EEF0CC48D643D1B9D7C9B	ADD669DDCAF9A23BBF524732C091F71E7E5BFE91	5BA725F1BC75C40D0A5A0A607F843E5C4E86292DC01CE1BEFB86EF46421DBCAD
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-string-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	015AE28F41E02E57703882CFC3521765	75FDD3A2AFD413A14B9C47209EE15647EE3F456A	5739D3AABBB19D8985C07284EC7E7F8E9591FCA8D6BEAB4D16B7FF22CA192CB7
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	2D219A18F1FE5C5BCAB889BF74817456	97AC747DB3E7BC3ECB2F359894EE0E9C5E4F09B8	AE59BA27E040D2A3651581B2CA3948006B2E70DCDD7DF82243679C38D4980D7A
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	880908BF98C7D3A67998470B3770AF19	E02759642BC39F588C51AEDFE1058F727B95EA53	82B50A82E16B54233B95EC63A8EC99D86844ED115796F60C4B00494C1E15BA26
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-sysinfo-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	B15827E6DA414B0EAF28983A032CDE60	429647AEC3681BA91FE2944490C212C05CEF5F51	AD14B0E3EB3CE3CFDBA79A68A8064EDB62A11FBE354833345C4AE6126E743907
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-timezone-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	4C55353E8F13BBF2DEA1F11CE7D34B79	6EA85FDA4231ED7DC537D0C0DFB36F25CB00A190	3EF9C1B03931B54E98D6426822A634378A64754CB8FB509DF20B8C8072DD8F83
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-util-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	4E8F314A1FC6A6EF9CAC0B9A0C4A67FC	700A6771D874A96B0B4C287ECE399C98A012B6F1	BBAA4FD9157D92DBE443CB6C9BD51D2E88D1497DC852ADD6B5D06E462FC599C5
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-conio-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	5BABFCDBE7E6A051CBB46E92D2B1D374	9DFEC59A4DAC8F2B428B0E5F680983182C75F9EC	A57A01F9466F3152B17F03A1E66D7D394AEB0EDBE8F9CD8CC49B4334994B831D
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-convert-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	E28F70E327F9B4926D6484DC1A159C94	FDA05D5E0562083801966B3F962D265A6A8855E2	DABCCCC0F209E83D80024CD063D4E16D2CA2478B483E33DB7CFF40976C3C993C
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-environment-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	06B191B4F4A1F1FB86BD826AC5F48C2C	B7B454CA07B984FB74C756E60BC4EAE0BC6991A6	6666E2FAE294C82EAE55B33B6C4A61463DCA84C4B411E03326A71FDE333B519D
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-filesystem-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	499F30D39C72E8620A30BC4E0C7985EC	D57FE510B27C16FBC11BB2042333894ACB5914E2	A4EE1A6246A4C0612F12901298323612AD4C738429D14075942329CB5AC807DD
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-heap-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	A77F681BE0EFA335EAFC0C5175CCEDAD	511D3078D142C672FEBF012BED412660F88299A3	434C2CE6CF4E61BB4273C7EFB39565445383CF77A8BEE79C41FFEB5315B6F285
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-locale-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	0B688C4FCE6D07018D443C1B3BFFB3D0	0F2CF0F20FE7CFAF7F8F27E7AD7D5E1871316756	FB22B002939BB699BFA1F25B3B4C96E71CB5A737183ABC79A03A22C6D517A1A5
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-math-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	547E74027B6DB8C65BBEE2707335CDC4	C7CE2446BF4DC38D72EF115BA67086C4F121C7E8	35E617878BF8B927DF3387C5BDAA4BA94309C7AFB0F901C6A53326C3CC97FB15
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-multibyte-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	5A82F00442E6C0558687E4C8FFE8D00C	98794532EDD7627D8D4EDDD064D314C2681F8E78	559286B7F6B575E7AD881824364D5F1790669917C55EB6AA073DB0B9068AEF78
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-private-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	A407FC4E6705A7FFA7CDD8264266FBE4	7DAD59D1A1A626A483E1EAFB839E9859CA99C6F5	BE86CF37B09C08EC4EB3CF7E8403C7BB86EE80441323906D0DDACC884F3C79E4
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-process-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	80A4CBB957D7222EE43917B149E93C53	01603F8F1642D624BBA3BD45C5D73D9D10001BE4	C24FDFD9BA4701BFFB2AD840FFE315CD807BEEA6748B97835E0675C35DD13F47
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-runtime-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	898F86B6B29142428E92956F9043FCB5	89970BCA1287CD9A28AF90B1C7E61CFAD6F8D716	7D6F4E5C3AC9DC87FC962F515A0173D75718DA6B6FFCFF4F9255C109E7FE7A18
