Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PWMinderInstaller-3.3.1.1.msi

Overview

General Information

Sample Name:PWMinderInstaller-3.3.1.1.msi
Analysis ID:752911
MD5:9661ec2a8a20c92f691e50cd91750a1d
SHA1:092ee11b9c2805f808e0a072c5db1cced5648418
SHA256:d621d35135fe84d33a85da02b68dd2e327cd01d6185b0cddda98042259c2da0c
Infos:

Detection

Score:13
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Creates autostart registry keys to launch java
Drops files with a non-matching file extension (content does not match file extension)
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Adds / modifies Windows certificates
Drops PE files
Tries to load missing DLLs
Deletes files inside the Windows folder
Drops PE files to the windows directory (C:\Windows)
Creates files inside the system directory
Binary contains a suspicious time stamp
Stores files to the Windows start menu directory
Checks for available system drives (often done to infect USB drives)
Found dropped PE file which has not been started or loaded

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 6044 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PWMinderInstaller-3.3.1.1.msi" MD5: 4767B71A318E201188A0D0A420C8B608)
  • msiexec.exe (PID: 6096 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 4767B71A318E201188A0D0A420C8B608)
    • msiexec.exe (PID: 1348 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 483844CA7CD225D329998D5B1C5B7780 C MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
    • msiexec.exe (PID: 6048 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding BD76792E804F7BE88D040374A60ADC55 MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\README.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{057BD86F-54F3-343C-AD7C-A5491C1BF591}Jump to behavior
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: keytool.pdb source: keytool.exe.1.dr
Source: Binary string: j2gss.pdb source: j2gss.dll.1.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: api-ms-win-core-handle-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: api-ms-win-core-console-l1-1-0.dll.1.dr
Source: Binary string: rmi.pdb source: rmi.dll.1.dr
Source: Binary string: api-ms-win-core-console-l1-2-0.pdb source: api-ms-win-core-console-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source: Binary string: keytool.pdb source: keytool.exe.1.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: nio.pdb source: nio.dll.1.dr
Source: Binary string: nio.pdb** source: nio.dll.1.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: api-ms-win-core-string-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: api-ms-win-crt-string-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-console-l1-2-0.pdbGCTL source: api-ms-win-core-console-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.1.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: api-ms-win-core-handle-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: API-MS-Win-core-xstate-l2-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIFF0F.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\63e8f7.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PWMinderInstaller-3.3.1.1.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 483844CA7CD225D329998D5B1C5B7780 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding BD76792E804F7BE88D040374A60ADC55
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 483844CA7CD225D329998D5B1C5B7780 CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding BD76792E804F7BE88D040374A60ADC55Jump to behavior
Source: PWMinderInstaller-3.3.1.1.msiStatic file information: TRID: Microsoft Windows Installer (77509/1) 63.77%
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinderJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\Public\Desktop\PWMinder.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBC68.tmpJump to behavior
Source: nio.dll.1.drBinary string: java/net/PortUnreachableExceptionWSARecv failedWSASend failedLjava/io/FileDescriptor;fdshould never call map on platform where MAP_SYNC is unimplementedMap failedUnmap failedSetFilePointerEx failedtransfer failedInvalid handleRead failedSeek failedWrite failedForce failedTruncation failedSize failedLock failedRelease failedClose failedDuplicateHandle failedDirectIO setup failedJdwVolumeSerialNumbernFileIndexHighnFileIndexLowGetFileInformationByHandle failedjava/io/FileDescriptorIhandleRead/write failedrecv failedsend failedsun/nio/ch/Iocp$CompletionStatuserrorbytesTransferredcompletionKeyoverlappedCreateIoCompletionPort failedGetQueuedCompletionStatus failedPostQueuedCompletionStatusFlush failedjava/net/InetSocketAddress(Ljava/net/InetAddress;I)V<init>socketfastLoopbackbindlistenconnectAccept failedgetsocknameshutdowngetsockoptConnection resetsun/net/ConnectionResetExceptionVector read failedConnection reset by peerVector write failedSocket close failedUnix domain path not presentjava/net/SocketExceptionUnix domain path too longepoll_create1 failedepoll_wait failedReadFile failedWriteFile failedLockFile failedsocket failedWSAIoctl failedAcceptEx failedclosesocket failedConnectEx failedshutdown failed(I)Vsun/nio/fs/WindowsExceptionsun/nio/fs/WindowsNativeDispatcher$FirstFileLjava/lang/String;nameattributessun/nio/fs/WindowsNativeDispatcher$FirstStreamsun/nio/fs/WindowsNativeDispatcher$VolumeInformationfileSystemNamevolumeNamevolumeSerialNumberflagssun/nio/fs/WindowsNativeDispatcher$DiskFreeSpacefreeBytesAvailabletotalNumberOfBytestotalNumberOfFreeBytesbytesPerSectorsun/nio/fs/WindowsNativeDispatcher$Accountdomainusesun/nio/fs/WindowsNativeDispatcher$AclInformationaceCountsun/nio/fs/WindowsNativeDispatcher$CompletionStatusUnable to allocate LUID structureGetFullPathNameW failednative memory allocation failureGetFinalPathNameByHandleW failedSelect failed\Device\Afd\Wepollntdll.dllNtCancelIoFileExNtCreateFileNtCreateKeyedEventNtDeviceIoControlFileNtReleaseKeyedEventNtWaitForKeyedEventRtlNtStatusToDosError
Source: classification engineClassification label: clean13.winMSI@6/240@0/0
Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: I accept the terms in the License Agreement
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Next
Source: C:\Windows\System32\msiexec.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: PWMinderInstaller-3.3.1.1.msiStatic file information: File size 73277440 > 1048576
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{057BD86F-54F3-343C-AD7C-A5491C1BF591}Jump to behavior
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: keytool.pdb source: keytool.exe.1.dr
Source: Binary string: j2gss.pdb source: j2gss.dll.1.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: api-ms-win-core-handle-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: api-ms-win-core-console-l1-1-0.dll.1.dr
Source: Binary string: rmi.pdb source: rmi.dll.1.dr
Source: Binary string: api-ms-win-core-console-l1-2-0.pdb source: api-ms-win-core-console-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
Source: Binary string: keytool.pdb source: keytool.exe.1.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: nio.pdb source: nio.dll.1.dr
Source: Binary string: nio.pdb** source: nio.dll.1.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: api-ms-win-core-string-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: api-ms-win-crt-string-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-console-l1-2-0.pdbGCTL source: api-ms-win-core-console-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll.1.dr
Source: MSIC0BF.tmp.0.drStatic PE information: 0xB3CB4BA4 [Sun Aug 2 13:20:36 2065 UTC]
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\JpARPPRODUCTICONJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\API-MS-Win-core-xstate-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\management.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\jrunscript.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\fontmanager.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF0F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\rmiregistry.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC0BF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\kinit.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\klist.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\client\jvm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\jli.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\nio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\jsound.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\net.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\w2k_lsa_auth.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\java.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\mlib_image.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\zip.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\awt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\dna.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\j2gss.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\keytool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\ucrtbase.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBC68.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\jawt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\lcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\sspi_bridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\javaw.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\javajpeg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\ktab.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\JpARPPRODUCTICONJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\jimage.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\PWMinder.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\freetype.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\prefs.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\splashscreen.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\server\jvm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\rmi.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\java.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\verify.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF0F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\JpARPPRODUCTICONJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\README.txtJump to behavior

Boot Survival

barindex
Creates autostart registry keys to launch java
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED66DB19D083C1D35872AAF3CA720EDE F68DB7503F45C343DAC75A94C1B15F19 C:\Program Files (x86)\PWMinder\runtime\bin\javaw.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PWMinder DesktopJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PWMinder Desktop\PWMinder.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\API-MS-Win-core-xstate-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\management.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\fontmanager.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\jrunscript.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\rmiregistry.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\kinit.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\klist.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\client\jvm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\jli.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\nio.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\jsound.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\net.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\w2k_lsa_auth.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\java.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\mlib_image.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\zip.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\awt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\dna.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\j2gss.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\keytool.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\jawt.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\sspi_bridge.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\lcms.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\javaw.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\javajpeg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\ktab.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\JpARPPRODUCTICONJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\jimage.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\PWMinder.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\freetype.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\prefs.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\splashscreen.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\server\jvm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\rmi.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\java.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\verify.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 BlobJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
1
Replication Through Removable Media		Windows Management Instrumentation1
Windows Service		1
Windows Service		32
Masquerading		OS Credential Dumping1
Process Discovery		1
Replication Through Removable Media		Data from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/Job11
Registry Run Keys / Startup Folder		1
Process Injection		1
Disable or Modify Tools		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)1
DLL Side-Loading		11
Registry Run Keys / Startup Folder		1
Process Injection		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)1
DLL Side-Loading		1
Timestomp		NTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
File Deletion		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\PWMinder\runtime\bin\API-MS-Win-core-xstate-l2-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-2-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-fibers-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-multibyte-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-private-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\awt.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\client\jvm.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\dna.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\fontmanager.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\freetype.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\j2gss.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\java.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\java.exe0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\javajpeg.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\javaw.exe0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\jawt.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\jimage.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\jli.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\jrunscript.exe0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\jsound.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\keytool.exe0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\kinit.exe0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\klist.exe0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\ktab.exe0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\lcms.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\management.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\mlib_image.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\msvcp140.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\net.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\nio.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\prefs.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\rmi.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\rmiregistry.exe0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\server\jvm.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\splashscreen.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\sspi_bridge.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\ucrtbase.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\vcruntime140.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\verify.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\w2k_lsa_auth.dll0%ReversingLabs
C:\Program Files (x86)\PWMinder\runtime\bin\zip.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIBC68.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSIC0BF.tmp0%ReversingLabs
C:\Windows\Installer\MSIFF0F.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:36.0.0 Rainbow Opal
Analysis ID:752911
Start date and time:2022-11-24 00:43:00 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 7m 9s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:PWMinderInstaller-3.3.1.1.msi
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:8
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean13.winMSI@6/240@0/0
EGA Information:Failed
HDC Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .msi

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtSetInformationFile calls found.
  • VT rate limit hit for: PWMinderInstaller-3.3.1.1.msi

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-2-0.dllPV4Br3B2Al.exeGet hashmaliciousBrowse
    C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-1-0.dllPV4Br3B2Al.exeGet hashmaliciousBrowse
      C:\Program Files (x86)\PWMinder\runtime\bin\API-MS-Win-core-xstate-l2-1-0.dllPV4Br3B2Al.exeGet hashmaliciousBrowse

        Created / dropped Files

        C:\Config.Msi\63e8f8.rbs

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:modified
        Size (bytes):57586
        Entropy (8bit):5.901024503613299
        Encrypted:false
        SSDEEP:768:MLe6BxCsT0d66FfrZVqiJPl5nhEGjnmwXn:tikK0d66FfrZ5p6GVXn
        MD5:ED6EBDB3C6E3EA2AA0C86E8D460F8B09
        SHA1:9B5FC0A522DA5F75E0CBE1E3C73CBCD02EF9963C
        SHA-256:452DB483B257F63390FF7D31C0E48EFA2F727515F5289EBAB3709B5F88372AFE
        SHA-512:615698E5A9313EEFFE52C58A4704056EF8A75783F69F8D2E96CBCB6E03FACFEE07F60A589654C3D40C4F1EB15BEC2792953F81712C4ED22C61D966EBA5745146
        Malicious:false
        Reputation:low
        Preview:...@IXOS.@.....@..xU.@.....@.....@.....@.....@.....@......&.{057BD86F-54F3-343C-AD7C-A5491C1BF591}..PWMinder..PWMinderInstaller-3.3.1.1.msi.@.....@.....@.....@......JpARPPRODUCTICON..&.{5EB4ACF9-60F1-4E53-B837-23C8A24DDA3A}.....@.....@.....@.....@.......@.....@.....@.......@......PWMinder......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F2C5738A-0188-329A-96D3-4D099A819786}&.{057BD86F-54F3-343C-AD7C-A5491C1BF591}.@......&.{22B8464C-9858-34F2-B091-289D8ED6C2DA}&.{057BD86F-54F3-343C-AD7C-A5491C1BF591}.@......&.{DF844933-25D0-331C-9ECF-75E7149EBA38}&.{057BD86F-54F3-343C-AD7C-A5491C1BF591}.@......&.{E3E0FA64-2A7F-318D-B4E6-75275DA8A5C3}&.{057BD86F-54F3-343C-AD7C-A5491C1BF591}.@......&.{E59A3803-A0DD-34B5-A320-916FEF733F8A}&.{057BD86F-54F3-343C-AD7C-A5491C1BF591}.@......&.{7EE9AD88-BF40-3365-8B6C-CED645142A01}&.{057BD86F-54F3-343C-AD7C-A5491C1BF591}.@......&.{3E9B44E6-8194-3344-B82B-209EE8AD

        C:\Program Files (x86)\PWMinder\PWMinder.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):534896
        Entropy (8bit):6.272752879884908
        Encrypted:false
        SSDEEP:6144:bLxjgQWziAfsZqCNzuGzFU8SmfAOCA2Hk8GGGwhECKu2xq2wxmm:npWziAfsZDq+UfEs2xq2wxB
        MD5:70A3C9C307218D28ADA05803643C2B10
        SHA1:A105753F73D5068DC6416E533AB2E51BF23A2060
        SHA-256:1499B9DCD5B223A2BFEE521FC9FDC4C440E60286C54AC631D3DA9575CD787932
        SHA-512:038184A2650C1935374D6C67F742CC625E77AFA8ED19A83EAAA114C2CA5AC248B4A6ECF5FD757D770775E9F52283FFBA5C0D1D5CD2E9A2E9C8F49E4B19934ADD
        Malicious:false
        Reputation:low
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........'@.t@.t@.t...uO.t...u..t...uV.t...uM.t@.t..t...uQ.t...uT.t...u..t...uA.t...uS.t...uA.t..gtA.t...uA.tRich@.t........PE..L.....?..................j...........L............@..........................0......I.....@.............................`......P.......`...............p).......-...T..p...........................`U..@............................................text....h.......j.................. ..`.rdata...+.......,...n..............@..@.data....&..........................@....rsrc...`........ ..................@..@.reloc...-..........................@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\PWMinder.ico

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:MS Windows icon resource - 10 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
        Category:dropped
        Size (bytes):200735
        Entropy (8bit):5.216368656784317
        Encrypted:false
        SSDEEP:1536:+Rmdp8eEtQgEwpLGGG4EU4RMr6XzKE6kERRTEZIASLNT0+9NKZfj:+R8eBqAGGGDULlE6PRRwZuYZb
        MD5:2F6FC0D077719768CBF4E665E87B2AAD
        SHA1:C0147734DEFD436D780DCB0CEA0B72B291D671A8
        SHA-256:4C6F8D73849A354FDB1D89FD93BDF83C7EE5DA2605CCE4AF3849DE1C9C8D5E3C
        SHA-512:20D3E2F532C2F88401B2A05CF624F49561F51CA1E7612906C592D06E3D67A22C021C020DFF37D37FD0DCD85A369CA73C66FF3994BD24483A997779C24F712CDC
        Malicious:false
        Reputation:low
        Preview:............ .Ip............ .(....p..00.... ..%...y.. .... ............... .h...g...........pg.............(...?...00..........g... ......................h........PNG........IHDR.............\r.f....sRGB.........gAMA......a.....pHYs..........o.d..o.IDATx..].xTU.~g&..B.$$$.....b....e.(`A. 6l.. *......6zG....i.g....wKr....;....<.a.{..9.{.....n..n..fp...m.]......|...^..6P....8Ok}....].....5j.F:U.{.....m....O.>o.m..w.m......3g.4e.E..&..._~.e.u.].]UU...n.........N....m.e.\s.5.....sgS{.}'...t[.t..k....n...../<A.E..p...b.qW_}..*++}.w....^zi...3...4....%.....}L&|4z4...`.8..a.G.....S7.<g...o..:......V.....R..z........i.^u.l7.8l.V..s.W...~..|2n..EG..F....h.=uuM....-G".L.....M.:u..N...f.P....+**.....bxL....5.Y.#.^...3.l..N.x..._......r..Ym.5.......M...+......g}'g...V..vV.H .......2y...;.&..z..$..V.?..W_.Q.:...6...G...J.n......]R.jm.E.M.4i....M..UW].Syy....?..z...Y;.%....>.ywSm.....x....H.m7....u.F\~..?...d..7.Q]...v=..A..CS.gy-$"..H..!. ..V..H

        C:\Program Files (x86)\PWMinder\app\EaSynthLookAndFeel.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):89746
        Entropy (8bit):7.590465385089637
        Encrypted:false
        SSDEEP:1536:PDUbtaVrhHHnnCi/QPKknV07SmGd9X1dIksVNZXOnGwthjKKJK:bUkVrtiigKknW7SmUdI1ZXWjhuP
        MD5:AB9DACE5C381013951A6036E74BBD28D
        SHA1:39A722F6FF96E8C9C0A11629B16E51BAFCDC4B75
        SHA-256:F91E89A2B4FD70F081442D13F1E0E6541801EDCF6CCF3AFC7F0993175B0765B1
        SHA-512:70756ACF23F21D68850C46D0C7762C41B4CD99BF9D4A43467800676DF51CA9D3984BD1D7A15A97B872EED4B00FD506DD4281CDB2FB583E4867A3354B6B08A996
        Malicious:false
        Reputation:low
        Preview:PK...........<................META-INF/MANIFEST.MF....M....0.D......7.-....B.AW...1...7..zZv..3{.${4.5...).....!.I..ji..p..Fv.\...upET.D<..`...v)U..Z..(.p.\G...........E..e.pqYI.*..Te......H9...R. ../_.H.YF...o.....vDHf...x.N..a..PK..vYpM........PK...........<............#...com/easynth/lookandfeel/easynth.xml.][s.8.~...\...V..;....K...Ko.t....h....T.._..$A.7R...8=5.........e.-.V........g.z...M...fwFY}['.}.^...sb.."1.U\.q..X.m.%YU.......Y-VFl..d.....U.%AE..6.+R23~..F'...sR|.~...m.UF.o..{.....L....O^....?.E.[..*..X&Et..."...u.<1..,_..3.....j... ?.L...+._..........\.....?..^.8:...2..%)4.....s.m>.e*...,u&m8.?...`.....&eZ}v.m.8..;.p....p.M.....j3....+......3.=....I./.*).x..@.1z....\C0.l.s8q...B.Cg.:.Z...g...j<!(jb..|...7.s.oV.?(......tY$.'.x.K.....E|...."..E..J.eC22..$.&v.L...C#.......m..M/..;Z._..[Rq.k........4[...`:1Er........../`...P....F\...q....Z.....1.....rR<.+.,..}....\...B...p.6I...q....S....2-., .^.dyQ....}RV...w......ZVq...|.....