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-stdio-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	4D46C692A087DAD81BEEC8211F67F4A3	DEA942FF2135EE50FC45861D7D6F9CBD8817316B	DD4A1885415CF5C37471B18FBD9211E0B4887D0456A3320D0213FDDC4209E66D
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-string-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	C3F7F531A0F4A3BC4DEF8191803336D3	68DCC28EE07004823C1ADDD65C478ADA06A8708E	DCF381E5995FA69E3902A3F49464EC5A35F9E78A55444B24F49717512FD37372
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-time-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	AE8E8A8CCDDD31C6E93C23D66CC2C7CE	E49D67BF5B5E5A1B5F2564603AF59523305AD3C1	66E10B3EAFB86BD0B31C3AA494DE64F01B9908B90022D1C6577FD639C337CDD0
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-utility-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	23555460EB85D497549C959179118690	704E67C82FCD099E36958429EA65C24DBB4728AA	C4073E7FEFDBD189C61F63A6C8AFD169F35E2272B035ED49B6517419CC7114D9
C:\Program Files (x86)\PWMinder\runtime\bin\awt.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	9E24051A4F890EA6CB7ECA4F03873E92	99CD15E873E5FD4687887A998E5BE8186FDCAF39	25701FECC45301E864D0D033A509951E5D1346D53A313495C201222C32B08D4F
C:\Program Files (x86)\PWMinder\runtime\bin\client\jvm.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	4561A29E18F3A0D185CE3179C8B59811	410B2874E370B5848A7E74B3FF5F16C68B348BB8	2CC85ECD791D0BB0E9F995322E4BC4C27ADFDEC2F6B555B9F228F429A3D6F281
C:\Program Files (x86)\PWMinder\runtime\bin\dna.dll	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	43A4F194D1BD475DF8BE444A3A541A9E	6AA5591C56186B378654D717890E7A7EF57E2E06	19B75CAFB9A376EA352CB7DB5BCBD7B83D8CC32CFED067D41EFC0167FF0EBB8D
C:\Program Files (x86)\PWMinder\runtime\bin\fontmanager.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	FFFC4D904B2EE6EF06084126EFC54723	3F9E9E5E1B2164AA7D4B80EB52A2FC0E7742D612	BEA9A43B793EE5E9EC1FE3A4A8FB66C70EA27EAF1D340D8CEC65894563CAE45B
C:\Program Files (x86)\PWMinder\runtime\bin\freetype.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	4A2588F93EFC2DD881FCDA0FDEBC3DA2	BBFE68DB7AA602FCB2EE40B97188509C55C438BF	DEB6FBF34937D6E0AC1ED440394432DCC54414D41BFF541BF461E248C93C037B
C:\Program Files (x86)\PWMinder\runtime\bin\j2gss.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	688B661C699D297FA91BF1CC9496925D	9736E9A110CC9B2EFF91BF61F714781F519659ED	E906AC8AEEAE701DC610DDB8DD8211C713FE578802E290D0D23744AE23F53EC5
C:\Program Files (x86)\PWMinder\runtime\bin\java.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	ADE0F55D07E461AFF38C5FB4829B2621	66E55A36A1DA7867135FBDED13F2A047F061440D	F2A78836F090A8799A0EAC139E65933AEAAC2EAB6ACC63F9F603B0EC7B279B00
C:\Program Files (x86)\PWMinder\runtime\bin\java.exe	PE32 executable (console) Intel 80386, for MS Windows	61614DAE01803AC917287B511101C3DB	94296ACCF74389FA1CF94108A9E402AE268F8B84	0EB74B638CD964C0B29E6F67B9AA266B0FA9A48352D08419BC1D728369948BA9
C:\Program Files (x86)\PWMinder\runtime\bin\javajpeg.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	6AF183D27F44CB749BF55D474F02B33E	E253EC96F965CCFC853A4BFBADDF430EC06BA3A2	A3CF0A3171B2036292CF23DD923E8576CDA893251D5FD899C5F742FCBFB62509
C:\Program Files (x86)\PWMinder\runtime\bin\javaw.exe	PE32 executable (GUI) Intel 80386, for MS Windows	777CAC3523828605EE329E372AFA9570	C1EFEF51F323E3BA27E35B6979F1EB74F98D9157	0F88DA0A2E3AA557ED24C758C72EF69FCE2898CB8EFF8D2CC2FA16036EC61ED4
C:\Program Files (x86)\PWMinder\runtime\bin\jawt.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	37829FA6C09A1DE70475F2D562CE276C	66022C315F9B38519693C5B97A00D154C069B294	7194E616CA841B0628B9E7F45F3B0C470D25B0D4C5CD41D0485DFBA504261AC1
C:\Program Files (x86)\PWMinder\runtime\bin\jimage.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	3B76754411B148CDD972BA0CA060F9BC	0FF74CDABD78907C3922E4181A9B58D943765ED0	F64FE42E360A4746E0A2A28CBF48AACFFCAF4A739B16503314FB663763E30575
C:\Program Files (x86)\PWMinder\runtime\bin\jli.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	7E2A6F8DF5E8282020B9528D4FD11607	58C520450DEA71FBDDCBDD8AA601BD82444AB257	8F228CB7005DBB91F3214518F735A34A7CA0FE9797BAF47E9EE52B6274A55FCB
C:\Program Files (x86)\PWMinder\runtime\bin\jrunscript.exe	PE32 executable (console) Intel 80386, for MS Windows	30B93A22915353ADF3E985735A2324F9	9D7FC5D2E09995AADCF1EAABDE98AFD78A52F40B	2BA582F71263B9357D02B09D4B24040448BB43964308BD45893E5E10AFF4A5DD
C:\Program Files (x86)\PWMinder\runtime\bin\jsound.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	AB00C17B04E12E9C35F7891A5297ABD4	ABF9CB1412115AC156A1857A6F588A44C79BF5FA	4959A9F8111CD761C91A15FF867B39B6AA5623E6F26E4B1BFB07FBD96A402435