        C:\Program Files (x86)\PWMinder\app\LGoodDatePicker-11.2.1.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):338734
        Entropy (8bit):7.881643301890838
        Encrypted:false
        SSDEEP:6144:aH5b6djt/DyW1Z1+SznqfVsqKhGu3MpBW6DWlWvXhgAfw:al+8WnB29PK0u3Mp86DWCeAY
        MD5:DA308F9FB736857875F1A8986813A089
        SHA1:D4FE83557D1E38CB0F1EC29B867C3A59FC0DFC1D
        SHA-256:2FA8252F3292286376A32B5494F72890EC6A2DF85E36D295960098D8DD5F8092
        SHA-512:5D7C80DF1039DF1714D16F0F4F727C8CAEFE5AFF21D1B7462C049D7EB2A16E72340FFECDFF889878DB2DD3122EF821BC63C63EE0ADC2822630D380F8271C7037
        Malicious:false
        Preview:PK..........aR................META-INF/......PK..............PK..........aR................META-INF/MANIFEST.MF...j.0.E....~@".*x.;....E.L.I<D...I..J.d.B.n..9s..O.LY.aL.|#...u..A&-.`.E.......#.|({....8.>a.H.#......$..p...Y...x}...../.E........E.3....9]....}.Zr..y.YH.V+e...\...3...C.h..}N..O..%.0.l..s.X....c...v`....x.7._PK..../-....;...PK..........aR................com/..PK..............PK..........aR................com/privatejgoodies/..PK..............PK..........aR................com/privatejgoodies/forms/..PK..............PK..........aR............!...com/privatejgoodies/forms/layout/..PK..............PK..........aR............2...com/privatejgoodies/forms/layout/BoundedSize.class.Vmo.U.~n.e..,K[[.8"..K. /.....T..Rh.M..N.Sfg.y).?.G....~3..~...H.......D.F..?@D.........;.s.s..........(.q4.cQ...z.p..'.0*a,.....*.q:.38.sQ.~...p....!..y...hQ4.Qy....$...t.S........l.*fJ.>....e.....1...fF.+Z.C..iv......J..p.n..>.......%F.....:...W.i..5g.%...1..:....n.'...

        C:\Program Files (x86)\PWMinder\app\PWMinder-3.3.1.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):4140772
        Entropy (8bit):7.988310747239917
        Encrypted:false
        SSDEEP:98304:jyMa8uMQFGaGoujGNk1td7oujGNk1tQOSp2vmgb3bQ3qznkYE8w8:jWIBaUqkbdNqkbQHpFG3Uq7kD83
        MD5:3A948CAAAFB31D4F8785CB32D8A159CA
        SHA1:472D09688B73A5D980DE71CF14726BB5EBD59B81
        SHA-256:C37DA7828BD3A368284E43C151EF862726FBA446E55CAED1BB37876617B93A4C
        SHA-512:93EDA9C575E678960C81F346A3774A5114CB6AB4A2C3AAADCC3490FA5CBF80461EE21BE7ED0A5BC1D36F2F4E25453815644D163F9D050094188B74C5B7D4B778
        Malicious:false
        Preview:PK........|zqUs...............META-INF/MANIFEST.MF-...0.@.=_.F..H(.....8Tt...c.IJ._o...p...b*n...N.@...T4...H!......?......K.(...J..>..-A....+N.5?k.X.b..,.SL.+8....vi%..~. ....>.5c?PK........|zqU[-..G...........ca/ewert/pwMinder/a.class}W[s.E..f...6..l.@.+7...r.......Bd..d3$.fg..YH....w.V...(.JJ..A-_...........&N..t...;.9}.{..??..`/>..}..k.....5...j05x.^....w4...=..h.H.'*r*...V1..K*..xQ.K*^V....a.h.E.l..V....E.H...-.=Qt.)]...2a]..Qt.)=..]...b%..p..E...Y<...C.9..8.c......l<...'b(.`....8...8. ...XW.}..5.K.."J..wC:........FL{.pS...eJ?..L'5l.J^.s.=O.........iG.:.....'8.\.../u..0..z7.*...t"L.{.....z.ewiNj..D/.........2r^.cm g...=..~......c.S`>M../V)..9..!..z...V...!.d.'l.Kp.. ..Y..(T.R.<.. zp:g.<.`.k..[.6m.H)?f.'.1..3..3..Z...u..J.i.....NN.Fu..n|_.Srs.!S(..O.....QaF4..o.y..z.t\....)h..HA,g9E.x.4<kF..s....s.3.91........G.&c.3\[...J......`YW..;...=*.<.....7S.N.E..+.Zf.......I~...i.i/.X..x.bx.m8Z.H.N....YX..........+j.....5.j'..$.6v.>.[.......Y..T.

        C:\Program Files (x86)\PWMinder\app\PWMinder.cfg

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Generic INItialization configuration [JavaOptions]
        Category:dropped
        Size (bytes):1718
        Entropy (8bit):4.993727548091234
        Encrypted:false
        SSDEEP:24:1vgTSRngBjI0mm7VeNPevIqj5OgYS47iY:NgTSRngllz6egixGh
        MD5:35129E80446AE0A27B0D017C04B730F9
        SHA1:F50F14155297058CB02A540C6078C7EA14A8FE79
        SHA-256:9400A089252C669EF2F12075D7B557C445DD3C8EFE42F61D7CAB0F151A583E00
        SHA-512:6CE668FD148F5CEDFCA060EE44EE564DE3AC314AD12E7C898E8F161086333BA388CAA64489BD571DB1ACF0AB7BD2743EE1A36E7EDA114FDDD5AA00E9C04E0A20
        Malicious:false
        Preview:[Application]..app.classpath=$APPDIR\PWMinder-3.3.1.jar..app.mainclass=ca.ewert.pwMinder.MainProgram..app.classpath=$APPDIR\bcprov-ext-jdk15on-1.60.jar..app.classpath=$APPDIR\bcprov-jdk15on-1.60.jar..app.classpath=$APPDIR\commons-codec-1.15.jar..app.classpath=$APPDIR\commons-httpclient-3.1.jar..app.classpath=$APPDIR\commons-io-2.11.0.jar..app.classpath=$APPDIR\commons-lang3-3.12.0.jar..app.classpath=$APPDIR\commons-logging-1.2.jar..app.classpath=$APPDIR\custom-components-2.0.0.jar..app.classpath=$APPDIR\dropbox-core-sdk-5.4.4.jar..app.classpath=$APPDIR\EaSynthLookAndFeel.jar..app.classpath=$APPDIR\flatlaf-2.6.jar..app.classpath=$APPDIR\flatlaf-jide-oss-2.6.jar..app.classpath=$APPDIR\gson-2.9.1.jar..app.classpath=$APPDIR\httpclient-4.5.13.jar..app.classpath=$APPDIR\httpcore-4.4.15.jar..app.classpath=$APPDIR\jackson-core-2.7.9.jar..app.classpath=$APPDIR\jasypt-1.9.3.jar..app.classpath=$APPDIR\javax.activation-1.2.0.jar..app.classpath=$APPDIR\jaxen-1.1.6.jar..app.classpath=$APPDIR\jdom2-2

        C:\Program Files (x86)\PWMinder\app\bcprov-ext-jdk15on-1.60.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):4260066
        Entropy (8bit):7.857130979987582
        Encrypted:false
        SSDEEP:98304:m7blb+pRKyrEW1W3FbnZKhvpsVXT5aobW14bYmI:YbryIW1qK0FfLI
        MD5:C80A49D3E1075C44923570EAC95DE3D7
        SHA1:0FAEA4C950BBFA6E8882830F0266BC9185755D37
        SHA-256:2D927919BF4AD006174D4E9B490B795C557F8A66F62F07A18E7C4D50A48D3E51
        SHA-512:CEB045DA4EAC4FCCE1B081131BDC281404C5D2AF5B284C4E1EEDFA5F4494BA7E391B9E01554B17AA90ADBA282F5B32ADAA52DF749889DB4DA0E2AB8101272D60
        Malicious:false
        Preview:PK..........L................META-INF/MANIFEST.MF.....Y....z?#.?T..}...Nl.uA' ..(....G:..~..G?..c..q"**3...m..E0b.....~...o.7...K.d.?.a......I..>$el..........._..1._......<..........s;.........{F.m..8y....cu?.=T;...o......8...N.f.....f.j.y`...[..y.....hx..8..c;P...,r.w;N........v......;...>..w;....OI.z..8?[.o.|...=.p..n....U...w..8.ZB..MG..6.^......N.$..[k...%.~..:....(.[.U...)>.;.......I..W....~...).LH.8?....?n.[.Oe....o.aZh....xX.u..T;}...9.q~......_n\~GD.W......P_..o..yzh..8.#.?...r..z~...]..:d;...`..>~...{..z.O......_..............T.["..<q.d..'..p....r.w....px...!.....9..}...q.=...qx.P_9.......0.M.....2F;N....5._..-;..[F.-..8..~.~{...r..B.#?.l.v.t..}..u.n=.o.;.....4.0..<..b..o..O.....P..Oo ..p...DF.VU..Z....n.O.P......_CC.........6.........#B..g.....[..Si........}....w.7uQ;....'~...|..O.OL..\g.1R..7..#;.*.......a..).q.g.....4.:..y.....>Z.]........q.<{....?.....L../.y_P@w...?..W=X<.-.i.......=.....}........o.1.o.*....

        C:\Program Files (x86)\PWMinder\app\bcprov-jdk15on-1.60.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):4189874
        Entropy (8bit):7.856493048903261
        Encrypted:false
        SSDEEP:98304:/TWRD2llQfWwFd6tyhvpgB2a5a+1WhQZNmW:/m2rQfayIEgGW
        MD5:435FF931AF9ED4430D2A27456B0386B2
        SHA1:BD47AD3BD14B8E82595C7ADAA143501E60842A84
        SHA-256:7F1A0E6BADAB38666F8467A9A0EE96656B2F8EC8623867ED34F3CDC173B7EE07
        SHA-512:1C08D82349E333720C08FC467FF6489B14B8633A09019BF8BB5E6A3C426DFAE6DCC415648FE1FB4A2DA8631548F4947AB6CA1BC90B3190A05040F4D2EB271A10
        Malicious:false
        Preview:PK...........L................META-INF/MANIFEST.MF......W....7z...;t.....$1.]....A...f...$I...p.9...>............w..{kg........../..&Y.d.G...g....I...i.Eh.O.......k..............???.?en.......xY.a.(....'...yp..G..j..u...s0......._...{..`...W.8...pw..8...7...o...sl....E........8...n..=c...o......a..S...S...A;....6?.`G.?\..l.y|.....D;.SKH{.......y]...].i..Yrsk.8O_...W.z...J....X.....}G|=...<)...C:..O..#._....'.....mv..........5L..8......n_.j.o.7.4G;....y.....gD.........../~..q...6.......G.......x..J..!.q.1.vk........9....AI|..;..}-O..u.N.~....ORQ/n.|3K..y.U;.0x..?.6?.......>./.h<.....Q...<...a....{...?..wN|....c.?..~.1.q.4.S.....o.)/..2..(j.|r.a...~n.~.1.....M.......,.z...vh.Y..4.4.7<..b..o..O.....P..Oo .p...DF.VU..Z....n.O.P......_CC.........6..~.%./.G.../q.v..o;N.._...}...*....8...wo.v..x._.....8N?!.0....c..~o..mGv.]H../?...S.....+H..-i.}....2....u.n.8.......y.<{..........L../.y.P@w...?..W=X<.-.i.......=.........9L.......c._.U.&...O.

        C:\Program Files (x86)\PWMinder\app\commons-codec-1.15.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):353793
        Entropy (8bit):7.908532600005254
        Encrypted:false
        SSDEEP:6144:clDdXraL6MLAdTAR5JV4WtBTvEYc6xymTWZaJlQ1V0n34Pw2z:MrqxLA9AR5JV4Wte1mTQ2tId
        MD5:303BAF002CE6D382198090AEDD9D79A2
        SHA1:49D94806B6E3DC933DACBD8ACB0FDBAB8EBD1E5D
        SHA-256:B3E9F6D63A790109BF0D056611FBED1CF69055826DEFEB9894A71369D246ED63
        SHA-512:DA30A716770795FCE390E4DD340A8B728F220C6572383FFEF55BD5839655D5611FCC06128B2144F6CDCB36F53072A12EC80B04AFEE787665E7AD0B6E888A6787
        Malicious:false
        Preview:PK........Hy6PZ......oM......META-INF/MANIFEST.MF.\Ko.F..... |X.fF..v...[.`.XN`){5Zdk.k.9.%...I...)]...?V....aY...j.o^.I.]...Ypr}8.....U...]R..".xd.....g....(8.Tgq.W..eT$.J...tW...l..(....L.V!.N.,...!..P\....C^....I^...V.eu..Y.~b%...\./..b....K.ax..,...(....K..$..sX.<.y..I..iX..=.....2....t&..<My$o.?..}..*...$......T...up.r..$Z..q-.....k.b.f.a.a.:...s...W..X^l6......x.6./7../...^...g....n......r?.{..w...~l..'.G.%.I..3..b$....zd.......e..,^}fe%....X.....w.w..O.............;.42....y.X.Q.k."?.b3.....n.:..:...."j.in.ao..e.Z..&>.B.%..CYD.....d...(7$...j.cZp..r.M.JT}+....^.`|{.........4...]....0r....8n..!{..e;6.B3....T3.I..%%3dC..q./..[.g..@.(j.h..`_.R.=....G....)S...&..#W..N...c.$..>...L.1]!pfZ......P1..>..v.t...o..@+i.H0..f....d.;.?&EZ.e......Q.q.H.$p.wr[..O......~R.T^.3..z.^..L....w.-2........z.,eG..`...K."O`q.....1/.zW..N..C.'.c.....nl..g.?*.=.]F6......0..k"&.;.{..:...cyi.Q\.y.Z.....B..Vu.....?Sg...._.5.Z..4......6...,....A...L*.&R..SS..zL

        C:\Program Files (x86)\PWMinder\app\commons-httpclient-3.1.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):305001
        Entropy (8bit):7.928644627609034
        Encrypted:false
        SSDEEP:6144:p+XL+YxIBmM8zRgi4S5XKzNFp4z7tTSB1NmV:pyisiKv7tE1MV
        MD5:8AD8C9229EF2D59AB9F59F7050E846A5
        SHA1:964CD74171F427720480EFDEC40A7C7F6E58426A
        SHA-256:DBD4953D013E10E7C1CC3701A3E6CCD8C950C892F08D804FABFAC21705930443
        SHA-512:85E79D4FDB266861910EF95BCD6E82A7F091C9BFBC63DBE2112383EA4D53A5B7A378B54E7C472FBDFDE923F30C72D9CAD626F8FABB0B9C70D1DFB095ADD73359
        Malicious:false
        Preview:PK.........X.7................META-INF/....PK.........X.7@./.....D.......META-INF/MANIFEST.MF...N.0..wK~..0.M......).K...2.%.p...}{...@......s&...E...jg.X,"J.v.l....o.x)..$.$B.W.._.h...).....,....".-K...:mp.....L.....)..A..._..0s.\];.....2.,Rr.`{...\..8.b...(]j%.W6.Mp..Yz.,..v...Ga..p....+.Uz`.........Ri...C./....M.O....c?... .<.p.F.........bZ.H_.NJ...PK........eW.7................org/PK........eW.7................org/apache/PK........eW.7................org/apache/commons/PK........eW.7................org/apache/commons/httpclient/PK........eW.7............#...org/apache/commons/httpclient/auth/PK........eW.7............%...org/apache/commons/httpclient/cookie/PK........eW.7............&...org/apache/commons/httpclient/methods/PK........eW.7............0...org/apache/commons/httpclient/methods/multipart/PK........eW.7............%...org/apache/commons/httpclient/params/PK........eW.7............'...org/apache/commons/httpclient/protocol/PK........eW.7............#...org/a

        C:\Program Files (x86)\PWMinder\app\commons-io-2.11.0.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):327135
        Entropy (8bit):7.923604489259355
        Encrypted:false
        SSDEEP:6144:UrBoCnU0+1j/OjXrf50ynaZ13lybiOmQ+CEEArHs2M1mX2TKYGGh82ajQe+yw:2oCnU0+hnZLOm7CH4Hs5mXmKYGer3
        MD5:3B4B7CCFAECEEAC240B804839EE1A1CA
        SHA1:A2503F302B11EBDE7EBC3DF41DAEBE0E4EEA3689
        SHA-256:961B2F6D87DBACC5D54ABF45AB7A6E2495F89B75598962D8C723CEA9BC210908
        SHA-512:5BD78EED456EDE30119319C5BED8E3E4C443B6FD7BDB3A7A5686647BD83094D0C3E2832A7575CFB60E4EF25F08106B93476939D3ADCFECF5533CC030B3039E10
        Malicious:false
        Preview:PK........Hy6Pk.a)............META-INF/MANIFEST.MF.U.n.@.}...X.P%.^c.i....%...(./..VY.{.I..c..-...l.9s9..H>g....6\...p...i&X.%....[.:..#t.PO......|...D...3T....S..A..3M....X9..[0..{..f..X.H..^x..`...,...UiF4.......,.h".\...Kb"..:.D......*..`.....I..*...H..2u.UU.S&....f.....j...P..&..z.......&..L..d..5..hP....h.1..n.e..^.'jnWD3.. |..Ld....P68....._.......Ju...m...B./.m.6E.t,.*c:..V.u..H*\..f...2...w.`..... D.@w{...*..09;.E..3..d...I.rCo5......*...f~*..t....k...k....Y1.0.f.1c..dw.../.k[....I.........e...J...e....q.[..8..[.'CS.....r?}.n7.4"........B..,..g.|.g...SN.68..........=.../%w;..y.c9Is=...y..e.l...8...<O.x.5. .!.x..p.....'.s.l\j.n..D.?.N......~*w...w.....I.....?.m.....$....F.IT..g..\./..n..PK........Hy6P................META-INF/PK........Hy6P................org/PK........Hy6P................org/apache/PK........Hy6P................org/apache/commons/PK........Hy6P................org/apache/commons/io/PK........Hy6P............!...o

        C:\Program Files (x86)\PWMinder\app\commons-lang3-3.12.0.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):587402
        Entropy (8bit):7.928552551034422
        Encrypted:false
        SSDEEP:12288:+ckjxCcwZ/O05RmbNxmLhmckii9z2B19dCk:ACcEOqENQEvUBlF
        MD5:19FE50567358922BDAD277959EA69545
        SHA1:C6842C86792FF03B9F1D1FE2AAB8DC23AA6C6F0E
        SHA-256:D919D904486C037F8D193412DA0C92E22A9FA24230B9D67A57855C5C31C7E94E
        SHA-512:FBDBC0943CB3498B0148E86A39B773F97C8E6013740F72DBC727FAEABEA402073E2CC8C4D68198E5FC6B08A13B7700236292E99D4785F2C9989F2E5FAC11FD81
        Malicious:false
        Preview:PK........Hy6P9..............META-INF/MANIFEST.MF.UMo.0..G...8......T.Z.JT.V..q&.......$@..m.F.yo....*y..z.@..d.4.....D@..R...[.-r.P6..Qq..!}*..s..P.....<.9..*..O_.....#.S.Z..].&...c..Hib.....vF-......A.@....8h..lU%...........XE&@.".X*C.CBMv......%7.$....]jU...7Pa..4F.JO}....ZW.h...9.i0rfmbZ..b..".\..{S..:....~.K[..V.Da.w.v.St..7..y....8.^.P........Td..e..3.aX...>5.E#.B....E.:....7..*...).........>...*,.h....x..Z.?VTO2...=.Q.fX.;..z.......5....Z\o....P.>]....\...r'..c........t.]9.q.9kg.>........y.u.J......8.hu...A.qu...I.......~k.....zn*.r$J....S...!|.r...v.<G..+A5.. .g .R....C.]./.{5'..9.....A..w1...,J%;.. O...uJ...........H...........'.f.y...mai}..4...(!..X....R8..i".!.Z/...........z.N...o\...Y...U.6.8.d.B.D:.r..].u..PK........Hy6P................META-INF/PK........Hy6P................org/PK........Hy6P................org/apache/PK........Hy6P................org/apache/commons/PK........Hy6P................org/apache/commons/lang3/PK........Hy6P.

        C:\Program Files (x86)\PWMinder\app\commons-logging-1.2.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=store
        Category:dropped
        Size (bytes):61829
        Entropy (8bit):7.924448014410102
        Encrypted:false
        SSDEEP:1536:TWvDr5xeO4G9Q7+VCfSqguGukQYvFABhbHoneHz:6BxeO4CQSoRglukQTrjoeHz
        MD5:040B4B4D8EAC886F6B4A2A3BD2F31B00
        SHA1:4BFC12ADFE4842BF07B657F0369C4CB522955686
        SHA-256:DADDEA1EA0BE0F56978AB3006B8AC92834AFEEFBD9B7E4E6316FCA57DF0FA636
        SHA-512:ED00DBFABD9AE00EFA26DD400983601D076FE36408B7D6520084B447E5D1FA527CE65BD6AFDCB58506C3A808323D28E88F26CB99C6F5DB9FF64F6525ECDFA557
        Malicious:false
        Preview:PK........|..D................META-INF/PK........{..D' F.............META-INF/MANIFEST.MF.T.o.@..N........A..Zk.[.M..K....[.].,b.....m{...2...}.#"...?S.2)|.X.i..T.?.`I".#.".$$XP+.q,Ejq.ELD.......^.i..\...........M4|.S.9..,9PoS..7..q.1.....0....GW"...-.v:...c.u].....P*.M...0.s..E..DX.}...9..$4`s.|S..9.C.P.B.B..o..<.....|.N..A.?.../..k..O..W.Yc...XL.........j|w}_...I{..w.....*y.Y_..(.4,.......h.F.<....T@..:..x...e.?..Y.....<_.hHR=.!.O.......3..95nT..._..i.X...O......L ..DS...2/B./..s.e...<^..K..H..U-...r..B..U....T.8.j!2..4.lk....%....\1.Ks...Y...R..T.....V..i.8:W4.<+...0.hE.....p).....R-K.R...*....x.......7..*./....S...G.Mu[..=.p...x.R....>....x0.i......^..]...2.z..?n]s#...4..$.k...v0..93w..s.)..>...s.W....lw..w..*z.O...*X0.....:K.6`....PK........z..D................org/PK........z..D................org/apache/PK........z..D................org/apache/commons/PK........z..D................org/apache/commons/logging/PK........z..D............ ...o

        C:\Program Files (x86)\PWMinder\app\custom-components-2.0.0.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):23470
        Entropy (8bit):7.6030979267967815
        Encrypted:false
        SSDEEP:384:f0fevVzwTXkj5r1fM8712YVIayjbMGS40lTogup6i7O8rpIJ+iV7hYnD:aKVBpei2YV5XlcbpEg2sIhcD
        MD5:84F46F40503F335D3953F87387EC8162
        SHA1:001B49ED5DE13C651C8DCD3CC8AF3DB17AF6E863
        SHA-256:0B22A5A3A9E8F54BA71A59DF04E162C976BFF084E40400AB4BBFD51437255B6E
        SHA-512:B7D943959500F28E001BECE65E9E202609B0D24D57E0AD9235031707165EB2D04799119BCD23891242014274CCE2F0516C052E88FFC8469A3BF91FF4946C4744
        Malicious:false
        Preview:PK........xo.T................META-INF/..PK........xo.T.1.!............META-INF/MANIFEST.MFe.O..0.G.~...MH.]............4S...^......L.?...C.l...B...w.<.4H#.-:...F.......E.y....m..GVC........$..`|G_R)..\Uu1.e..(UE.$.....u_.i...(..]{.x.....-/.c.sB.i...O6....8.<..PK.........^.T................ca/..PK.........^.T................ca/ewert/..PK.........^.T................ca/ewert/customComponents/..PK.........^.T............"...ca/ewert/customComponents/buttons/..PK.........^.TW.mK........5...ca/ewert/customComponents/buttons/ButtonFactory.class..[S.U....,.0...1...m..#A@4Y.!...A..d.&.Ivg..Y.T......--.}./@...X.Z.|.....%......nf.5TN.....}..._.8....0..i........0/....X.qN..e..rI...d.......\.qQ.Wd...k2^Wp..#..tbM.3.}=.S..[<.ziv.....k.......-;>&.>...W...=..q....U=.+..1g...9.6...53...%L..1.....:...W....s...7.....$cN2...f....2.v...:.[.h0..g}.....q...z..Z..W...3.m=I.:.q..Vj..J.....me../..q}^O.*..)......a&.aU.h..I8.3..3v....S7-7.R.].F.jf..[.y.i.N^!.NI.

        C:\Program Files (x86)\PWMinder\app\dropbox-core-sdk-5.4.4.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):8027912
        Entropy (8bit):7.922213819507639
        Encrypted:false
        SSDEEP:98304:i6cvpRcVL+kozLUQKzyA2BZB0aoCLCa8kOGbmZ1MMrT2MCKirjp:PUpRq6wdy5BZuBE8kL49rqdJrV
        MD5:245C7EF06C51700DA9C46B9974B2A2EF
        SHA1:9BEA02CD9388B3B3E084CD9A919A8937ABFA02EB
        SHA-256:BE5D859649F08C58E0D8B724A5BCEBF561C343ADF01D5227BFD1493B7D599E7B
        SHA-512:EA9716EB105A07B738F6B8DC4890F3FA14E15EC4EA1FEFF327305E93F8EC38FE1AAF745F0F1FCBC99DE45F7CEE2F5E92DF0FB210A8783069616F2F15B6E2757B
        Malicious:false
        Preview:PK.........uQU................META-INF/..PK.........uQU..\8............META-INF/MANIFEST.MF.YKo.8......zX.@.&i..M..v0.....v0.9.....%.%....%....l.{j*R.)..H..K.Yh3..b.+..,.|<.K.6....Z.....Xp#...#..3[.&...J...Q.....^z.b<..T......-.q9_.....r>......k.../...Z..O....W....H.f....|'..O.l...I.1O.bs..=.a...l.h..gM..h.^...M.{.J.W.QR.....R.&...'.$x<.....A...A.a..3.C.oa.^q..).......">...9....Ri\...Y%'3.E........R......U. 1a).H9..h...Tj..2./.?...V~.f@J...R.":...z...O...E[..xi.z.D9,.Zf..R.@.....%..Y....x.....E.H.S...3..[cZ..l.....P.C......K'.ho.J...]..WBG.....i....Z.g......E.."......HDY..s..s...)M+.u.. ..: Y.1..k$K.S.D.D.....i.)..I.p.....r......El|.N..K,~&....0?.<.n...=(R.AlA.......}.#7..C+!@/........R..HC|.....4..N\(...#..->T.Z. YD..V.r.4D...H....Jv..........X..........y.H.Nq.C.^.V6.h*<....M.F...g..0._N.z....Y.P........4.{.TL...>...[M+.~....n......-..F....h....Q...ho....h..F.Bj..d_.&DaW.....]...2.......t.P....w.<.+O\FVE;,....!.3?`....$k)8$.Xr...5G..].......lucV..W.}

        C:\Program Files (x86)\PWMinder\app\flatlaf-2.6.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):730429
        Entropy (8bit):7.958886340283549
        Encrypted:false
        SSDEEP:12288:TRcW2DgPL8+td5yiDq3rvnk5O7GdZvjzwrEvIDIH/8L:Tr2DYLx5gHGXjeIH/G
        MD5:8C4F71BF62708FA7881B82C62579824F
        SHA1:4DD2BA228E3C57EB3D80E3927B5A6A33265EB69B
        SHA-256:6A897CAC19C4F48B22884A21A7DDCBFA47C7FDA266DBA69804A6F847AB9E97C8
        SHA-512:C1F91EE24F93F86C2F4BCECDD200FE8C3CA00E8C79FE28A027F75F5C8B8425AB182E044C717FA1482542C21C1A98EA5B37F5FF9CDD97BB76D26591CA6D0159CB
        Malicious:false
        Preview:PK.........JRU.._.............com/formdev/flatlaf/FlatIntelliJLaf.properties.V.o.8.~._1..R+A.=...T..[v+8...}4.$..s.C...7..J(../....o....g.p...Yn.zt.+.+]Lq.+..i.?...sr|.1J..T2A.6G..,.....P..$\G#.p.......v....@*..A...R...%.............6.a... ~6.jc.y3./.......{rk...y....P.G3|........+?.@c@.?...f..$>1..K.jP.X..lV9........P.n...v.j.Q..$.....`...d......4_.].X....q.X.g+X>..r1.......a.....i....0.Rj.Hr'#&N..b.@..!Sb.S.S^2.X...-jI.@.........P./.e.y...9....%.O.XB..x.{...Ka.-.......].0K.-..b...sm...%..... ".Y[.....T.<.y.S.W..........iz.]Hp.Q..S..,..ZQ........].U=.j.W....CO`.\.n`.U<.-.4uz."mbE..}..F..j..4.k....k[s..`..U.i.x`..k.H+.6.../^?.Z...K|.Kc.%.0G.P.Oi....9E.r.....l&...:T.6.P.......e,.l..}..Y(}.U..n>....(*...f.w.s.P.<.}?.....i.Qg..F.....h...L.#......P....y... ni.)..=.e...`..].,.]I. ..FT.M~y.{0.SG...t.[..E......(.o.G./.&$m0.r..r.lRY...SV..3.H....'.e.-............... .-.J..C..D.C...._....U7A..{....M2....../^..4M....N6...>.E.......S.."w.w...>......1

        C:\Program Files (x86)\PWMinder\app\flatlaf-jide-oss-2.6.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):40748
        Entropy (8bit):7.92952400321866
        Encrypted:false
        SSDEEP:768:EOgK1MOQ/dapT4UyoUsb5J5/zdf+1MJrEVYXOt/x33BncIkkGDw:kKM0pT4SUsb5JpzVDJrEX3RncISw
        MD5:342238D042F12709E30FC25D7EEF48A0
        SHA1:6F4D2197B9105A1917C2E0EB72E3EEA19FE90699
        SHA-256:711080466C977302AB3D9523F933CD25B753EA9547CFF114C88D0BEDFA6F8E4D
        SHA-512:6714E40762128A512F03810CBCE666A1DB792472DCF8FADB115BDFF5D55AE0BB76E984F8EC425476348E82007FC2B2A9B13A38A96C633D62A28D6C648ADE1311
        Malicious:false
        Preview:PK........7JRU................META-INF/..PK........7JRU. ).............META-INF/MANIFEST.MF.M..LK-...K-*...R0.3....-.I.M.+I,...%.R....r]R.....J...R..s.<0T;..T.e.g.X)......F....F.FF.....RPp..Q..(V(J-N-*KM.....c...x.x..PK........6JRU................com/..PK........6JRU................com/formdev/..PK........6JRU................com/formdev/flatlaf/..PK........6JRU................com/formdev/flatlaf/jideoss/..PK........6JRU................com/formdev/flatlaf/jideoss/ui/..PK........6JRU........B...8...com/formdev/flatlaf/jideoss/ui/FlatJidePopupMenuUI.class.R]O.A.=C.v..".Z.T..(....45&..d5$....v.....,...O5....Q.;....{.~.s.._....Z..K...R.....x.W.}....>g.ll.0TwL_2.J....P.o.aL...D">..rq....*c..#3.......bac1../M..\...v).3I...:..u..(........X....>*}.ww.01Zj..<WH..X...../4..I[.2..".i:..y..B.z../.?`.aD.m.>1.oL.F......Y...i.....&..gx.......3<..Y".t3..FG.....ch....2...._T:.".....:SFc.........)........3.f.......d....W..q.s%.)u.Z..f...n..." .Bw..M..0O...K.=T.............*..I

        C:\Program Files (x86)\PWMinder\app\gson-2.9.1.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=store
        Category:dropped
        Size (bytes):265030
        Entropy (8bit):7.88140539884304
        Encrypted:false
        SSDEEP:6144:AsmEEHDY54UOu/ciFk0H4FCBEWLhFaDt8b2:TqH85Ou/cQkS4s++X8p
        MD5:0D507D266DCF7EEA4B53FC3778D901C9
        SHA1:02CC2131B98EBFB04E2B2C7DFB84431F4045096B
        SHA-256:378534E339E6E6D50B1736FB3ABB76F1C15D1BE3F4C13CEC6D536412E23DA603
        SHA-512:10BF91C79AB151B684834E3CA8BA7D7E19742A3EEB580BDE690FBA433F9FFFE3ABBD79ED3FE3F97986C3A2BADC4D14E28835A8EF89167B4B9CC6014242338769
        Malicious:false
        Preview:PK........Is.T................META-INF/PK........Is.T................META-INF/MANIFEST.MFUT...z..b.TQo.0.~.....a..8$h0.".ehj.]U....H.:vf;....@.].Y..}w..WT.-...6\....u....,..#...b.w...zo,.f.]IF..sYq....c......,XRcW*.[......0.LF.hZ..L@0W.Rf/.L.1..`mi.0.}.6..".....Q.....i^..h...n<.7....M..w..X....4.x.EI...1..3..c..y....m.D.<.m...W...x.E.E..;..A.N.3....6:..~U\C.x.V.m..k%..6..b..L.....x=_%^...7....SR.....aE.c..&o.....?.`.B....0....K.:..y......D..$:......R.j!.iy....AfJ.....[.~bU...GPgp..s...n){.....g.....h....t86{0...S..].)..^./)....Z/s.L...2.K.o....<].8..T.......%.j...7.E^.>.i0.k.p.-~.....\X.[.C...{..p..}..R"..OcLF$".0....$.Ec.YU.r<...>L.+p....PK....J.......PK........Gs.T................com/PK........Gs.T................com/google/PK........Gs.T................com/google/gson/PK........Gs.T................com/google/gson/stream/PK........Gs.T................com/google/gson/reflect/PK........Gs.T................com/google/gson/internal/PK........Gs.T...