C:\Program Files (x86)\PWMinder\runtime\bin\keytool.exe	PE32 executable (console) Intel 80386, for MS Windows	1E6AA2909616631AAAC5C8D37C96FB70	A47E288A5035666CE3C6DD32E3DB41089647E202	1EB0DE3ED0CCF1AFE1D696C2CA58642A7049B660A9B9822161F18FD6C3FE7CE5
C:\Program Files (x86)\PWMinder\runtime\bin\kinit.exe	PE32 executable (console) Intel 80386, for MS Windows	23015C30E3223AE30DF9D6B9C03C5F39	E66C83E06B514750C78E5D7DD1146737806A4483	984EC51776C8205155FD4C147364D636BD61F40D6FF703F3D8E3A931F81E30A6
C:\Program Files (x86)\PWMinder\runtime\bin\klist.exe	PE32 executable (console) Intel 80386, for MS Windows	7E5D3DD741C932F221B5AD2221728296	26435F7A82477FABCE837A439BF541F33933AD4E	30B7A484A2E2CF1BDEA444C1F44561BAD388089155E3ACB093D2FC52EDA19B91
C:\Program Files (x86)\PWMinder\runtime\bin\ktab.exe	PE32 executable (console) Intel 80386, for MS Windows	A84228B4062901C51499E82BEAE51694	EFAEF972104F7F9CFE4E8433986A45DC42E85495	A3F1579DED60F2A512B0D62C4E08E8105ECA0987419B20FE88A25881E4E086F7
C:\Program Files (x86)\PWMinder\runtime\bin\lcms.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	58CABC6A7DF21C2486FC0F50B15BB121	C320EDBC3BFD7FDDC3538FA875DB0CB600EAA6CA	570A9532EF2157A82CD2B50C86CD4107E23719EC5C9AE18278CD12F100E15277
C:\Program Files (x86)\PWMinder\runtime\bin\management.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	E624C057B4443DEC7E90A8F2FD79B7F3	44F2247E4099531CB5F7D5BA04B2C77B41626943	56B201116F0C1083E058918B7572BA112CA970FF18B710B534D7E1336656D962
C:\Program Files (x86)\PWMinder\runtime\bin\mlib_image.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	F08FCF0CEDB33F51CFE00260FDDA08C4	6F34D25161D734808915510E68D240A8AA723251	F2583C7B0764F283512D14F3CF7492AAE6BE7556390C62E7B342467F14737CF5
C:\Program Files (x86)\PWMinder\runtime\bin\msvcp140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	0A0042FE544C91CD57BC2F7EF40BB974	8BF31F44BA3E47B8B186C3D8CC219A4D2F67DA63	4190F0A1306257CED4975448794E1D42BE312E334FFCCFB4910A4A39CDE9DF57
C:\Program Files (x86)\PWMinder\runtime\bin\net.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	F97578BB2A6AF29BBE82690D266D1AFA	B477FF07F24BA8203651335ED189D90CFB5CAF56	E48D431AE9A6B3803FD333617AF80EC69449574DC86A786801920484E5E0472F
C:\Program Files (x86)\PWMinder\runtime\bin\nio.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	4220996BD4C1D23296F50E2DA94A5457	2687788CE196A19969A8A5C72D076F16153A5876	DAA6706D802DFAEE49299D2520A89D6E9AD8E377632F0C118A47219B601B3254
C:\Program Files (x86)\PWMinder\runtime\bin\prefs.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	DE991DC8988607BC9CE7B22EF04665ED	652CE353CD19B29A69F47C603377360337DDE9B6	9A22CB96231F845550DD5EAE405732D55F25998B69623CE36D3804744D10E361
C:\Program Files (x86)\PWMinder\runtime\bin\rmi.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	E7784593C7432D8DCE63F95A4751FB3C	D8A4A247F16BEABD0F1356B1197E595133443836	9F4AA526779AC8025313A42CBEFF73ED60A883484C3F9D01C851DCAB979B8347
C:\Program Files (x86)\PWMinder\runtime\bin\rmiregistry.exe	PE32 executable (console) Intel 80386, for MS Windows	9412217874607E025FAEC40154B4BBC3	2AAEC40FD27979920D09BF0E79EA21E472CFFF33	6A2172A9B6DB2F54AB7F9CF76A89FCCF06F6C3B8E4DBACE42467CFE151EAC835
C:\Program Files (x86)\PWMinder\runtime\bin\server\jvm.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	5D52B30FB84AA476E3E55D2ED93A8581	EFB96C941F4F966739CACE6D06E96307AF1E150F	3C9B1D2DB9F38B849BA8E7494BBB9A7BFFCCA6F8A97BFA4B32E18FC8E6DF5AFF
C:\Program Files (x86)\PWMinder\runtime\bin\splashscreen.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	EBDF22D9F64C05E1D8FCF3AE881D95BC	CF1493C594BEE5742D67FC1DD7560975A0A63BA6	9B01CE127C577FCE996A2235E057CE721097EA35B73CEDFFE8DCEECA23087221
C:\Program Files (x86)\PWMinder\runtime\bin\sspi_bridge.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	E25E2146B6F26369115CBC6679719208	9B15667893F24D0EF89182B5E164A1110FE9CACE	561BDCEB5AE68E1DA8070F9C40BAAC8E6583F285891CB724E6355F9280D4FD5F
C:\Program Files (x86)\PWMinder\runtime\bin\ucrtbase.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	2357E85AFEA76C3E143D14D4D5EEADDD	EF68655D4119BE43B152BEC0F1C16E50F720AA8B	5E0570E228A3D602227168D56BBAF42FE9E928EDB503B8B09F443B2A297F57DF
C:\Program Files (x86)\PWMinder\runtime\bin\vcruntime140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	AFA8FB684EDED0D4CA6AA03AEBEA446F	98BBB8543D4B3FBECEBB952037ADB0F9869A63A5	44DE8D0DC9994BFF357344C44F12E8BFFF8150442F7CA313298B98E6C23A588E