        C:\Program Files (x86)\PWMinder\app\httpclient-4.5.13.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):780321
        Entropy (8bit):7.923180926731671
        Encrypted:false
        SSDEEP:12288:NmjM46szuytdXV3UaftwJEAV4+bcYroWxk11cg+p9OB3p:NUM4hHdF37VdA6qrookUBEp
        MD5:40D6B9075FBD28FA10292A45A0DB9457
        SHA1:E5F6CAE5CA7ECAAC1EC2827A9E2D65AE2869CADA
        SHA-256:6FE9026A566C6A5001608CF3FC32196641F6C1E5E1986D1037CCDBD5F31EF743
        SHA-512:3567739186E551F84CAD3E4B6B270C5B8B19ABA297675A96BCDFF3663FF7D20D188611D21F675FE5FF1BFD7D8CA31362070910D7B92AB1B699872A120AA6F089
        Malicious:false
        Preview:PK.........CQ...#............META-INF/MANIFEST.MF...N. ...I..n...-1.mK.f..nzj.|]..i(.x...f..x..B8]B....F{.I.f..lm...".Mz...'.Z...6.zct:.h.FoSH....}.6%}82.Y.....Th..|q...-Y>.h.j...+.3p.h_...c.).89$..l...)....:...[.U&4.x.S7l...g....T.6........l..:u.q.f.w.|...\...'N:X.e...H......7PK.....#........PK.........CQ................META-INF/PK.........cCQ................org/PK.........cCQ................org/apache/PK.........cCQ................org/apache/http/PK.........CQ................org/apache/http/client/PK.........CQ................org/apache/http/client/utils/PK.........CQ................org/apache/http/client/entity/PK.........CQ................org/apache/http/client/params/PK.........CQ................org/apache/http/client/config/PK.........CQ............ ...org/apache/http/client/protocol/PK.........CQ................org/apache/http/client/methods/PK.........CQ................org/apache/http/cookie/PK.........CQ................org/apache/http/cookie/params/PK

        C:\Program Files (x86)\PWMinder\app\httpcore-4.4.15.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):328324
        Entropy (8bit):7.885864221238314
        Encrypted:false
        SSDEEP:6144:hgzgAHvaOAVKF/dB+bzfYMX/gmAjBBSF0Eo5FzepwR26cV3/5jtg:h87v5zFqbzQu/PA9Bc0EojepwR26Qm
        MD5:BE7C67929DF007FCAC6C8EFF5322D3A0
        SHA1:7F2E0C573EAA7A74BAC2E89B359E1F73D92A0A1D
        SHA-256:3CBAED088C499A10F96DDE58F39DC0E7985171ABD88138CA1655A872011BB142
        SHA-512:F0605E4D521C6E9C7E645905687C519239FA9E2128403A515E6118B0406B503B0865A8EAD197F8532186B0C9AAA4189FF5BB301D5B0CF84BD54FA2258D17551D
        Malicious:false
        Preview:PK........%L.S...JM...........META-INF/MANIFEST.MF.R.O.0../....7..0...#(...7S....K.i.....Aph.......{.Q..P.....J&($..MDY..i..E.....S..(../......T5..6J...g*...s*l....;,.-.....km....I......0x.n...|oQ..k..p.*.....Z..y....e..}....$=....c.Z..ry.n7g.....53vyqF.0.{.'.lp;.%...<..u[;?at3..:........K..\y^.......(.a......&v.(>..9.Z.Z38..k....J..3......?...i...1...8:q.p.......&...PK.....JM.......PK........%L.S................META-INF/PK.........K.S................org/PK.........K.S................org/apache/PK........"L.S................org/apache/http/PK........"L.S................org/apache/http/util/PK........"L.S................org/apache/http/ssl/PK........"L.S................org/apache/http/entity/PK........"L.S................org/apache/http/params/PK........"L.S................org/apache/http/config/PK........"L.S................org/apache/http/impl/PK........"L.S................org/apache/http/impl/entity/PK........"L.S................org/apache/http/impl/bootstrap/PK........"

        C:\Program Files (x86)\PWMinder\app\jackson-core-2.7.9.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):253357
        Entropy (8bit):7.950280807436457
        Encrypted:false
        SSDEEP:6144:7NeFdocRIuHkb6iPZhTAJ9Jv7ralhkOpQt:IMQw6iQV7rnP
        MD5:F5D0DFE03814113D792E75E885699640
        SHA1:09B530CEC4FD2EB841AB8E79F19FC7CF0EC487B2
        SHA-256:BD90721420BB899A974ED09A107FEF42CA8CC7C8E055762F6C81576132E5BBC5
        SHA-512:09A6506F93E64D31852524B2A18078D580E2936565311B4BCC44696F1FC76CD1B652B57D287253A87577987ED745CF45A5A5D09A59734D0ABF1028DB0173EFDE
        Malicious:false
        Preview:PK........KZDJ................META-INF/MANIFEST.MF.....TMs.0..3...p.i$l.1.!.:....4.[G..(.-W....]cB1qh.d...>.].|...L*.B...(..C........g.....j..1jm..........".V'=..qo!Mu...]...S..>....M.7%BD.JK.$.u..Tq....S...<...l.....g..!1.........ZG.T<...8".|..L.L...v..9....K...n..F.Y3".W....G..t>.Ub...'..h...)4.......R@...2.. s...(.$.........:].,......}...^<.n.&t.B....=.6.w.......*.n....D.>...e.C/.A..W09L..2.?I....@.<....z...d....... S.C..5O.......+..#..$.`.f..Ul...e....@Zp.....L. ."..6S9...?..1....e...5..P.'.u..z....g.........yw...#...s..0...% .t!.o.dmVI.V..]7..a4.V....".x..D,.....dq6.C.*=..B..PK..B...<.......PK........KZDJ................META-INF/..PK..............PK........DZDJ................META-INF/LICENSEM.1o.1.......$..:.U.C...u..K|w..D..S.}.........9.B...r.;.G..v.....@.Y@M...((J...H.T.O.()E.R$.....#....(.......$.5..?.rQ........F..H.|R..O..k..&.z.....0.[....s.. 4..k.Z./h.s..z...g..]uO../x.G.87..M.........Z......n.*...PK..........L...PK........DZ

        C:\Program Files (x86)\PWMinder\app\jasypt-1.9.3.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=store
        Category:dropped
        Size (bytes):142255
        Entropy (8bit):7.839312023506353
        Encrypted:false
        SSDEEP:3072:WQwW8A0DsuACgLNZEkUn3artlyOvgfWhZvxxtEe:WhYLNykQKXofWhhtV
        MD5:39327C7E38782102ECDB3C9DC4E8DCD3
        SHA1:0D99EF9540F51C617F2A293B460F025D2EE563DD
        SHA-256:F481FBB8DD8CE754BFDE7552AF4FCBE8C5E303D53663BB3D8CE9D4338E0E55AA
        SHA-512:99369DA44E4C26F64E600F99B135EB05167AE1EBB5BB9F22233F14023F5416318BB4CA5893DBB0E7D444395EA6FA53713559A6990120B4FC962A1E9284BA5821
        Malicious:false
        Preview:PK........I..N................META-INF/PK........H..Ni|.by...........META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r,J..,K-B...V..+.$x..J3sJt.*...J...K.R....J.sSy...R.KRS..........e.y..zfz...).^). .-.......\.PK...........N................org/PK...........N................org/jasypt/PK...........N................org/jasypt/encryption/PK...........N................org/jasypt/encryption/pbe/PK...........N............!...org/jasypt/encryption/pbe/config/PK...........N................org/jasypt/util/PK...........N................org/jasypt/util/password/PK...........N............!...org/jasypt/util/password/rfc2307/PK...........N................org/jasypt/util/digest/PK...........N................org/jasypt/util/numeric/PK...........N................org/jasypt/util/binary/PK...........N................org/jasypt/util/text/PK...........N................org/jasypt/normalization/PK...........N................org/jasypt/commons/PK...........N................org/jasypt/web/PK...........N......

        C:\Program Files (x86)\PWMinder\app\javax.activation-1.2.0.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=store
        Category:dropped
        Size (bytes):78030
        Entropy (8bit):7.917287230623689
        Encrypted:false
        SSDEEP:1536:k3VFP1b/A4TumsCfqU4MfdLzvi2qSfJ7CBqYkqG7tk7X:k3VFB44TkChvbqAJ+BqRqGBi
        MD5:BE7C430DF50B330CFFC4848A3ABEDBFB
        SHA1:BF744C1E2776ED1DE3C55C8DAC1057EC331EF744
        SHA-256:993302B16CD7056F21E779CC577D175A810BB4900EF73CD8FBF2B50F928BA9CE
        SHA-512:B4CBDD8FD1703E4B2E1E691DB78FBCF2232D836F740D1821C4C191A14F9472508E27A40D06E4B6B153964AF68032959C22945BA169A0CA4018B7748162F420A6
        Malicious:false
        Preview:PK..........&K................META-INF/PK..........&K..LO............META-INF/MANIFEST.MF.T]s.0.|.......S.6..:.. t&.H2..#d.Td..d0.>g....W.iowo.3".;3.{c.p%#...u&.Vi...!+.._dG2L..;b...5.D....lRyR......3.q.t.+p.;!.v>...8.C.o..I.@......0...H.v..d+X.=.z.nE.&...\Xot..Y.).O..D.F2.....^....X...hB.P..V%P..L.`.3I.i.a.0.c..R.....wN....h.4W..5.V..A{.7....%c.1.I..kk.&.....t.a...c...K..~B.e.>.'......V..C.T..B`.N...d.8.jjW...R....i..%...2..$..kF,....q..?.n...,4V.N....>..p.$..87..S...{.7'.'0MQy..`5...1.@..n.7_{./.<r.Yy...nUz`.j.....R~....... ..G...k4.5wE.|....X..{.....\y..h...q......i.CM....h..e).U.\.u>.PK.........r&K................javax/PK.........r&K................javax/activation/PK.........r&K................com/PK.........r&K................com/sun/PK.........r&K................com/sun/activation/PK.........r&K................com/sun/activation/viewers/PK.........r&K................com/sun/activation/registries/PK.........r&K........Y...%...javax/activation/FileDataSour

        C:\Program Files (x86)\PWMinder\app\jaxen-1.1.6.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):231882
        Entropy (8bit):7.823455495820713
        Encrypted:false
        SSDEEP:6144:zoy/QchIyZukCzO/r+ASaZ0gJ+tbEZx+m:vDhIyDEOT+U0Fk
        MD5:A140517286B56EEA981E188DCC3A13F6
        SHA1:3F8C36D9A0578E8E98F030C662B69888B1430AC0
        SHA-256:5AC9C74BBB3964B34A886BA6B1B6C0B0DC3EBEEBC1DC4A44942A76634490B3EB
        SHA-512:6BD11529D6DFCB27DDD485C8DA2440D3686CB61693A9461833A2BED49407343DF4BA707F45164A6E69B78979581D91FBF0F6C5EAB28653DCFA724AFC89529778
        Malicious:false
        Preview:PK.........=-B................META-INF/MANIFEST.MF.....VM..0..#.?X....lQ.....B.v.[e.C.:v.;l..w........yo.<.!.....(&...x...D0Z..72`{F.0...b:....^. e<.=..&..O...Q...=DyH.i,".t..*?a....HF.b....v.]..x"....Qq`..:X.............I..L..f.|*..@G..m.....Wq.....O...../'.l?.........L<.X.Z....*g.P.i...KL....9AK.<.......e.L.hK.Wr.9(..u.Dk..e...V.......I.......q..H.4!.).!..g.<....y.C..Z.;.h+.....%...+0\.S?M&.s.H.W[.....6..1....+...L.v.C..r.......w..>.\9.!..0..0}..}*|.Xq..n..S.......V.7fW.@.V.-.b.?..MH.....rV..2......#.j.t.~../.n.kWw9.k.v.x.~.......u.[..,.p..u..|..-w..&vGI......gS]_).W...97..Lv.K..z.sy};.....{ty.[.]&TI..+......'....Aw.}-Z.3.3(.|.......~.....S.K'.....{..K.....c..PK...1ak........PK.........=-B................META-INF/..PK..............PK........b..8................META-INF/LICENSE.txt.TOs.6...S...C7...n;mz...u..JrXzs.X.b..E...}....D.=....7W.|d.=.,..........Op7..x=.....w......~...a.8....2{|q.....C;....v......_&@....o....t;I .....3.'ol.M..i.`z...mu.y4}.^`g

        C:\Program Files (x86)\PWMinder\app\jdom2-2.0.6.1.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):327806
        Entropy (8bit):7.9384244790428315
        Encrypted:false
        SSDEEP:6144:/PPwchREeQkgo4zu/6i8q58PPZh5oAYnjXfuPDZeISX3UG:/P4OZQkAy/M1ZiCL6F
        MD5:5BE72710C66F3C9BA71F8009E92597D1
        SHA1:DC15DFF8F701B227EE523EEB7A17F77C10EAFE2F
        SHA-256:0B20F45E3A0FD8F0D12CDC5316B06776E902B1365DB00118876F9175C60F302C
        SHA-512:81642DB76358FBF131DFE9C2F1D9C280FC23B6BFDE6A16A2D36DACC490A1A2AF4E0FB4ABB5CD78005718BB1D158A42FD6834CD2BFE616EC59625DF01951F2478
        Malicious:false
        Preview:PK.........p.S................META-INF/....PK.........p.S5..!@...Z.......META-INF/MANIFEST.MF..AO.0...$......%Y].!.dM..7fo.Bqk.m....R..Y...y..^s.YM../Ti&x.0.. ..%..<P`5;.A.*.2E...........1|.1.(.)..2..P..K...........IK. .;..D..A....I.0x..d5+]..1.X..]...!ZS=...c....)..J@...0...-...I..a...q.c..6._.x..{....q.E.m....s.91r}<p....^8...FC!.."...E.t0..?u._..nZ..w._.C!..F..k..E....F..0v.p..$.x...u.Bwu....PK........@.hS................org/PK........B.hS................org/jdom2/PK........A.hS{..?.....'......org/jdom2/Attribute.class.9.xT....N&7..H....!.$.PP..!.....@..r3.I.'3q.......W..Z./..(..$......Gw...lk....u[.u.......;7...........y.....[.~.%.X..z........T....x._/...?3....< .J....!7!c...Qe.b...^(.B/jX.b..K.0.Ky....}.....8....X..N.,.*x..s<8..L8.._..^X.....{p!.8..<x....%.D.*Vh)..x1..*....^X....Wz../...xX....p....9.\....}......b..<...n..y....F..{.........Y..Tl.B;^...1...k.b+..j.y.b.l..;q..[...>.B...y..........a.{F..a.C!.z.2..c........d.J."..2.e(...CW1.

        C:\Program Files (x86)\PWMinder\app\jgoodies-common-1.8.1.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):37807
        Entropy (8bit):7.758178243971047
        Encrypted:false
        SSDEEP:768:p3NBXFU4rm5fkbJvenfzm+R6h9i4Y+hsfqRzQmBq0v:pvX+4u4vIRRQj/RH
        MD5:7E6BC1CD169E4F78D9529AF34A876F00
        SHA1:DFFC159CF71BDE5DCBB65916305684F6B43D45B1
        SHA-256:DDCA10C16E1DC7A1B399C14580F0AAE23014851E57D224CB96C260E6D649D2AD
        SHA-512:C51F07B79CF11CA34E5B5140BCED5AC6F50A923C85C875D31AE576C7FB2D64FD7A845609CBA20E87016F15803AC841C8A24DE433F59E200C11DB5149DC3936C8
        Malicious:false
        Preview:PK.........x#F................META-INF/....PK.........x#Fx...............META-INF/MANIFEST.MF.....0.E....,u..T..]u..QP.Jl..h..F.7..U..s.3..F..x.G.(kR...$3oIV.....0.E1%...c...;?..a....Cg.d^!L....>.]J.gU......h(...R....0....Ba.t...l3.....).{.........8k......u].F......5..We$ ."a\0.....(M.3)..PK........|w#F................com/PK........|w#F................com/jgoodies/PK........|w#F................com/jgoodies/common/PK........|w#F................com/jgoodies/common/base/PK........|w#F................com/jgoodies/common/bean/PK........|w#F................com/jgoodies/common/collect/PK........|w#F................com/jgoodies/common/display/PK........|w#F................com/jgoodies/common/format/PK........|w#F................com/jgoodies/common/internal/PK........|w#F................com/jgoodies/common/swing/PK........|w#Fk?..........&...com/jgoodies/common/base/Objects.class.T[W.W..N2.a..U..j[.....@.J.V4.kRl.i...`2.N&....?../>..Y.....k..|qu.. .`.V....}=.....0.M...V....U$5(X..m.,

        C:\Program Files (x86)\PWMinder\app\jgoodies-looks-2.7.0.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):400791
        Entropy (8bit):7.888494042694628
        Encrypted:false
        SSDEEP:6144:I7CVxez0YiDb318jWT3+0Yv2TN10Rq38i0D2vA5rOi5N:IOVxezibllbWv2TtMHyvtON
        MD5:F6F746EE51C49A2D91E30BDFC8043443
        SHA1:7679705B2D036267407138983611A4DD3EC9B72C
        SHA-256:D7DFB4D041C28EAE836AA0910C91C1B95B29C28E833200D2EF6D311FA66B4C6D
        SHA-512:FBDA0C1CC3D6895F98FA6DEA00E67020D88BD411D9C2B9F5118AFF85A1F666ED5E885E28D322AEC19A87E53BB0FF9C541E2EDB741C0C1C06C1421056D8C65964
        Malicious:false
        Preview:PK........Ox#F................META-INF/....PK........Nx#F.M.............META-INF/MANIFEST.MF...j.@......s.....Vin1..m..x-k2.K....".}S.....?..?3o...C.;....@%....$yo.O.!.....h".b~..g...i.W....M."..{.&............":.6=V.....[.[.`U......}...K...k;t5..oCM<..Pv.....)g.o.C...`D.W8...@K.$..2..fRg*.oPK........Hx#F................com/PK........Hx#F................com/jgoodies/PK........Ix#F................com/jgoodies/looks/PK........Jx#F................com/jgoodies/looks/common/PK........Jx#F................com/jgoodies/looks/plastic/PK........Jx#F............!...com/jgoodies/looks/plastic/icons/PK........Jx#F............'...com/jgoodies/looks/plastic/icons/32x32/PK........Jx#F............'...com/jgoodies/looks/plastic/icons/48x48/PK........Ix#F............!...com/jgoodies/looks/plastic/theme/PK........Jx#F................com/jgoodies/looks/windows/PK........Jx#F............!...com/jgoodies/looks/windows/icons/PK........Jx#F............$...com/jgoodies/looks/windows/icons/xp/PK.......