C:\Program Files (x86)\PWMinder\runtime\bin\verify.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	54E2C3E2CBA43E604B4D47CECF708717	2FB4A04D406BCE926880B5CF9E7A7AC458E1DD2D	006A44F8F93E2E76B28AD791E0A905DCB34FC36672C630FB17D4C798549F86EF
C:\Program Files (x86)\PWMinder\runtime\bin\w2k_lsa_auth.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	84B2C8405C942C98BF183AA3A59A6583	F23C3966120CC514A6BBD12F32AAEF7F12FEE1CF	F5EC4871E29E9C2120A82BA19F54BEA0EC0745E95BF07ABB03D510520AE57A0F
C:\Program Files (x86)\PWMinder\runtime\bin\zip.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	0A6DBD5A3BC89A43F3B057262D0425B3	2CF05CA2DDED11F7D43E4659065040BFC1331887	EC9EA43A928B6A8E793EAE03078FAB0BFE0985EE4FB9D9BB4F7DA0C22154B450
C:\Program Files (x86)\PWMinder\runtime\conf\logging.properties	ASCII text	0F00EC3E7A7767A4EFEAE1875FB5F3D4	167808418571E9209B952188DDAB2F4E62920E68	B62D2733AB99556B108A1951D894C5A8D76B1AC7A00C02C388F9EB9BE046C56F
C:\Program Files (x86)\PWMinder\runtime\conf\net.properties	ASCII text	385443B7E4A37BC277C018CD1D336D49	B2C0DFB00BF699E817BDD49B14BC24B8D3282C65	5BC726671936E0AF4FDF6BED67D9E3A20A92C30B0BA23673D0314BAA5E3FFB08
C:\Program Files (x86)\PWMinder\runtime\conf\security\java.policy	ASCII text	FBF2B55342947695AA2A15E3485ED29F	A04C23F61D2958FC1E9882509927B43CAB0E799C	F2A00A1DEC3B7A097F0815F338A84717BA1017D5D7AAE96D842D2188D67C3250
C:\Program Files (x86)\PWMinder\runtime\conf\security\java.security	ASCII text, with CRLF line terminators	0A750027C4C6AAC1F2ADBCF0CB61D5AA	62FA8FA8BBBF09264C5DB08D2229B01C3DFD911C	F9B32ADEEE2ED2D3EA558CCC0DC5023EC9474BE301CF83FA09067B2A2A73D15F
C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\README.txt	ASCII text	3D47D94BC4F19D18BCC8B23F51D013AF	A97CD312D6A2A9C8C780C15E5AF51A2F4F97C2CB	6DA0747334B0FEA7592FD92614B2BBC8B126535E129B1FEE483774D914E98EB5
C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\limited\default_US_export.policy	ASCII text	1A08FFDF0BC871296C8D698FB22F542A	F3F974D3F6245C50804DCC47173AA29D4D7F0E2C	758B930A526FC670AB7537F8C26321527050A31F5F42149A2DDA623C56A0A1A9
C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\limited\default_local.policy	ASCII text	6D7B4616A5DBA477B6B6D3F9A12E568F	7FB67E217C53A685CB9314001592B5BD50B5FBB9	2B2627548E61316150D47FFC3E6CAD465CA05B3CCCD4785EB7D21AA7BAA0F441
C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\limited\exempt_local.policy	ASCII text	4CBB03F484C86CBEA1A217BAAE07D3C9	EE67275BC119C98191A09FF72F043872B05AB7FD	8C3D7648ABCD95A272CE12DB870082937F4D7F6878D730D83CB7FBB31EB8B2C9
C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\unlimited\default_US_export.policy	ASCII text	1A08FFDF0BC871296C8D698FB22F542A	F3F974D3F6245C50804DCC47173AA29D4D7F0E2C	758B930A526FC670AB7537F8C26321527050A31F5F42149A2DDA623C56A0A1A9
C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\unlimited\default_local.policy	ASCII text	2A0F330C51AFF13A96AF8BD5082C84A8	AD2509631ED743C882999AC1200FD5FB8A593639	8D8A318E6D90DFD7E26612D2B6385AA704F686CA6134C551F8928418D92B851A
C:\Program Files (x86)\PWMinder\runtime\conf\sound.properties	ASCII text	4F95242740BFB7B133B879597947A41E	9AFCEB218059D981D0FA9F07AAD3C5097CF41B0C	299C2360B6155EB28990EC49CD21753F97E43442FE8FAB03E04F3E213DF43A66
C:\Program Files (x86)\PWMinder\runtime\legal\java.base\ADDITIONAL_LICENSE_INFO	ASCII text	71BB3AD0017BF36D14BB96A8D4B32C45	1A5C553E71BDB7D94995B206BC9EAA49ABD1E888	A69BCE275BA7A3570AF6579CB0F55682CD75FEDFCD49E0E8E9022270C447C916
C:\Program Files (x86)\PWMinder\runtime\legal\java.base\ASSEMBLY_EXCEPTION	ASCII text	D94F7C92FF61C5D3F8E9433F76E39F74	7A9B074CA8D783DBE5310ECC22F5538B65CC918E	A44EB7B5CAF5534C6EF536B21EDB40B4D6BABF91BF97D9D45596868618B2C6FB
C:\Program Files (x86)\PWMinder\runtime\legal\java.base\LICENSE	ASCII text	3E0B59F8FAC05C3C03D4A26BBDA13F8F	A4FB972C240D89131EE9E16B845CD302E0ECB05F	4B9ABEBC4338048A7C2DC184E9F800DEB349366BDF28EB23C2677A77B4C87726
C:\Program Files (x86)\PWMinder\runtime\legal\java.base\aes.md	ASCII text	2E33468A535A4EB09EF57FC12A2652D0	E64516F3FA1E72F88CAA50F14B8046DD74D012B6	45C6D4DA48325EDFBFF3DCF71C704E504C057904435ED23C6D57046D551EB69D
C:\Program Files (x86)\PWMinder\runtime\legal\java.base\asm.md	Unicode text, UTF-8 text	66C0CECD7AADDF8F7D0CDB433C5C6036	C34EB481A27B11495D8E0A5505BE89826B8051E2	1FF912740E84E024711DEF5FA482FFBB46EFF64559760C467352DFA7C39A3307