        C:\Program Files (x86)\PWMinder\app\jide-oss-3.7.12.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):2126936
        Entropy (8bit):7.942775062184331
        Encrypted:false
        SSDEEP:49152:vPPLfCqIaHCBtqICLynX7xZmVecggpwFR9:vhMzqVWntZmVfggpSR9
        MD5:DF5B14FC6E71FD1D925DAB22AA720E61
        SHA1:D2909BECA24844D0E073226C8C9732C5F39A2B5F
        SHA-256:C22DA104E865657FEE24A8EF739A4827545C73132DCF3D584E9551D80DFBD82F
        SHA-512:238842E899714A217E60E5088F09BA218E23D214A4FA36B16958E901730F1B0F3E8F81166D88C686062D73050DD7ED4AC017D9B1B20A0B8F38AD963E00356820
        Malicious:false
        Preview:PK........U..R................META-INF/..PK........U..R..,@F...N.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3....-.I.M.+I,.."$......x.|KsJ2u.RsR..S..J.JSy.x..PK........S..R................com/..PK........T..R................com/jidesoft/..PK........R..R................com/jidesoft/range/..PK........R..R...........-...com/jidesoft/range/AbstractNumericRange.class..OK.0.....ju..MO:......=..WvO.8S.V.T.cy.<...P......x.<y...y.x}.p.....-.....@.R....h.`^.3.0.d!..E"T...7*S.O..u.-..^..FQZ..L......\x..R+.j..%..Z..v.....xUH..~H..D...+E...4..#.r.x7I&R..![,{RV*.W..d.W.5.....2..7.y..}G..m.S.Qw..@.......E..K.!.r.L.....R...l4q..&o}.PK........R..R.7k....-...(...com/jidesoft/range/CategoryRange$1.class.T[O.A..fw..H.E.F.Eze)....4...$..DMt)kY\v........b.....?.G..R1M.s.|..3...|.....G.#.. .:rCP..N!.Y.:.t.u.3..m'L.1$+....q........Y.......-...x._f.N..g..Z...F*.g..v7.fm..3V...[..G..MM.a0V<.....6....RE.6q.q.....=+ k&].>X.K..g.;v./...YaPxQ0...C.R*%,..N.U.8^SF...........Z...

        C:\Program Files (x86)\PWMinder\app\jnr-11.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):510926
        Entropy (8bit):7.9274020095373485
        Encrypted:false
        SSDEEP:6144:pt7EiKisTet9StvA0imDUuH1saxYc6k81/qMZitrbntDNFBZf2FGRYnzfdVi9GJf:PEiurtvY/ax38HiRBBvUzfLHxELCGzuV
        MD5:CC98F540F89DDFEBE6C62A7ACB9290DD
        SHA1:F31579BDC6535D7BA6004F503AB08DA8D1FC874E
        SHA-256:2108C31568860783F13097449356DA945504B92A62AFCE2198558094B5B9659E
        SHA-512:DA417A9FC03F58224A7521E2C6DB17E4ED945A325662F4ABC7A8D008DBA3C5ECD621C472385B0737B3C5CE68A7C3BFE5AED4F01A69B08FC885DC6484C0D153E1
        Malicious:false
        Preview:PK........e.'S................META-INF/....PK........d.'SO..LX...d.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...,x...R.KRSt.*......-.4....sR......K..5y.x..PK........`.'S................org/PK........`.'S................org/violetlib/PK........`.'S................org/violetlib/geom/PK........`.'S................org/violetlib/jnr/PK........e.'S................org/violetlib/jnr/aqua/PK........`.'S................org/violetlib/jnr/aqua/coreui/PK........`.'S................org/violetlib/jnr/aqua/impl/PK........`.'S................org/violetlib/jnr/aqua/jrs/PK........e.'S................org/violetlib/jnr/impl/PK........`.'S................org/violetlib/jnr/impl/jrs/PK........`.'SV.).....L...1...org/violetlib/geom/ExpandableEllipseOutline.class}R.n.P.=w@.x...T...H)j.4&....I..lf..E...k.-l{...&..M|....}..5.mn..N.9..~......O.$..$t$%R..*..k.U...v......w........s..@..f.FFGV...@..;.....I..h..U.k..g\]..s.:Q.....23Z.U.^.E......P.(...c;'.,p....Hv..C..M..Xe..GL..

        C:\Program Files (x86)\PWMinder\app\log4j-api-2.19.0.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):317566
        Entropy (8bit):7.908322270636156
        Encrypted:false
        SSDEEP:6144:2PtlX2DwtInh3m2mobY0y9EL4Zmy1DVHoFg2r6bCu1VOWarmXLR9SfaLqsSDNb8c:OlX23fmobp4ZfRighDO+LR9sNxIE5q2
        MD5:A7F8FC9751CDAA237A1E18059B4887DA
        SHA1:EA1B37F38C327596B216542BC636CFDC0B8036FA
        SHA-256:5CCB24AD9F92E768D0BC456D3061A737951262DF803E004D2CAD096B75A88D60
        SHA-512:F7CF3647ED90DE7FDEF377E4321AA9B9EA2512A46D99109B359F7FC5DCFE6D3AE9F879C212707EA4FD16D358D10D21C56D5178EC4803504745DE6FE48C66C3F7
        Malicious:false
        Preview:PK.........R-U..|GH...2.......META-INF/MANIFEST.MF.V.o.0.~G..@y.Z.8.d]BTi..M.j.i..&.....1M....$.$.t{.............e...0.y.C:.q.F..{.|.......k.....1......ynO........vI..g."........9.....0dQ.....Lc...,.p......P....A57..>{Y.q%..1M.D.l. .]..w;.Aw..8.q9.9.!RT.&q.Q .}..k2.i.>....-S..fP+.j.^_..o..M`B#.........s......n...D...k.?"K...S^...O.8...a...k.V%.,R #.j.?.$..%b...%L..Y..x.l.K..EK.!..+U.o..<.#......[....tH..-.. .`...X...n.O.H.q..PB"x...;...Rn.7.'e..s.{.8S.Y........u..X;..Ot::<XJCa..-..=..K..I.5L.b....74BC1bV2".F....l...D..vg.n.dz.:6R...@..y.k.:j..rP.dn<.o.UfD.=KU:...3.........sW5...U......8..^.>....\.Y..m.Z.;.;..p....s.=.%]..$.....LaEz.+.D......2Y.k.~......"2.@.$.7..A^>....e.g."d..1.T".'.|h(qM.L-......l..RLV..+.L.Bp...M......8.:.w..{...f7.7.F....\.U.d.T.2.O.Y.N...Z...}..1C.-.!(.... ..H..k...2..W.c.G:..^o.&.MR....>..fh..9..q.m.......E....i..PK....|GH...2...PK.........R-U................META-INF/PK.........R-U................org/PK.........R-U.......

        C:\Program Files (x86)\PWMinder\app\log4j-core-2.19.0.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):1864386
        Entropy (8bit):7.890502550882888
        Encrypted:false
        SSDEEP:49152:eCBdQ2xUbmi6TFTeI3EFRSd4r7Tcyb+NQ/QpJXpEfAD:eDuPA8c7YaU
        MD5:B7F521926226A16531F8E212B1DA1FFD
        SHA1:3B6EEB4DE4C49C0FE38A4EE27188FF5FEE44D0BB
        SHA-256:B4A1796FAB7BFC36DF015C1B4052459147997E8D215A7199D71D05F9E747E4F4
        SHA-512:1300ADA6F86818EF4DCD17448A8965C1C6DD41EC414DE2B2A5BAFDF25D03C12100FA9E8F422D7B346F2984E5DFB3D599F8C1A971A6BCACA0CF938943D06364E7
        Malicious:false
        Preview:PK........;R-U..J#&....O......META-INF/MANIFEST.MF.\[o..~70.a..".<.g<..c.hn-....8[..B.8.lI...K.}.!..).*.(..gD~"....."*.-...?hY.....dv.).....1-*.....].9>~xx ....P....L<...~....O..9!.c...|....-....t.3v}..............ez]..?*Z.I.5.....+..Y.x..=._.d.5......&...OO.._.V.....|...uT..a.E............)..:...C.|.......F........(.....]...G.....|.....G.-.l.7.}.Hn...^....K.<:}yx^.e..m....(;.YN.....8!*.&iD`X.D..,...[.!-...D.s[..DE...e.....=.. ..BNOC!....B..4(...q..C.NG*..Dut..I(...DW..H.8.N....."UmZ(.[:T.%M6`...3w.X.....`Y......g..h...I.Fe.0.$...h...p...2.j.?{...y.=.S(...H*A+..8...>E....4...&iU6....T.......IR....q_z.a.N..]...J}1....YCv%.iU.?k....,..O......0......Y..s....b4..p^..8\ N"i..+h...}....ky.:....D.,..4.../RU.*.SnW...uOj....Eo...../U].(.~@.2**.L.....(K...#)J..=.YQ...w....V...jif..YB.B"....>#....W..,...n...F...Y...P..&..n...p...p......A....<...w.;....F.+....K.P.55`..x..2.c...p..5.2.`.&VOEl..8.0.-..k.b...+."..~4./.+..q.......g0.=..P.Y...

        C:\Program Files (x86)\PWMinder\app\miglayout-core-11.0.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):105405
        Entropy (8bit):7.9685488108378575
        Encrypted:false
        SSDEEP:3072:LpqWnb3aDirStl5SPtrTX7NFnZpAar6jlIiK:LcWnbKDiOAVTZpX2jGiK
        MD5:F0FA213B9170E80B1A5DFD09AF0CAE3F
        SHA1:99ECF243C6A64A038A568DBF8421928DB9B5C3B2
        SHA-256:812B9C8A8F326098A43EB9550229DD31100C49F81680EECDF6649DA423F0BE9F
        SHA-512:092CF82B095E619E96244E3B114F985C6854332C779F14C78AD1AB61CA85C2C2139E29851947492FD71DEAC522E6FA721FC5717B17DD8F9F98E417B1D25CC159
        Malicious:false
        Preview:PK.........K.R................META-INF/MANIFEST.MF....MQ]O.0.}_....`.e.H......0C..^..qkg..{;.......\h<.....C.3.Y.Gk....sF.j!?........J .)P...R...Ew5. ...n..Qx@P...y:.O.|...Q.g..../i........NZ..e...7.l.O(...).[i...d.....|z_g...tb..(43..W..x..+;^..E.=...UTp.....pw..&.u$i*Va.m..-......XO.B~."h5.V..`Z..cq.d.A'....|7h..E-.X....W .X.B.`..`x7.b..q........(..Sf...{..I.4If|..d.Gq..PK..j..R.......PK.........K.R................META-INF/PK.........K.R................net/PK.........K.R................net/miginfocom/PK.........K.R................net/miginfocom/layout/PK.........K.R................META-INF/maven/PK.........K.R................META-INF/maven/com.miglayout/PK.........K.R............,...META-INF/maven/com.miglayout/miglayout-core/PK.........K.R................net/miginfocom/layout/AC.class.XyX\....7..f.`.@..$D..f.X..CB$....+J....x!/.f..`..Z...nim].......I....R..Z.Y.m.._...j.z...a...o...s..;.{.<..#..\....!........E.n..g=...7......y~|...~..._..!~|.._a.[..Un}-..r.6.

        C:\Program Files (x86)\PWMinder\app\miglayout-swing-11.0.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):22899
        Entropy (8bit):7.8902564137646864
        Encrypted:false
        SSDEEP:384:E/Ck4YPzn5h2kGhBMZB5ZyScett1lBkGKb4P/mdHykhrO30sM3:E6YT5X2BMZB5ZRprCboMXhr3f3
        MD5:178B0CF219E824DD7BFFF4F63B838557
        SHA1:EA244BE3C4A16C541413C4FEBDEE539B348C744B
        SHA-256:7AA9DA079E0ED628A3672F8DDD1B6B05A5A3EC27639F82370956748943989BA6
        SHA-512:6C6672C5C2F3F6B6701AC1D6117F0E72966AB88CB7F28468E85F0C9AD8EDB74A6DA311D15F68B9815AC108C3D03CBF19EEF6E80564BD34F74806DDFD035DC4BC
        Malicious:false
        Preview:PK.........K.R................META-INF/MANIFEST.MF....]R.n.0..#..V.U"...&R...t..TaT5.nfe....l.6y...!...>>..d\b..F...*..F.0x..-.h}L...o@2..I..5..P....ZDO.#.P81s.....).%.p..'w..8Nn.W".1e=dOi....>&.......`.....,....qr>e\..4).&.=..".`..@J.m..l..S.9rI..f..b..A.w.e.R..$.._...Q...c.+.........f.._.o.5.xh...3/>..D..b...>'..c....].0Z.g..%W..v..?...k...M..i...=.,...3.....4...gMY2qi/.C...oy.5Z.Qe*........|3>c+....d.i.....V.N....'..8^.E...0...PK..q.d.........PK.........K.R................META-INF/PK.........K.R................net/PK.........K.R................net/miginfocom/PK.........K.R................net/miginfocom/swing/PK.........K.R................META-INF/maven/PK.........K.R................META-INF/maven/com.miglayout/PK.........K.R............-...META-INF/maven/com.miglayout/miglayout-swing/PK.........K.R............&...net/miginfocom/swing/MigLayout$1.class.S[o.A........E...Mi.a...M.@5jj...#......h.G..|6...`.....1.]Q.4.3s.9.w.s......q1..........qB.I.a.=..#.

        C:\Program Files (x86)\PWMinder\app\not-going-to-be-commons-ssl-0.3.20.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=store
        Category:dropped
        Size (bytes):190116
        Entropy (8bit):7.943718157296125
        Encrypted:false
        SSDEEP:3072:MhRE3Ha0oHX70kPlOdCStQwFqepYg5WsZPfCguzUEnLD/DY7kw006/slFNJONkIQ:MUaN70MStQwig59ZPfCNnH87E0zENkxB
        MD5:327A7CCFCBF2D5BD032634B8BDEAA83A
        SHA1:7502C294B7FEA7ABBD171A7DF15FED3BDB1E368C
        SHA-256:0E748E762AAB3FC692BBAC984633668FF28C17CAB0671F0425F85DE81819C34D
        SHA-512:59EB42519C3F7EF2B4CB18242222752254D99676304EDEC8596F03B3C1D534C5D1F70EA4E3B4F400BA027CF9F82D14BFA4B82245CBBB51338D969239F36CC1C1
        Malicious:false
        Preview:PK........|IlN................META-INF/PK........|IlN................META-INF/MANIFEST.MFe..N.0.E......q.".....j...-r.ib..T..1A...s..w..=a&x.m.J4....O.=..T .,9T.9.<D..8D..6...2....__-[yW*....._yq.9g.+p....tW%.5..6.5a.....b./.D+.e....?..^...Y57K.^.J.DSVU5X..4.WA....U(....E8"...g"C.3..PK.....o....&...PK........sIlN................org/PK........sIlN................org/apache/PK........sIlN................org/apache/commons/PK........sIlN................org/apache/commons/ssl/PK........sIlN................org/apache/commons/ssl/util/PK........sIlN................org/apache/commons/ssl/rmi/PK........sIlN................org/apache/commons/httpclient/PK........sIlN............&...org/apache/commons/httpclient/contrib/PK........sIlN............*...org/apache/commons/httpclient/contrib/ssl/PK........sIlN............0...org/apache/commons/ssl/Version$CompileTime.class.W.[[....Hr..@.iik..p....[........9=$'phr........s...z...^....Z......_.G..N....)..wy.....;...w/.."..p.Qp..2.RP

        C:\Program Files (x86)\PWMinder\app\swingx-all-1.6.5-1.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v1.0 to extract, compression method=store
        Category:dropped
        Size (bytes):1495328
        Entropy (8bit):7.908558330691433
        Encrypted:false
        SSDEEP:24576:2RRLsOfh9orWGa34oXRkUPvgZ4Ka4/uEy4+232LV3HGFAeLtixT:IwWkKhXuUHKO4GEybWClHIATV
        MD5:8F978C9184E5864EA90914052A781B1D
        SHA1:1EA704CD8779F8DF8A3D345EE1344239E7774D52
        SHA-256:2A4F82979CD16D8F1C9EEA232A985DFF62BF69C4794A37B96099B20D322907C0
        SHA-512:FF905482EF5041DDCBD3C496D2097A97027A367DABED0B6EAE3984B294360E910CD69BC67B5C300EFF97CE01D1443FAC4FF145AE006992BFFBD209AA1FDFF45F
        Malicious:false
        Preview:PK.........[B................META-INF/PK.........[B.!D8i...........META-INF/MANIFEST.MF...n.0......~.....[.M.d.j..m`,&.H.$.cO?)i...6@....Q.).^..-....6$.(./..d.......9.{..O.I..,.........l.G.iR...u|o..p..A./..[x(.}..&..x@a.:#yC..(.O$v.Y%...?.....S~....I...(.zW...1..s...g8.m.;C..R.M.3..t(....m.r0&M.p..Dpv...!..7.%l..."P\I.A..p\..@...wM..u(...].x..J.....Q.G....o.jo<....M.j.40r...4..s...jg.,...Ps..@...;|!<..c..Lh.X....x]...E|...j...l.C..?ljN.!.ss.]..'-{...2..j.W$..9.".A.*ao.W..t.k.>.....$.C......%B....m........E...F..\-..h.........,.Q}...+&......R.W..(.6t.-.....k.GjcH...&m..iv...;`.T.."X.V.x.....fz..r..:....o/1 ....:.m.F.f...... .'....tm...]#a...... .gl-...A`....+_v....PK.........[B................META-INF/services/PK.........[B................org/PK.........[B................org/jdesktop/PK.........[B................org/jdesktop/beans/PK.........[B................org/jdesktop/swingx/PK.........[B................org/jdesktop/swingx/action/PK.........[

        C:\Program Files (x86)\PWMinder\app\vappearances-3.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):32787
        Entropy (8bit):7.959128165950779
        Encrypted:false
        SSDEEP:768:Qv14S8Jp2GaaS0AXfvsEQ/xvXdC0Pri9onWCIM2:S+SZfUp/RdJri9oti
        MD5:0836FA7BB3668541FA31AF46356CF18F
        SHA1:1D3367522A1C8269489C8CB4E709E7BD75C83F78
        SHA-256:F8E5B21D63C35F70E431A118F446D04EA6524D9C6677E4A0389DC8CB72FD2BB1
        SHA-512:4BF8BF35CB3819794D125DF402AF14EE221D76564B5E0E3B2277A3E19D759A38E17860F3D14AB1614D603C489F83CD5904B563D5AFA2F770FEDFECAFA12B5067
        Malicious:false
        Preview:PK.........s'S................META-INF/....PK.........s'SO..LX...d.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...,x...R.KRSt.*......-.4....sR......K..5y.x..PK.........s'S................org/PK.........s'S................org/violetlib/PK.........s'S................org/violetlib/vappearances/PK.........s'S.#..........$...org/violetlib/vappearances/BUILD.txt3202.5..50.12.2..22...PK.........s'S. z&y...........org/violetlib/vappearances/NativeSupport.class.W.{.W.~'...LHX e.. l67/(.Aj..). ..@.N.C...Ygf...V[.V.xA)m...K.!.M,...EQ....<.......i|..M.I...;g.w..]..~.\.....l..#.@..*..Q.p\...-..k..9n...jv....VP.h..#.....Zh...;.>n:..[.H.............1..f..f.L..vL.2O.i....m..P/~W[..^.C<....7...9...>b.!.U..z.;....z.9j.E;=....v$z...t..(....i.u4...p'....m..urvZ.I.Flb`.!..u].U..Q..P.q.Y...6....&<..(...U.E....C..4.....1......`.....D.....<}.P.6Q&~.....b....?..9J.....]..{j....c.hUp.r.{r..6...!.U....fL..x..Y*..o...l'S.Pl.mk9 V...;"Hb.....Z.w..*R...o....D..;......?.Y.