C:\Program Files (x86)\PWMinder\runtime\legal\java.base\c-libutl.md	ASCII text	2E89A282A50F8702E52703464E6937CA	CFC22A6F5B17CD539234D5B3160A5224ABEFADB9	BEF40679922D6FDFB7E4DDB223AD6722300F6054BA737BBF6188D60FCEC517F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.base\cldr.md	Unicode text, UTF-8 text, with very long lines (837)	8F5780E8D582FE686ED11535DEC512ED	B63B615A826D8A40F5A45DC49DA0FF1D8B6666C1	F2BD33DED550A05D59E8F659416EF382490504548D846E6388B1DFFD273AA077
C:\Program Files (x86)\PWMinder\runtime\legal\java.base\icu.md	Unicode text, UTF-8 text, with very long lines (849)	2F77C0CAE3FDC2B5B6E8D85898CC4C2F	92DB4D2A0CDC8680910FC434A1A637A5B87ED599	AF0057E8553906083F69C2FB9FE9ED4AE8BC2340A0B1E376A424702F00300B29
C:\Program Files (x86)\PWMinder\runtime\legal\java.base\public_suffix.md	ASCII text	A90527D48AD0216FD1E5241015BB0F77	A59B3BF9478184BE7AE959E27CE7257BC418985A	BCA182053946267C1F3BB5D160849A6A290B2AEFC57ABC7155180CA98DB87301
C:\Program Files (x86)\PWMinder\runtime\legal\java.base\unicode.md	Unicode text, UTF-8 text	A37C772AAEB922A5FF741A1DA81D52AC	85C21732F4903895DAE6E512D23ACCC5D26010DF	5E4E6623A21A63F9BC16EA54AF4133B8038E490C0D499A74676F9E5A61B9C5B2
C:\Program Files (x86)\PWMinder\runtime\legal\java.base\wepoll.md	ASCII text	CEF1D92FF8ACE278BD32AC5E18735B86	6C7D15E2B8F3E99527458C8EA33420EE1D34AF7B	3AC2992770080453B98C42AFA807BA4B2C1738EF756B92A55C645F55E7DF48F0
C:\Program Files (x86)\PWMinder\runtime\legal\java.base\zlib.md	ASCII text	19F03867B2027801B674A81134FC94BD	C239D2DA15DAC52B8B928C712BBB29A0BC18AAE4	19ABD401BAC9AF9B3E34C07E226DE1E6F2C1F0806FFCDC3FE2F1AD5855A42FF8
C:\Program Files (x86)\PWMinder\runtime\legal\java.compiler\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.compiler\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.compiler\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.datatransfer\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.datatransfer\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.datatransfer\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\colorimaging.md	ASCII text	0889FD01A6802A5A934572D9BD47F430	7A7E547452EE1C72E8B0D96DCCBE315F62D5B564	04D61E3E8E71DD452EBE52008AF5378D9F6640D14578AEB515DC5375973B0189
C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\freetype.md	Unicode text, UTF-8 text	5CCE8D927FE2E23F3894983720BA4668	093124C101C910C8EA5ED4FAE90BB1EEEFCCBC0E	131C94CFB6CA086689486F7853BAFC9FCC83EE114B5B20596B3553DD537E5925
C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\giflib.md	ASCII text	867001E2A577F88CFC856F45959502AA	109C11CEC13349212BA94B9F3EB7D0943229938E	C8B99F33890887D27AD56FBA9EDD8EBBC668CFE0689168505A95613D1D4B32F8
C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\harfbuzz.md	Unicode text, UTF-8 text	F4FF45EDC44103995A71A10AAACA7196	43EE52E19CF9085CC51FFA0D6BC7752A0312233D	D4F679F8DAA239DF24A4EA9AFDF207F02273A148610262ACEB16DE1B595BA923
C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\jpeg.md	ASCII text	DE0E5A6CFC652C81EE7B582AA004DAD5	FC3BED0E9B640DAAC5C5336BADEBB3A55E89DFD5	580BE596216EE11E2554B24CE944973ACAEDE2EBF5FFBA34A6BD8CC441C05043
C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\lcms.md	ASCII text	62D9F462B20B37C861F5BAD14DE59D6A	5B6D5635FB89E55B3B0B49C1A104984DA34E6263	41F4D63E670D75F5936A895AAE919E226F5D50C54B5B09DB3BA4D7052A2C1554
C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\libpng.md	ASCII text	011DB3AD8FCF04AD9F5789F9E980D4C6	FEC756F73A909490115E5863D98C36681A89351C	F9E1A0E556F3309246D30C62EF159DE7E21DB39361176DEDA6FB57821C9872EC
C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\mesa3d.md	ASCII text	C7E0D19C8F4EFF11E97F0EB9AFD3F7F4	6A98EE2703132E181F37D162452F073FB64CED83	63F4E6F75CAEBBCCB95D903FB43E46AC7111B3624D0A34F146B276D7D9E7B152
C:\Program Files (x86)\PWMinder\runtime\legal\java.logging\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.logging\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.logging\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.management\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.management\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.management\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.naming\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.naming\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.naming\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.prefs\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.prefs\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.prefs\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.rmi\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.rmi\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.rmi\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.scripting\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.scripting\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.scripting\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.security.jgss\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.security.jgss\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.security.jgss\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.security.sasl\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.security.sasl\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.security.sasl\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.sql\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.sql\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.sql\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.transaction.xa\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.transaction.xa\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.transaction.xa\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\bcel.md	ASCII text	8BC98021A73FF0A9CDAD9DC5E84339BE	023EF9164BE63E1794FF97C2A81BA05509919641	E8C2AA528A5A0531482DBFD23EC9290FCDB373AF67A04870E780BDF98CD6ADC2
C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\dom.md	ASCII text	8067C46049AC09BCFCB9E03C5BCD1107	CBDB9414E25DAFCCDFDC905EB75999E63B9D660B	89C41F3CE50ACB96280B73D7A9C1710E96DBF6FC97D43CAB2B748DE93F9FE442
C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\jcup.md	ASCII text	4A1B6AEA2BCDF22E01B136A3FF3256D2	236F841023DFD6039A354D753E152B6CB4D25C05	8FD4C6732C5C1D63261DC2E87E052F7DE7952CD265E387F8B6CAF5AB3BF8C594
C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\xalan.md	ASCII text	B29A2D48A582BE602D54DA738C304350	24D8FEA1126ACFC1EE4F990FD761D138637E6147	EA67226BE5CFE19C7E79725C2C24A16676323264D69F9747C528DE0B44541B03
C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\xerces.md	ASCII text	5FEAC4B0A3606D75537B6B9D355E5D3D	D5A230002B75EA8F003984000F743A85EADCF7C9	472224F99DE833F4F4C19F2F8A0317F22114E1C641F5D77FFA3A4280A1B80176
C:\Program Files (x86)\PWMinder\runtime\legal\jdk.charsets\ADDITIONAL_LICENSE_INFO	ASCII text, with CRLF line terminators	19C9D1D2AAD61CE9CB8FB7F20EF1CA98	2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF	EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
C:\Program Files (x86)\PWMinder\runtime\legal\jdk.charsets\ASSEMBLY_EXCEPTION	ASCII text, with CRLF line terminators	7CAF4CDBB99569DEB047C20F1AAD47C4	24E7497426D27FE3C17774242883CCBED8F54B4D	B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
C:\Program Files (x86)\PWMinder\runtime\legal\jdk.charsets\LICENSE	ASCII text, with CRLF line terminators	16989BAB922811E28B64AC30449A5D05	51AB20E8C19EE570BF6C496EC7346B7CF17BD04A	86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
C:\Program Files (x86)\PWMinder\runtime\lib\classlist	ASCII text, with very long lines (522), with CRLF line terminators	074DB6FE4386E84FC7723E6F6693AA7E	8523C36DB3873C4F4999445FDAB0CF962766C7A7	A2F77D68C6F6F73F1CBEEAD2E1293AB7C9C1AC1BF0E71D1EC4F49DD407677436
C:\Program Files (x86)\PWMinder\runtime\lib\fontconfig.bfc	raw G3 (Group 3) FAX	0E25B41E6ACF99681EAF2E8B572F18D1	D6B4290DA768E050FE6C310366272F87E6C2B6D2	968AC99BBAAF8A49A474C934E73AD58F88C6C7F2A363CB44771E0378444E36BA
C:\Program Files (x86)\PWMinder\runtime\lib\fontconfig.properties.src	ASCII text	5A1F8A604694AF3E955C12190DE02F6C	5309AE6DD01DE0090131ECC469E965F286186FA3	B44540473B97364E0F7A8A0002DD21D7A0717028FA1533F139BC98F40C91C0F0
C:\Program Files (x86)\PWMinder\runtime\lib\jawt.lib	current ar archive	F7B571642C91DAB3B38A18C218D9A9B0	0F1D4084354F24AD7DCB0380E17BB384B83D0232	DAAB95E09059402FA15590BD3E93A0C2E8AD4424C99CD178DC7B2DB3C525816A
C:\Program Files (x86)\PWMinder\runtime\lib\jrt-fs.jar	Java archive data (JAR)	AB690C55339DCB2635AF2C41506CB4A7	048A1D1CBD8CDF92FA2CDCE2287E812A3FBE83B5	77413EA8FD6B7A98AF176942D73AF86184B7BD14C557502CA0479EC35CA01CF2
C:\Program Files (x86)\PWMinder\runtime\lib\jvm.cfg	ASCII text	19079CA57B561559ECA94490357EC716	AC99A24A23811CD1AE33A1462882D71E69AE18D0	C19C19F487657B3E2C4B70865D05B2762B8707F8538AC6CC01C258B9E09D193F
C:\Program Files (x86)\PWMinder\runtime\lib\jvm.lib	current ar archive	363BC85E269EB2624245F4D66604F431	A9A726645431DE0641941851BA24D830C12485B3	583E59EEB2E1E450A99056B97F3CC395566559CBFF1FA11785E6F4A356761ABB