        C:\Program Files (x86)\PWMinder\app\vaqua-10.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):2235078
        Entropy (8bit):7.947568556167778
        Encrypted:false
        SSDEEP:24576:VUdW7uNSLaHonVZmd6+xtRSBxzlx5hQ68c0brjfr2juwzXImnzqgh7PhSkHELHF4:VqSuNOaIAOxzl1xE/KyIXtDh1HELllIF
        MD5:B8C6865DFF79053CA7F510AD55B921E3
        SHA1:52A66177B7B03C81CF638EBDFA1F91BF5639C1A4
        SHA-256:7B86606C5F4C765B36328530BDD27F9C7996D0D2B76B566328510013CC787312
        SHA-512:949F86E7319F117BFCB70D49A7E4022F21E0CC855C51A8BB1BEBE792A3474351A909BF4480244D69B0B02FE84DBCD79D0A62E8BA22E0A73D85A2B9818A65B708
        Malicious:false
        Preview:PK........t_-S................META-INF/....PK........s_-SO..LX...d.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...,x...R.KRSt.*......-.4....sR......K..5y.x..PK........t_-S................META-INF/maven/PK........t_-S............"...META-INF/maven/com.sun.activation/PK........t_-S............3...META-INF/maven/com.sun.activation/javax.activation/PK........t_-S................com/PK........t_-S................com/sun/PK........t_-S................com/sun/activation/PK........t_-S................com/sun/activation/registries/PK........t_-S................com/sun/activation/viewers/PK........t_-S................javax/PK........t_-S................javax/activation/PK........t_-S................libVAquaRendering.dylib.dSYM/PK........t_-S............&...libVAquaRendering.dylib.dSYM/Contents/PK........t_-S............0...libVAquaRendering.dylib.dSYM/Contents/Resources/PK........t_-S............6...libVAquaRendering.dylib.dSYM/Contents/Resources/DWARF/PK........t_-S.....

        C:\Program Files (x86)\PWMinder\runtime\bin\API-MS-Win-core-xstate-l2-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11728
        Entropy (8bit):6.672282124280155
        Encrypted:false
        SSDEEP:192:vn41usjf5bWWBhWSWYnO/VWQ4mWeZvmF4EHsqnajKse3pt:vn41usjf5bWWBhWIUbmF4UslGse3z
        MD5:DEFC34FAA61630DB1218170F389788AB
        SHA1:B6445CA0759B5D37D3341B4F760378BB17A09783
        SHA-256:044CC370D38456DE51D85AED25681AE40240DCB5CB2F809B681EF6FD1866B90B
        SHA-512:96C5B679FB39110094C759C6984D977F586592C918DF1BB2915936C19BC2912EA3048D0EF8F41F4C380FAFE7BC18A4F936538FFB2178E97756E9EA12F0391DDE
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Joe Sandbox View:
        • Filename: PV4Br3B2Al.exe, Detection: malicious, Browse
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...@.T`...........!......................... ...............................@......~.....@.........................`................0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12240
        Entropy (8bit):6.612978494471077
        Encrypted:false
        SSDEEP:192:IlxoWBhWbWYnO/VWQ4mWdYgV5goqnajKs0Vc5:Il2WBhW7UY3V5nlGs0VW
        MD5:13FE5561EB3DB2CED126B79B79790799
        SHA1:384D673742AA451827F208DC05BECDF9958ACA85
        SHA-256:6BE5B5755C8C864096279FF311E3B0A77865E0AA7C6FFC6E6CE2622C789E43B1
        SHA-512:C388A50CE16C0798F43988FEB06B65B7D29B489CBA0A830CED1ACAEDB540B2D921F8D0416ACC6ADB7E3565EEED1D27062942ABC78873264A1A05E5DE495B294F
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Joe Sandbox View:
        • Filename: PV4Br3B2Al.exe, Detection: malicious, Browse
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L....Z*............!......................... ...............................@......m.....@.........................`...+............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-console-l1-2-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12240
        Entropy (8bit):6.6629297212483465
        Encrypted:false
        SSDEEP:192:PBuh8YWBhW3o2WYnO/VWQ4mW8OT2wNLrMhEqnajKsZ9WGjg:PBcWBhW3ocUCTVNjlGsZy
        MD5:CE582E3A15CB6776599A8AAE328831AD
        SHA1:71989C59B61A97C365AAD70DB69BBF6BDEE99552
        SHA-256:986A6C94776691DCC162D0AD49788C85E39BA255406CDDB42826FD98F12B4ECB
        SHA-512:6C27EF58B2DACB808FD818E69C058E6D1E3BF9C006D0887D3F0F2FE489852EACB49C25DA85444D84378FF4675AAE3859511C3460C1317CE6637E0C4B8AFC03C6
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Joe Sandbox View:
        • Filename: PV4Br3B2Al.exe, Detection: malicious, Browse
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L....+.............!......................... ...............................@...........@.........................`................0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-datetime-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11728
        Entropy (8bit):6.621407370112907
        Encrypted:false
        SSDEEP:192:7+WBhWWnWYnO/VWQ4mW4hUj0j21EhqnajKs0qMl:7+WBhW0UmgqslGs0fl
        MD5:75D6DB7F779C887EE80962C18A411500
        SHA1:B76F21B4F8BC6D6F99F659CAF3A45E1C62E83B51
        SHA-256:51EAAAB1E5955DEDB71E27E77F8BAE0F960969487D115C53F38955ED7F34935F
        SHA-512:B9D902BB590DB08AD0D53410DEEA583EA77E74655CEB53A67DD0E74C0B358159C3E53CC0BDFB4838089BF5F8953499A45545E1F885134924D71B83026201E63D
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...I..4...........!......................... ...............................@......p>....@.........................`................0...................!..............T............................................................................text...p........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-debug-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11728
        Entropy (8bit):6.624124218922203
        Encrypted:false
        SSDEEP:192:wWBhWEWYnO/VWQ4mWdqq20j21EhqnajKs0qF4S:wWBhWyUZp0qslGs0aV
        MD5:FE7E3A0FE5CD4D960B208DB3F19F1945
        SHA1:13B5186FC3147DC9CC42648A265BD782E7BB6300
        SHA-256:6CE67FA67155EC601F42FEACD7FAF91A7DD9BD81070A5BCCF0BD12B4D8563B83
        SHA-512:D431D5E1982F02936234C7794FAF35530674305B3B8585AA0A3DECC4F0C598F19AD8597B018344D4E31BF9CC9F600771556EE388FF9037B6851F05BA2DDB91F1
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...IGc............!......................... ...............................@......*.....@.........................`................0...................!..............T............................................................................text...{........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-errorhandling-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11728
        Entropy (8bit):6.681604139827226
        Encrypted:false
        SSDEEP:192:jm1mxD3zWBhWWBWYnO/VWQ4mWAoi6dej21EhqnajKs0q9Cc:C1QWBhW4UsiweqslGs0oH
        MD5:91E6C1406BD499FF4B941D133D1898AF
        SHA1:4C9D0DAE41E235CD85C5665E42DBE92BE4FF9AB6
        SHA-256:BCCAD347EFCCC5E791929E30DC3ABAFAAB636CDCF23A7B68F3DEED016DD32083
        SHA-512:0E073DA892632DD1723FACF47A278422864E8E3CE4371A34AB2637999EA284E533ABF6B7BB321C6538BAD5B30C650ECBC56C48ADEA4C7BD2A030A182CD5B54B0
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L....#.............!......................... ...............................@......w{....@.........................`................0...................!..............T............................................................................text...&........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-fibers-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11744
        Entropy (8bit):6.6108542065001465
        Encrypted:false
        SSDEEP:192:dFhWBhWPWYnO/VWQ4SWdCbgIsmsqnajMtzGU:NWBhW/UhJs9lQtqU
        MD5:2ABB9BC8F00A5AD6EF2D6E4BE2B14ECF
        SHA1:51F1B7673FB63681809F8F69868A17076FF08C52
        SHA-256:D151BECE745A4749C3C117DB0DFB61CCB2E2742C72D9B0F1DB49E70EE0239DD3
        SHA-512:BF4D40E869EA83E9664F9AE96F72606AD94DA6C2A03CA59DC11D03EF1A661A4BE110098A1A3BA6AA1B61191F67BA3600E6BE93AEB41A38194A198FB18BFBB429
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...Z..y...........!......................... ...............................@............@.........................`................0...................!..............T............................................................................text...H........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):15312
        Entropy (8bit):6.575543244668128
        Encrypted:false
        SSDEEP:192:7SYPvVX8rFTsJWBhWDWYnO/VWQ4mWjx4iQj21EhqnajKs0qxm4:xPvVXbWBhWDUuQqslGs0H4
        MD5:070EFDCECB04C8CC7E1A8DED9A220940
        SHA1:5DF40DB56A5A60FB24E15D65A50780AE70200496
        SHA-256:A4C20AFE0F39CC27BBD55F98F94057CA8FD2BA72B920FE0F70F0742B26559D76
        SHA-512:34D5CDD4124BA0816D05282AF71A0AD6D082F8FCBE30A93707F167EB1B2E874147E85039DE3F387C7AAA1803140EC0AC338222850D9FEAA49DE131385358C0BA
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L.....6p...........!.........................0...............................P............@.........................`................@...................!..............T............................................................................text...g........................... ..`.data...@....0......................@....rsrc........@......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l1-2-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11728
        Entropy (8bit):6.649775485818372
        Encrypted:false
        SSDEEP:192:oWBhWcWYnO/VWQ4mWrjIsLrMhEqnajKsZ9LyNb:oWBhWKUUdjlGsZQd
        MD5:6E4AF6C8B50295CE9D2C7C89F6827334
        SHA1:86154197AE4765B638F884B47527C800C37D9CB8
        SHA-256:BE76CE72975A4E917325DB17410E50EC006BCD95432197370E601DC00E81444A
        SHA-512:C379D132A42B80DCB06C17A814E78BE1795AB8D07B15615AC268DB8FF5885E4BC7C46D1290CE23D162AC31A7801BD547CEACAB5048A57248C970CF78BF8C73F7
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L....43............!......................... ...............................@............@.........................`...L............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-file-l2-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11728
        Entropy (8bit):6.749541592055871
        Encrypted:false
        SSDEEP:192:2WBhWCEWYnO/VWQ4mWA8WgoqnajKs0V9x:2WBhWlU0WnlGs0VX
        MD5:47B4DF281BE629B8823AE65946C51479
        SHA1:B2D0E2762FFBF1668AD059DDC3BC3404D9130465
        SHA-256:B2BFA9DE580940824B81A96067D5715A14638F93F18EBDC9182A1DEEC3443CE8
        SHA-512:91CAE8D061B99545489F5F99613FA297223EBB1C478E791F5B276DFB18101CE4F24982B5A6A01956DB19BC6B1C93E19FC862D55BE3F6245944C54347E9E0D744
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...+v(............!......................... ...............................@......QE....@.........................`................0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-handle-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11728
        Entropy (8bit):6.653663560483679
        Encrypted:false
        SSDEEP:192:T/WBhWQWYnO/VWQ4mWHNcoSLrMhEqnajKsZ9ozfO:DWBhW+URBjlGsZIm
        MD5:3C8648161E4FBF415E888626EB927957
        SHA1:485BDA61BCEB014B3E7818E98C4642A87CF1BAE3
        SHA-256:E02506F98B4561BB3F6C07C6D9927649AD2FA7BFCB3174A5BEA29861739B6C55
        SHA-512:2A05FF6B12D9E9B0FBB5FE831A42917C930CCA2AA268BC1D7A27E05D2022F9584AD6D5D52A78DC805AA2198BE85F3442A2AE6B74F5AFE1C55493A43924C8A8F1
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L.................!......................... ...............................@......D.....@.........................`..._............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-heap-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12240
        Entropy (8bit):6.597715516660009
        Encrypted:false
        SSDEEP:192:eMl2WBhWEWYnO/VWQ4mWFgRgoqnajKs0VZw:eMl2WBhWyUFnlGs0VZw
        MD5:5EC595F2EBECD32B35AD2DFB2822EC73
        SHA1:03766443ED42646761B5B194C402B8123C22D876
        SHA-256:D5F66804C31B26E79619601B87D313B55B7F7B94870622BB04F7C0AADA8678AE
        SHA-512:A2B32B8271B3F78C4945342FAAF6A59B528317C67F7360D6D81E1EB09961F690EFE5906639F4AEEAE735327796B6C84D2AC154614A4EA3F019241F047A659D04
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...3..U...........!......................... ...............................@.......p....@.........................`................0...................!..............T............................................................................text...h........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-interlocked-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12240
        Entropy (8bit):6.6473154908472525
        Encrypted:false
        SSDEEP:192:GV/YsFEWBhWnWYnO/VWQ4mWWbUjELrMhEqnajKsZ9D1T:GpYsFEWBhWXUeEjlGsZv
        MD5:0BDC5D21A0F3A13FFA5C88A939C8C94C
        SHA1:54A9BBBAF4062B7DABEE866CDD3AE49DB8BA0255
        SHA-256:B7BAAD7A6A3CF241CC00AFA0D126E68C1B0E42CC563335F74372C323CFEFD4A7
        SHA-512:5DED56185CEC4E912FAE9DE1CEED14F5CFE783F097BF79DD23C0040DAC24B3B1B98A50F8E17065A5014528474DFAF141DCD26DF45F366AB5C2E580CC158F391C
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L..................!......................... ...............................@......}B....@.........................`...Y............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-libraryloader-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12752
        Entropy (8bit):6.608486508464964
        Encrypted:false
        SSDEEP:192:xxvuBL3BBLsWBhWcWYnO/VWQ4mWLqP0h64EHsqnajKse3p0jGl:vvuBL3BGWBhWKU864UslGse36Gl
        MD5:05C848C3D74ABCF7443A05780EA3AB92
        SHA1:102038B6E371D38E4CFED0DB8AB8B6FDACE3F0BE
        SHA-256:96849368DD248502827EF59EAB2E7F070C7A2D245261F4124C2B8AB10870FA4B
        SHA-512:40CDF8BD38DA83D237DC669621DF4BB9B90F09B6789352B10135FB14D41519CE84B9311493EB94D7E57C54CD632EED8599316EC2673048B589C08628F89D03EA
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L.................!......................... ...............................@............@.........................`................0...................!..............T............................................................................text...n........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-localization-l1-2-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):14800
        Entropy (8bit):6.540043552122422
        Encrypted:false
        SSDEEP:384:YOMw3zdp3bwjGzue9/0jCRrndbBWBhWPUcqslGs0AkS:YOMwBprwjGzue9/0jCRrndbU0Quj
        MD5:1F41511531BBF040F80DCEBE78155894
        SHA1:22B2DCA8C6F4BC1AC7E6C47E23B895DFC185B9D6
        SHA-256:D4A2127300B6AF2E0DABE99BA7D72E6C852800666BD0E8C157553EBD43BB9BDA
        SHA-512:29D8EDBA45EAD782D6438684257209CEAC79EC270124F9A4084EBE86468D304E9D7F690BE5C398D0A1D937537F78B9B43A77379A1FC6E516DF9627775C9DC100
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L......g...........!......................... ...............................@............@.........................`................0...................!..............T............................................................................text...'........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-memory-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12240
        Entropy (8bit):6.648621018514993
        Encrypted:false
        SSDEEP:192:dYxNWBhWMWYnO/VWQ4mW26Ug4EHsqnajKse3p928:dWNWBhW6UB04UslGse3W8
        MD5:8B0AD9B09637E82720831A1D569068A0
        SHA1:ACAE75F37ACB33DF2A72DCA33DEEC3CA5A0A4914
        SHA-256:F2965D9123AEF9C8BD49200C1F07E8E9E0B829134E5B83AF6EED92CC83B8AE35
        SHA-512:34C0F24289E62209FCB093CA5A13955F2EC7BAAB7D7E94D2D06B3B40571742AFA26E54A915AD598699283423C7313329F0417C70B00F3ABA76A4991E2CA91652
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L..................!......................... ...............................@......!.....@.........................`...l............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-namedpipe-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11728
        Entropy (8bit):6.743980690618845
        Encrypted:false
        SSDEEP:192:uWBhW9WYnO/VWQ4mWkb4EHsqnajKse3pkXZPo:uWBhWNUj4UslGse3SXho
        MD5:80B207D4C097E89089DB871218FF1E61
        SHA1:0D8E9F07452520C52D931B6C7C6926C44DF292DA
        SHA-256:90645C3729039D54191FA7E17E520A38B2EE7110AE541385D8F3231DB57D5855
        SHA-512:8DC849B523656368FEEF1BEE2E83A53BB4D7DA5417736490B1DE7E6AA63BC3AF49345941E9D9C93EDF92087C75CF6709E493C3A38D3CA879A5D11B00C4E8AD1A
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...rw............!......................... ...............................@.......8....@.........................`................0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processenvironment-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12752
        Entropy (8bit):6.6256208208513945
        Encrypted:false
        SSDEEP:192:F/WBhW6WYnO/VWQ4mWoyLrMhEqnajKsZ9nc:F/WBhWQUOjlGsZC
        MD5:4CE2581038D217453CDCD11F082F9A52
        SHA1:1F47B61805881C9B3BCE0D954ECA9A6AF34F83BC
        SHA-256:CF49C84BF62726928F5F75C4D08E2BFF74B5DBE710C8E914EA26104BCBED2302
        SHA-512:C999489C6618AD50E2256E9DB6366068B8B613FA518213D9CD48356DBA2C133688C5ED489133364993D5E6361DB1F94A9FA75BA034599F38A45C439584DC3F3E
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...\..D...........!......................... ...............................@......*a....@.........................p...G............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):14288
        Entropy (8bit):6.534222066734385
        Encrypted:false
        SSDEEP:192:+/8uk1JzX9cKSIdWBhWuWYnO/VWQ4mWdh3lSgoqnajKs0ViJ:A8uk1JzNcKSIdWBhWUU4EnlGs0ViJ
        MD5:CE3240C6D2768D60B70FFA3D3844B172
        SHA1:DADD22D79FAE4AAFB23BD8131C0DF4899AA5976E
        SHA-256:FAED7625C78B6E040AE62B9D37824286724CF6776A2B9BBD728E21F5FFA97852
        SHA-512:0B8FAF0F51A3C79A906C9A084A49B1B5E30872065BD9D523D91DE20B6A6D65BE136B6CC970E8F547B80C3AD8C5A241697B6D1A92BC31A85EAEC2A85A45C3AE46
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L....0.M...........!......................... ...............................@.......^....@.........................`................0...................!..............T............................................................................text...C........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-processthreads-l1-1-1.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12240
        Entropy (8bit):6.678158514324658
        Encrypted:false
        SSDEEP:192:ZkAnDfIe1WBhW0WYnO/VWQ4mW6mzLrMhEqnajKsZ9Eeu:ZkAnDfIe1WBhWiU8zjlGsZvu
        MD5:CD7430FFCF4DCB98DF8D78DDCFF1006D
        SHA1:D68E704166581AE79F8E8EB3CF08DBAA29701D86
        SHA-256:2F9747A23A0A8BD1C6E70B3BC015DC45F8A9A8EEAAD96CA2302BD3E0C33FE63C
        SHA-512:A77F78EF0D75D2DC5B5C1106AED4DE8CFDCAE2559A5AE50B73C098892B7DBE7F99E8AE3A25476A02EAE393BDDF37B376A60845903BFF978DF3C78DD7D5671512
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L....+&5...........!......................... ...............................@.......I....@.........................`................0...................!..............T............................................................................text...:........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-profile-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11728
        Entropy (8bit):6.610965869568621
        Encrypted:false
        SSDEEP:192:CyWBhWIWYnO/VWQ4mWZNcXFrLrMhEqnajKsZ9V2M:CyWBhW2Uic1jlGsZbH
        MD5:700D4B768074DB0C0C3BB6DB65F32B22
        SHA1:6B6014BD328D1F0543BEF7BF0EAA811BD4968BB8
        SHA-256:C0AA88C945072BABC04E549B9085EFE483F2EB2F60C66502FA68D956E45334C4
        SHA-512:BE47014E32F505742C011DBA215D5969927E008DF41A9107AEE3EECBD617EB7DBB03F453D0071C4FD2DDEDE0B33A90EC6DC1CFB4135D31DE8ECEA1060DB43632
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...p.............!......................... ...............................@......i.....@.........................`................0...................!..............T............................................................................text...5........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-rtlsupport-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11744
        Entropy (8bit):6.606845307408541
        Encrypted:false
        SSDEEP:192:BGhWBhWKQWYnO/VWQ4SWUeJqqnajN6z1Yf3:BGhWBhWK+Unlp6z1w3
        MD5:8CB7321D590EEF0CC48D643D1B9D7C9B
        SHA1:ADD669DDCAF9A23BBF524732C091F71E7E5BFE91
        SHA-256:5BA725F1BC75C40D0A5A0A607F843E5C4E86292DC01CE1BEFB86EF46421DBCAD
        SHA-512:BB74B6B26C4E9DA288B8B2E1E0CF4AF47CF41D452EDB33F0D3BF4D653CB3C199A924B4444122045992EC6EBB87308BAFB0EB138260041A9C2AF464BC7B57D46C
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L..................!......................... ...............................@......tR....@.........................`................0...................!..............T............................................................................text...H........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-string-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11728
        Entropy (8bit):6.703890024796369
        Encrypted:false
        SSDEEP:192:a4yMv1WBhWOWYnO/VWQ4mWEiggoqnajKs0VV:/yMv1WBhW0UKgnlGs0VV
        MD5:015AE28F41E02E57703882CFC3521765
        SHA1:75FDD3A2AFD413A14B9C47209EE15647EE3F456A
        SHA-256:5739D3AABBB19D8985C07284EC7E7F8E9591FCA8D6BEAB4D16B7FF22CA192CB7
        SHA-512:DBF7B977C5E0C82417756B03D160D055A5E517F3E361ECE88C737DF3C04569BF7B40CF1ECC87365613737A3ECC850FD46FB706CDFBC37D005662B9CCC9C6DA9D
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...9.............!......................... ...............................@....... ....@.........................`................0...................!..............T............................................................................text...R........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):13776
        Entropy (8bit):6.598439617023524
        Encrypted:false
        SSDEEP:384:pdAdv3V0dfpkXc0vVa7WBhWTUWqslGs03F:pdAdv3VqpkXc0vVaywG/
        MD5:2D219A18F1FE5C5BCAB889BF74817456
        SHA1:97AC747DB3E7BC3ECB2F359894EE0E9C5E4F09B8
        SHA-256:AE59BA27E040D2A3651581B2CA3948006B2E70DCDD7DF82243679C38D4980D7A
        SHA-512:346D9E101E931C0AF54074C702A29151149B049F2458E3392517D93090DAD1875B1850907516CDDB933044B4C8A66936173F2034788C28A7CD0FEAFEE05EA2C9
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L.....A............!......................... ...............................@......J.....@.........................`...V............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-synch-l1-2-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12240
        Entropy (8bit):6.723942882700585
        Encrypted:false
        SSDEEP:192:vc5tZ3UWBhW6WYnO/VWQ4mWK3ygoqnajKs0VHb1/a9:vItZ3UWBhWQU5ynlGs0VHb1/I
        MD5:880908BF98C7D3A67998470B3770AF19
        SHA1:E02759642BC39F588C51AEDFE1058F727B95EA53
        SHA-256:82B50A82E16B54233B95EC63A8EC99D86844ED115796F60C4B00494C1E15BA26
        SHA-512:7C4047D0F1708312AA9E9CB3F2466746E1F571E4A93AC90C6BCA58004951B64E974A6248756ABC4A55AFFB99511C6FF9DA087F9EF8E2B921FC6AF9BB581BAC4D
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L..................!......................... ...............................@......o.....@.........................`...v............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-sysinfo-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12752
        Entropy (8bit):6.621070064200597
        Encrypted:false
        SSDEEP:192:8oWKIMFIWBhWhWYnO/VWQ4mW17VgoqnajKs0Vnkmli:8JtWBhWhUmVnlGs0Vnk9
        MD5:B15827E6DA414B0EAF28983A032CDE60
        SHA1:429647AEC3681BA91FE2944490C212C05CEF5F51
        SHA-256:AD14B0E3EB3CE3CFDBA79A68A8064EDB62A11FBE354833345C4AE6126E743907
        SHA-512:418813A8C845777E2116871ED1C9039B69BB34938D9E9E85752539E9DF6CCE9B3B21463CDA77D8BCB2AE88625410B2B4D20E1D7EE40624CBA7F0DC057D01D2EB
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L....e7<...........!......................... ...............................@......W.....@.........................`...E............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-timezone-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12240
        Entropy (8bit):6.711717221941304
        Encrypted:false
        SSDEEP:192:wyqLWBhWeWYnO/VWQ4mWjxQeyW4EHsqnajKse3pAQ:wyqLWBhWEUDW4UslGse3D
        MD5:4C55353E8F13BBF2DEA1F11CE7D34B79
        SHA1:6EA85FDA4231ED7DC537D0C0DFB36F25CB00A190
        SHA-256:3EF9C1B03931B54E98D6426822A634378A64754CB8FB509DF20B8C8072DD8F83
        SHA-512:ED0EF686668A80207AE644F8396D873457FF23D5D6E24B6E1FF87B4BE632A65224AF987A411B9FB3F9FDB197C456B71C6590AC8C2FDC823787F76798D1A7ADDE
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...u..............!......................... ...............................@...........@.........................`...E............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-core-util-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11728
        Entropy (8bit):6.640499789236732
        Encrypted:false
        SSDEEP:192:zWBhWiWYnO/VWQ4mWQR4LrMhEqnajKsZ9Alw:zWBhWYUajlGsZN
        MD5:4E8F314A1FC6A6EF9CAC0B9A0C4A67FC
        SHA1:700A6771D874A96B0B4C287ECE399C98A012B6F1
        SHA-256:BBAA4FD9157D92DBE443CB6C9BD51D2E88D1497DC852ADD6B5D06E462FC599C5
        SHA-512:53DFFD2354D438420587E1C53267739343E04A7D8D6A29F02867F3571A5064DF04B9B082D8835D9C174BAC85D01B7B3A699542BE41C70503BB7641028287DD8C
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L....v.............!......................... ...............................@......(I....@.........................`...9............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-conio-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12752
        Entropy (8bit):6.646138241902779
        Encrypted:false
        SSDEEP:192:FnYm2WBhWCWYnO/VWQ4mWt4goqnajKs0VIl:6WBhW4UznlGs0VY
        MD5:5BABFCDBE7E6A051CBB46E92D2B1D374
        SHA1:9DFEC59A4DAC8F2B428B0E5F680983182C75F9EC
        SHA-256:A57A01F9466F3152B17F03A1E66D7D394AEB0EDBE8F9CD8CC49B4334994B831D
        SHA-512:F1EF6E61C6639FD116F4D512AAEEE4F3F0A8B33453B0AE33B735949FE7BE047B3DDD8EB1483A328E5936D977A137E510815E7EFB376767C7505F3D2AA3AE0729