C:\Program Files (x86)\PWMinder\runtime\lib\modules	Java module image (little endian), version 1.0	3728B8768361E6DED985727498237BA3	0280C9B92A2A36D17EECE9B6AC9A38B6F4B2E4D4	7BA025860F13EE2AEFA36F02253E228ED29CD7B7BC37F5BEFFE5A02B477415D0
C:\Program Files (x86)\PWMinder\runtime\lib\psfont.properties.ja	ASCII text	D4C735BF5756759A1C3BC8DE408629FC	67C15E05A398B4CE6409D530A058F7E1B2208C20	5A4BD51B969BF187FF86D94F4A71FDFBFA602762975FA3C73D264B4575F7C78F
C:\Program Files (x86)\PWMinder\runtime\lib\psfontj2d.properties	ASCII text	17B15D370018ACC01550175882C7DA91	4EDD9E0FC3D30FBDCABCDCAAB3BC0B3157FC881E	780C565D5AF3EE6F68B887B75C041CDF46A0592F67012F12EEB691283E92630A
C:\Program Files (x86)\PWMinder\runtime\lib\security\blocked.certs	ASCII text, with CRLF line terminators	8273F70416F494F7FA5B6C70A101E00E	AEAEBB14FBF146FBB0AAF347446C08766C86CA7F	583500B76965EB54B03493372989AB4D3426F85462D1DB232C5AE6706A4D6C58
C:\Program Files (x86)\PWMinder\runtime\lib\security\cacerts	Java KeyStore	CE4C89FA551DDE7EE66D237E1E848164	CAEE30665A4E3F13A955A012A1FF68717766DF95	D0D67AE4AA98810C6810893ECE1590B775C88818E723959FAA8224F13ADBF0E4
C:\Program Files (x86)\PWMinder\runtime\lib\security\default.policy	ASCII text	A9BC877EB282751FA4832811BD5FD922	F2B41D0C2C4F708F4C8B4561FF4E42C3875D9903	A06DB9C282547150E85E7A67590726F112BBDA9305371907C7082215B7D13B5C
C:\Program Files (x86)\PWMinder\runtime\lib\security\public_suffix_list.dat	Zip archive data, at least v2.0 to extract, compression method=deflate	E7A714571A1F7C4E1D2F70B8F3052ADA	2B09124CADDF58EC734F4664264ED5666F7C1C64	72E17C92D464BA1476FBCC7DAC6CBC493F6FB04F158895368B57D81DDBE277D1
C:\Program Files (x86)\PWMinder\runtime\lib\tzdb.dat	data	43181995F72430167FFC15B58CC56623	AFC3378A7667EB99E5528E7550A776FCC9F66D9D	2743C0344131E00B73B2B47C1884F09F23B28B3ECD9135A460D0DD874F57BCD3
C:\Program Files (x86)\PWMinder\runtime\lib\tzmappings	ASCII text, with CRLF line terminators	B02EE240A8DB902961FE886A19BEBA16	C52C42D591F4C650B629E6B374E967E211FB5AEB	36DC51C4BF787F640A4B45CBB84AB6954F6E595CBD3617C2F5A4E1E607B38BFF
C:\Program Files (x86)\PWMinder\runtime\release	ASCII text, with CRLF line terminators	2C558893872E1FD4B5DFAAD5F8232052	122C349D9C414D564031D2FF9D25C65A29BFA459	AA40CEBB4AA9BFE9FD9B2708CC901D970BF5F598A3C27C3F21B38D771BF867E5
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PWMinder Desktop\PWMinder.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Nov 17 22:20:38 2022, mtime=Thu Nov 24 07:44:34 2022, atime=Thu Nov 17 22:20:38 2022, length=534896, window=hide	2BE9CA5C367D0CB6826CE5458EA949D3	EF5431DFB3720B18919BDE5E383DE600A15A0BF0	8D1E37C9B6C4F291BD2D49CD6BC6554F028FA65827140130081BDCBF0190FE97
C:\Users\Public\Desktop\PWMinder.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Nov 17 22:20:38 2022, mtime=Thu Nov 24 07:44:34 2022, atime=Thu Nov 17 22:20:38 2022, length=534896, window=hide	6EB1E6B6DC0507E3BFBE56238C38EEB8	9DEE6A9DC7EAC8E76FD50B5CDE7EC6F60BF8C152	76E09440439D080A17B065B33054645A6BF3DEC8842CB3C40EF98A4929CD7884
C:\Users\user\AppData\Local\Temp\MSIBC68.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	4FDD16752561CF585FED1506914D73E0	F00023B9AE3C8CE5B7BB92F25011EAEBE6F9D424	AECD2D2FE766F6D439ACC2BBF1346930ECC535012CF5AD7B3273D2875237B7E7
C:\Users\user\AppData\Local\Temp\MSIC0BF.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	EBCEAC311F924A90A996B543538F1861	96DAD8F8705EEF6DF52E9387F1AA6E8ED3DED10A	9980ED314E2F2331CAA454FEF0B500690074113E07AB3EEE415AE0ED18FAF1AC
C:\Windows\Installer\63e8f7.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PWMinder, Author: Ewert Technologies, Keywords: Installer, Comments: This installer database contains the logic and data required to install PWMinder., Template: x64;1033, Revision Number: {5EB4ACF9-60F1-4E53-B837-23C8A24DDA3A}, Create Time/Date: Thu Nov 17 23:20:42 2022, Last Saved Time/Date: Thu Nov 17 23:20:42 2022, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2	9661EC2A8A20C92F691E50CD91750A1D	092EE11B9C2805F808E0A072C5DB1CCED5648418	D621D35135FE84D33A85DA02B68DD2E327CD01D6185B0CDDDA98042259C2DA0C
C:\Windows\Installer\63e8f9.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PWMinder, Author: Ewert Technologies, Keywords: Installer, Comments: This installer database contains the logic and data required to install PWMinder., Template: x64;1033, Revision Number: {5EB4ACF9-60F1-4E53-B837-23C8A24DDA3A}, Create Time/Date: Thu Nov 17 23:20:42 2022, Last Saved Time/Date: Thu Nov 17 23:20:42 2022, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2	9661EC2A8A20C92F691E50CD91750A1D	092EE11B9C2805F808E0A072C5DB1CCED5648418	D621D35135FE84D33A85DA02B68DD2E327CD01D6185B0CDDDA98042259C2DA0C
C:\Windows\Installer\MSI8A5.tmp	data	7F0581272F1FBAE71F6299131769D19E	5AE797C6DE588170B20D92E786F5E2DCFD263AB1	1C2AF7449A430837B7C5F43D73147FB50320B24FA9404A427B87F4679323A5DB
C:\Windows\Installer\MSIFF0F.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	A3AE5D86ECF38DB9427359EA37A5F646	EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90	C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
C:\Windows\Installer\SourceHash{057BD86F-54F3-343C-AD7C-A5491C1BF591}	Composite Document File V2 Document, Cannot read section info	3F7CE14CA1A225809B3AF39DB01438E6	AC70579BFA95ED5C018660BE4ED4DB754530D436	8B681FA7449554FD8E9DB5886F0DC7BFF4FE16BC632405583B8A07F802378319
C:\Windows\Installer\inprogressinstallinfo.ipi	Composite Document File V2 Document, Cannot read section info	101ED935DFBF053EA698E6BE5B8EF8F0	4DA1F95085B8EB75D88EF1C488DEAB0CBDA3EF43	B1BD5C3F9D73E8FBFA4C69B6CB1108C4D2831445464B8DE86AFD9027FBB44E47
C:\Windows\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\JpARPPRODUCTICON	PE32 executable (GUI) Intel 80386, for MS Windows	70A3C9C307218D28ADA05803643C2B10	A105753F73D5068DC6416E533AB2E51BF23A2060	1499B9DCD5B223A2BFEE521FC9FDC4C440E60286C54AC631D3DA9575CD787932
C:\Windows\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\icon_673583842	MS Windows icon resource - 10 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel	2F6FC0D077719768CBF4E665E87B2AAD	C0147734DEFD436D780DCB0CEA0B72B291D671A8	4C6F8D73849A354FDB1D89FD93BDF83C7EE5DA2605CCE4AF3849DE1C9C8D5E3C
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	D2283A70FB038F354E9D7F5E3C123132	BAB3920010AB407E142DE26190E8CA4115B831A2	5C82A2AC0076DA0809164283F9BA1467F573DDD8DCEFC5379751B2B402315F31
C:\Windows\Temp\~DF28F7E6DEE047302F.TMP	Composite Document File V2 Document, Cannot read section info	101ED935DFBF053EA698E6BE5B8EF8F0	4DA1F95085B8EB75D88EF1C488DEAB0CBDA3EF43	B1BD5C3F9D73E8FBFA4C69B6CB1108C4D2831445464B8DE86AFD9027FBB44E47
C:\Windows\Temp\~DF2A89C155115B02D9.TMP	Composite Document File V2 Document, Cannot read section info	1A2856803376CDF7C5B78CE35E29D466	576235A089E03B861EAA26A1D04965285BC4C617	F6B1855DE10CCD7F7C5227E14A04EDC754E928A1EB7370A9BD6ED2B22362E8A4
C:\Windows\Temp\~DF34985F8AFC66B7A4.TMP	Composite Document File V2 Document, Cannot read section info	1A2856803376CDF7C5B78CE35E29D466	576235A089E03B861EAA26A1D04965285BC4C617	F6B1855DE10CCD7F7C5227E14A04EDC754E928A1EB7370A9BD6ED2B22362E8A4
C:\Windows\Temp\~DF58C16B7FCFAF7460.TMP	data	EB5850D41927ABBD6531592F125A6E49	7997C018B03DD7580726372324121F94E9A89C2C	98C33D5B0D58F533B8A7FDDC9545FCE0C3AFAB479E40959BE33CAEF05602E896
C:\Windows\Temp\~DF6556553E66C7A1C1.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF7F4DF1C345E8CF05.TMP	data	023AC50C189EDAAB89CF1FC3A256F94A	90838532D5018EB4EFD8E84512F2727E1A7CB1C3	F704C5A8137DE811A371E70C143418823865E39A5E3AF5C509C8CDD235C49A3A
C:\Windows\Temp\~DF8EFB97866247E032.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFAAF16D10D65F39CB.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFABF413ACF4896DE8.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFD15E0C16046F46DA.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFE6A8E4977D0DABB3.TMP	Composite Document File V2 Document, Cannot read section info	101ED935DFBF053EA698E6BE5B8EF8F0	4DA1F95085B8EB75D88EF1C488DEAB0CBDA3EF43	B1BD5C3F9D73E8FBFA4C69B6CB1108C4D2831445464B8DE86AFD9027FBB44E47
C:\Windows\Temp\~DFF038ED5C56C93A0D.TMP	Composite Document File V2 Document, Cannot read section info	1A2856803376CDF7C5B78CE35E29D466	576235A089E03B861EAA26A1D04965285BC4C617	F6B1855DE10CCD7F7C5227E14A04EDC754E928A1EB7370A9BD6ED2B22362E8A4

ID:	752911
Product:	CloudBasic
Start time:	00:43:00
Start date:	24.11.2022
Sample:	PWMinderInstaller-3.3.1.1.msi
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	9661ec2a8a20c92f691e50cd91750a1d
SHA1:	092ee11b9c2805f808e0a072c5db1cced5648418
SHA256:	d621d35135fe84d33a85da02b68dd2e327cd01d6185b0cddda98042259c2da0c
Filetype:	Microsoft Windows Installer (77509/1) 63.77%

Windows Analysis Report
PWMinderInstaller-3.3.1.1.msi

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report PWMinderInstaller-3.3.1.1.msi

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
PWMinderInstaller-3.3.1.1.msi