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...U..r...........!......................... ...............................@............@.........................`................0...................!..............T............................................................................text...P........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-convert-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):15840
        Entropy (8bit):6.454026885121232
        Encrypted:false
        SSDEEP:192:rT7cyZWBhWDWYnO/VWQ4SWS3+RJMvN/qnajxg8fS:rTgyZWBhWDUU6/lNvq
        MD5:E28F70E327F9B4926D6484DC1A159C94
        SHA1:FDA05D5E0562083801966B3F962D265A6A8855E2
        SHA-256:DABCCCC0F209E83D80024CD063D4E16D2CA2478B483E33DB7CFF40976C3C993C
        SHA-512:89B3B1F65137BF2400C784B934FCD0349BA00675902B2FE48971246E6E1C99423A3B5ADADA797753A7A6F35F50AD980A8404D5A18CFC3606B5CC52B278FB13A0
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L..................!.........................0...............................P......,.....@.........................p................@...................!..............T............................................................................text...^........................... ..`.data...@....0......................@....rsrc........@......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-environment-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12240
        Entropy (8bit):6.618891411839505
        Encrypted:false
        SSDEEP:192:1odpWBhWlWYnO/VWQ4mWRoh14EHsqnajKse3pV/R:16pWBhWVUxh14UslGse31
        MD5:06B191B4F4A1F1FB86BD826AC5F48C2C
        SHA1:B7B454CA07B984FB74C756E60BC4EAE0BC6991A6
        SHA-256:6666E2FAE294C82EAE55B33B6C4A61463DCA84C4B411E03326A71FDE333B519D
        SHA-512:638856717A5DB0E5BACEBA54CF596718C661420C4985DD279A78D42095CADD64527DD2214F0D4E35DE7AB4D531444FEE2CAF5F5941D32C28878FEE2C3B67CB8F
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L.....\............!......................... ...............................@............@.........................p..."............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-filesystem-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):14288
        Entropy (8bit):6.515762527300964
        Encrypted:false
        SSDEEP:192:bnWlC0i5ChWBhWnnWYnO/VWQ4mW68BAUOgoqnajKs0V3:bnWm5ChWBhWnXUDpnlGs0V3
        MD5:499F30D39C72E8620A30BC4E0C7985EC
        SHA1:D57FE510B27C16FBC11BB2042333894ACB5914E2
        SHA-256:A4EE1A6246A4C0612F12901298323612AD4C738429D14075942329CB5AC807DD
        SHA-512:8DB7E3B17474A1462A99E19BB35690B966424EEDD632455AC00DAFA9CC46569BD6E081C36DA52B9C78237A85493C7ABF217D6C3A69098C73BD8C18633B4A760C
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L.....f............!......................... ...............................@.......-....@.........................p................0...................!..............T............................................................................text... ........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-heap-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12752
        Entropy (8bit):6.59337335302922
        Encrypted:false
        SSDEEP:192:reY17aFBR8WBhWjWYnO/VWQ4mW3pUnLrMhEqnajKsZ9bx:rzZWBhWjUKUnjlGsZT
        MD5:A77F681BE0EFA335EAFC0C5175CCEDAD
        SHA1:511D3078D142C672FEBF012BED412660F88299A3
        SHA-256:434C2CE6CF4E61BB4273C7EFB39565445383CF77A8BEE79C41FFEB5315B6F285
        SHA-512:12C440B9AC908E934BC419A520E2BC8697E42CCC438B46AAC34CE98AEFE816FA18D1F3073C01D59B65FE21AFC65435B27B6D3398BF5361B68DC30630FA4C6C07
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L.....-)...........!......................... ...............................@......d.....@.........................`................0...................!..............T............................................................................text...v........................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-locale-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12240
        Entropy (8bit):6.717763097244974
        Encrypted:false
        SSDEEP:192:YxZJ2WBhWQWYnO/VWQ4mWZG71LrMhEqnajKsZ9Ron:YxZMWBhW+UNjlGsZe
        MD5:0B688C4FCE6D07018D443C1B3BFFB3D0
        SHA1:0F2CF0F20FE7CFAF7F8F27E7AD7D5E1871316756
        SHA-256:FB22B002939BB699BFA1F25B3B4C96E71CB5A737183ABC79A03A22C6D517A1A5
        SHA-512:1F555158A1D98624EF32293B3078F4CC20B1107157E2B48E36D324837151961085275FDD581081FE1E0D62EDCF02197C57FDAE972EA20378BD3E4F84B99BFD3B
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L.................!......................... ...............................@............@.........................p...e............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-math-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):22480
        Entropy (8bit):6.202005954734633
        Encrypted:false
        SSDEEP:384:fQF2KmbM4Oe5grykfIgTmLuWBhW3UnjlGsZN:ftMq5grxfInR09I
        MD5:547E74027B6DB8C65BBEE2707335CDC4
        SHA1:C7CE2446BF4DC38D72EF115BA67086C4F121C7E8
        SHA-256:35E617878BF8B927DF3387C5BDAA4BA94309C7AFB0F901C6A53326C3CC97FB15
        SHA-512:6BD92F9C3DD20B75FC18DE1A88C82FAC4D49B81B652A7DAE109AB64DF5F109E9BBF9842C2BED2148D24368B2F9BE82FB86A824032C073CE37C61C657EDE74BD9
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...h>.............!.........................@...............................`............@.........................`....+...........P...............6...!..............T............................................................................text...7-.......................... ..`.data...@....@......................@....rsrc........P.......2..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-multibyte-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):19920
        Entropy (8bit):6.204292997926146
        Encrypted:false
        SSDEEP:384:/7aLPmIHJI6/CpG3t2G3t4odXLtWBhW+Upz4UslGse3PG:jwPmIHJI6OhUS
        MD5:5A82F00442E6C0558687E4C8FFE8D00C
        SHA1:98794532EDD7627D8D4EDDD064D314C2681F8E78
        SHA-256:559286B7F6B575E7AD881824364D5F1790669917C55EB6AA073DB0B9068AEF78
        SHA-512:6CEDAE2F524AE6CFD16896653957431E8D4647050EC405977CD957E8B8E2CB120E525CC16BAF7382DF7E5048DBB574EE509481E7F11477462B5AB0AFAC89349F
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...r"A............!.....$...................@...............................`......#.....@.........................p.... ...........P...............,...!..............T............................................................................text...d".......$.................. ..`.data...@....@......................@....rsrc........P.......(..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-private-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):66512
        Entropy (8bit):5.530731860428242
        Encrypted:false
        SSDEEP:1536:V8tbDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPgynT:qtDe5c4bFE2Jy2cvxXWpD9d3334BkZnA
        MD5:A407FC4E6705A7FFA7CDD8264266FBE4
        SHA1:7DAD59D1A1A626A483E1EAFB839E9859CA99C6F5
        SHA-256:BE86CF37B09C08EC4EB3CF7E8403C7BB86EE80441323906D0DDACC884F3C79E4
        SHA-512:E8BE910F4BDAF997838F783668457A207D990E40D62C145E7387049B1F81D21299A10B91E141307630A792D0CA226F8235D311263DBBA8493829B82E547F6932
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L....m.............!.................................................................\....@.........................p....................................!..............T............................................................................text............................... ..`.data...@...........................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-process-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12752
        Entropy (8bit):6.618753441548937
        Encrypted:false
        SSDEEP:192:4kW9wF5uSqjd75WBhWUWYnO/VWQ4mWGxVyILrMhEqnajKsZ9h16boE:4rcuSYWBhWCU5jlGsZPcP
        MD5:80A4CBB957D7222EE43917B149E93C53
        SHA1:01603F8F1642D624BBA3BD45C5D73D9D10001BE4
        SHA-256:C24FDFD9BA4701BFFB2AD840FFE315CD807BEEA6748B97835E0675C35DD13F47
        SHA-512:9C981D3EF9FC22D4C459A0139621D6DACC43A6C343462FE71A0BF885C3258184A6C4F4AB11B8E1429C11319FC0401BA6EB64E50B4629DA94D177165BC44639E1
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...*4.............!......................... ...............................@...........@.........................p...x............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-runtime-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):16848
        Entropy (8bit):6.37698990107166
        Encrypted:false
        SSDEEP:192:O9DMjOOfhrpIhhf4AN5/jifWBhWGWYnO/VWQ4mWHQx4EHsqnajKse3pJV:O9ojOShrKkWBhWsUL4UslGse3Z
        MD5:898F86B6B29142428E92956F9043FCB5
        SHA1:89970BCA1287CD9A28AF90B1C7E61CFAD6F8D716
        SHA-256:7D6F4E5C3AC9DC87FC962F515A0173D75718DA6B6FFCFF4F9255C109E7FE7A18
        SHA-512:A5444063C70A790EE9A339EF45644704CE75824D007F90CFA570C7C3E8DEB0DD7852A9F7B97CF0AA82AAE05D6FC0CDAF618DF9BB7BDADF39B6DC609A40F2C363
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...z).............!.........................0...............................P...........@.........................p................@............... ...!..............T............................................................................text...5........................... ..`.data...@....0......................@....rsrc........@......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-stdio-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):17872
        Entropy (8bit):6.410004360781716
        Encrypted:false
        SSDEEP:192:/y4x+m9uWYFxEpahfWBhWzWYnO/VWQ4mWLw+LvtugoqnajKs0VvY:xx+tFVhfWBhWzUuv0nlGs0VA
        MD5:4D46C692A087DAD81BEEC8211F67F4A3
        SHA1:DEA942FF2135EE50FC45861D7D6F9CBD8817316B
        SHA-256:DD4A1885415CF5C37471B18FBD9211E0B4887D0456A3320D0213FDDC4209E66D
        SHA-512:D48FECDC6179C193349934F3D14A1C5196F832364F89EDEADC55329CA6E4899D49659B87EF6C06ED741012F96F10FD5C8B04497411E95880728FDCB79DC61558
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...*..............!.........................0...............................P............@.........................`...a............@...............$...!..............T............................................................................text............................... ..`.data...@....0......................@....rsrc........@....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-string-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):18392
        Entropy (8bit):6.292455454608518
        Encrypted:false
        SSDEEP:384:7KgSx0C5yguNvZ5VQgx3SbwA7yMVIkFGl7WBhWSUesln8ppy:Gx5yguNvZ5VQgx3SbwA71IkF19dvy
        MD5:C3F7F531A0F4A3BC4DEF8191803336D3
        SHA1:68DCC28EE07004823C1ADDD65C478ADA06A8708E
        SHA-256:DCF381E5995FA69E3902A3F49464EC5A35F9E78A55444B24F49717512FD37372
        SHA-512:7784AAD3546620D9EB802C65D50DFAB4AA32F15D32B8D71F16D92E5446394F9B521527668E547C3EFDDB959DDEDEB623A880975CB0751FE1B58BEF94689B71FD
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L......b...........!.........................0...............................P......@.....@.........................p................@...............&...!..............T............................................................................text...O........................... ..`.data...@....0......................@....rsrc........@......."..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-time-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):14304
        Entropy (8bit):6.557683602083814
        Encrypted:false
        SSDEEP:192:IugzjVDuWBhWlyWYnO/VWQ4eWuya4jqqnajN6z1zX:IuA8WBhWloU00lp6z1z
        MD5:AE8E8A8CCDDD31C6E93C23D66CC2C7CE
        SHA1:E49D67BF5B5E5A1B5F2564603AF59523305AD3C1
        SHA-256:66E10B3EAFB86BD0B31C3AA494DE64F01B9908B90022D1C6577FD639C337CDD0
        SHA-512:F85D2ADD7EAEFB2D49D0E776720DB659587DC884D943339DE8F95354C965F86D36D06A3DE81EF5673EB18BF0E84F660B76EB19BF4EEA73BDD51A497C2ABA85E6
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L......D...........!......................... ...............................@......VK....@.........................`................0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\api-ms-win-crt-utility-l1-1-0.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):12240
        Entropy (8bit):6.694309765478122
        Encrypted:false
        SSDEEP:192:cCnfHQduLWBhWpWYnO/VWQ4WW6SbgoqnajKs0V6f3:cgfFWBhWpUAbnlGs0VI
        MD5:23555460EB85D497549C959179118690
        SHA1:704E67C82FCD099E36958429EA65C24DBB4728AA
        SHA-256:C4073E7FEFDBD189C61F63A6C8AFD169F35E2272B035ED49B6517419CC7114D9
        SHA-512:8151BBDF18A420B5B5E7CBD4F3C3D66100469088986FC4FFA893F1DE2E850FEF1FD1E2F674057130336C3FB4E0215008CF6FFEE4164BC1DC5E87BEF6B79E73C8
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~v..~v..~v.5.~..~v.5.v..~v.5.r..~v.5....~v.5.t..~v.Rich.~v.................PE..L...f.>L...........!......................... ...............................@............@.........................p...^............0...................!..............T............................................................................text............................... ..`.data...@.... ......................@....rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\awt.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):1303040
        Entropy (8bit):6.574171008377848
        Encrypted:false
        SSDEEP:24576:syHfb94EA+3D+crQcmZD3a8MszHfeU4f0eM8wrq5i4ikXB0Xi8Md4oy2J1:/eycNciXiNryE
        MD5:9E24051A4F890EA6CB7ECA4F03873E92
        SHA1:99CD15E873E5FD4687887A998E5BE8186FDCAF39
        SHA-256:25701FECC45301E864D0D033A509951E5D1346D53A313495C201222C32B08D4F
        SHA-512:E8B694BF40C765350190573B3BC49693C7DD569EF5AC601C797FA770D857236C88835E0A7E6C1BAF056F44ADF0B17E1A44E0D99AA7079E75C63DB1FAFA84A5CB
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........t..'..'..'...'..'..&...'..&..'..&..'}.&...'..&..'!.&..'!.&..'..'...'}.&...'}.&...'}.&..'}.g'..'}.&..'Rich..'........................PE..L...v..............!.....`...................p...............................0............@.........................Pr..0....(..|........9...................0.......\..p...................@].......[..@............p..(....L..`....................text....^.......`.................. ..`.rdata.......p.......d..............@..@.data.......@...|...2..............@....rsrc....9.......:..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\client\jvm.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):5315584
        Entropy (8bit):6.77885202565967
        Encrypted:false
        SSDEEP:98304:GLoBnyOU01jEhuKqvcVa+21e3XRP2/uQ7/h2OrGLDNeNKonpw3WqgyntfGtptEuR:GLoByoEkKqvcVanc3XRP2/uQ7/h2OrGw
        MD5:4561A29E18F3A0D185CE3179C8B59811
        SHA1:410B2874E370B5848A7E74B3FF5F16C68B348BB8
        SHA-256:2CC85ECD791D0BB0E9F995322E4BC4C27ADFDEC2F6B555B9F228F429A3D6F281
        SHA-512:0D8AC1E7EA1685338E3587301A0B82A2BD70408025F0334A2423310C0430E8D41903048B6AB561B71D20B4CABDDBB03D928EED9BF9B81D720CBA3A4B32468716
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>...m...m...m..Km..m...l...m..%m...m...l..m...l...m...l..m...l...m...m..mA..l...mA..l...mA.'m...m..Om...mA..l...mRich...m........................PE..L...:..............!......=..:......R2=......@=...............................S...........@...........................I..6...GJ.h....pO.@.....................O.8...@.E.p.....................E.......E.@............@=.@............................text....,=.......=................. ..`.rdata.......@=.. ...2=.............@..@.data...P....`J......RJ.............@....rsrc...@....pO.......M.............@..@.reloc..8.....O.......M.............@..B................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\dna.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
        Category:dropped
        Size (bytes):2701824
        Entropy (8bit):6.397087659167403
        Encrypted:false
        SSDEEP:49152:HW7Qusws1Lm87loZJ05vNJcFHEVJx7iSatdWUz1zq4NarrDvVwaTRpEgUdM:HW7m/7loclcvNtrtZaXrVrzEO
        MD5:43A4F194D1BD475DF8BE444A3A541A9E
        SHA1:6AA5591C56186B378654D717890E7A7EF57E2E06
        SHA-256:19B75CAFB9A376EA352CB7DB5BCBD7B83D8CC32CFED067D41EFC0167FF0EBB8D
        SHA-512:534AD7C5785910209C63DDE4B48AA6BDD7CA1ACFD6731E7CF166FAEC810846C5CA81844311C086DB352BD0A839B50707F2C5DA6B84AABAE59423DD5E36D29891
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#........'..do...,........................................).......................................&.x.....&.......&.`.....................'..*..................................................$.&.H............................text.............................. ..`.data....'.......(..................@....rdata..(...........................@..@.bss....do....&..........................CRT.........p&.......%.............@....idata........&..0....%.............@....edata..x.....&.......&.............@..@.rsrc...`.....&.......&.............@....reloc...*....'..,....'.............@..B........................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\fontmanager.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):707072
        Entropy (8bit):6.680629415868332
        Encrypted:false
        SSDEEP:12288:L/05aO7jk9/OgHnjCAlwD4X7/TkcrFWhW0/X6:Q5aCmOAlwD4XzTkoqW0/X6
        MD5:FFFC4D904B2EE6EF06084126EFC54723
        SHA1:3F9E9E5E1B2164AA7D4B80EB52A2FC0E7742D612
        SHA-256:BEA9A43B793EE5E9EC1FE3A4A8FB66C70EA27EAF1D340D8CEC65894563CAE45B
        SHA-512:C7CFD183DEA2A77FE85C264743D362ACBF3045A3100A000CB0BF4595A6B87855752D221E51D4C3DE254FA256018262C49617070F7F66F984BD1B1D1BE1B21A5C
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u..1..1..1..8.K.?..c..3..W.%.3..c..?..c..;..c..6.....9.....6..1..............9.....0....'.0.....0..Rich1..................PE..L...Uo.S...........!......................... ............................... ............@..........................}..X...X...@...............................|C..@q..p............................q..@............ ...............................text............................... ..`.rdata...s... ...t..................@..@.data................z..............@....rsrc...............................@..@.reloc..|C.......D..................@..B................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\freetype.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):444416
        Entropy (8bit):6.7233291629141805
        Encrypted:false
        SSDEEP:12288:uy+KmKfK2G6pZsoLrYRnSftcE9AHRfEWm:uy95stRS1zA6Z
        MD5:4A2588F93EFC2DD881FCDA0FDEBC3DA2
        SHA1:BBFE68DB7AA602FCB2EE40B97188509C55C438BF
        SHA-256:DEB6FBF34937D6E0AC1ED440394432DCC54414D41BFF541BF461E248C93C037B
        SHA-512:10FC0614B9C232688756F66D6D95AE9090BFB4163E10C9B5F6E2714978F60141EF3903A238715BE545748686249CF87367C423C8EDFA93F6DF884112810BF512
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T..w:..w:..w:......w:...;..w:.v.;..w:..w;..w:...?..w:...>..w:...9..w:.*.>..w:.*.:..w:.*....w:.*.8..w:.Rich.w:.........................PE..L.....}f...........!................|........0............................................@............................................................................p...............................@............0...............................text...<........................... ..`.rdata..Z....0......................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\j2gss.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):33792
        Entropy (8bit):6.153540960210045
        Encrypted:false
        SSDEEP:768:SeJRbKoEKPizoqi/qDXTbCa3qkwi2u1yjklsd6TeLt:eFP73Ca3qkwi2uojklsd6TeL
        MD5:688B661C699D297FA91BF1CC9496925D
        SHA1:9736E9A110CC9B2EFF91BF61F714781F519659ED
        SHA-256:E906AC8AEEAE701DC610DDB8DD8211C713FE578802E290D0D23744AE23F53EC5
        SHA-512:1442B3C65F047ADEE713BE3B8012DD37E25A019D641237AA6520A95FEACDDE7A5FD9D74E14AA5B75C384BA8EBDF1FB98692A853E563EEFFC71FCB2EC4A88F404
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Y..............~............m....................................1.......1.......1.......1.......Rich....................PE..L...(.i3...........!.....B...B.......G.......`............................................@......................... ... ...@...x...................................X}..p............................}..@............`...............................text....A.......B.................. ..`.rdata.......`...0...F..............@..@.data...,............v..............@....rsrc................x..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\java.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):116224
        Entropy (8bit):6.676393258155189
        Encrypted:false
        SSDEEP:3072:paqXlHyktTPKrh9kUQsxIftGTAnbNrcGbQa:pZFykEhGIB
        MD5:ADE0F55D07E461AFF38C5FB4829B2621
        SHA1:66E55A36A1DA7867135FBDED13F2A047F061440D
        SHA-256:F2A78836F090A8799A0EAC139E65933AEAAC2EAB6ACC63F9F603B0EC7B279B00
        SHA-512:143CF638EF0226AC38AFF582C37F09A65E88F21DB5AE8CBB9373216D2344AD251D3645618E3AE465F8CA01761D6D555C9C5724E49CC75D9BFB5247BE645FB3AC
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=[..\5..\5..\5..$...\5.)4..\5.)1..\5.)6..\5.?,4..\5.)0..\5.?,3..\5.c)4..\5..\4.]5.c)1.\5.c)5..\5.c)...\5.c)7..\5.Rich.\5.........................PE..L....._............!.........................0............................................@..........................R..hA.........................................lM..p............................L..@............0.. ....Q..@....................text............................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\java.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):37888
        Entropy (8bit):6.199341275883711
        Encrypted:false
        SSDEEP:768:0/WrG/tM8vM5R2TyJ5R3s8D/bkt5Ruz3Vb3pRs5T:0/WS/dM5RdJ5R3sozkt5RA3pRs5
        MD5:61614DAE01803AC917287B511101C3DB
        SHA1:94296ACCF74389FA1CF94108A9E402AE268F8B84
        SHA-256:0EB74B638CD964C0B29E6F67B9AA266B0FA9A48352D08419BC1D728369948BA9
        SHA-512:073EF0D5EBD1900FA3C889FD3CC610715C946D295CBD23A20B1501F41681396F590835663F8A1A477CDC2C43C5D5A160821912A113116602B796FF52FCAB2F99
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................s.........................................Y...............Y.......Y.......Y.......Y.......Rich....................PE..L...Yr.............................~........ ....@..................................C....@.........................P&..@....&.......@..Hn...........................!..p............................"..@............ ...............................text............................... ..`.rdata..0.... ......................@..@.data........0....... ..............@....rsrc...Hn...@...p..."..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\javajpeg.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):140800
        Entropy (8bit):6.4367807686163525
        Encrypted:false
        SSDEEP:3072:nDk3B+ABFXE4aDOGHbfeGnmNMtDUUUASi14vk2pE5:Dk3B+SFXE4aDOGHLL/cFvkd
        MD5:6AF183D27F44CB749BF55D474F02B33E
        SHA1:E253EC96F965CCFC853A4BFBADDF430EC06BA3A2
        SHA-256:A3CF0A3171B2036292CF23DD923E8576CDA893251D5FD899C5F742FCBFB62509
        SHA-512:89861213AB2F72136B5A6A41C9E2814D22C4BD453708CD8FF118107696C1D9C9C8E379AE3B9833A7F641882903A3A1867AC327967AA5DEB314AE7884616FFFC7
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F......................P.............P......P......P.................,......,............}............Rich....................PE..L......i...........!.........H......W........................................`............@......................... ................@.......................P..0.......p...............................@............................................text...)........................... ..`.rdata...4.......6..................@..@.data........0......................@....rsrc........@......................@..@.reloc..0....P......................@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\javaw.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):37888
        Entropy (8bit):6.202871651600686
        Encrypted:false
        SSDEEP:768:VAziajzM5R2TyJ5R3s8D/bkt5Ruz3Vb3U+r5:azLM5RdJ5R3sozkt5RA3U+r5
        MD5:777CAC3523828605EE329E372AFA9570
        SHA1:C1EFEF51F323E3BA27E35B6979F1EB74F98D9157
        SHA-256:0F88DA0A2E3AA557ED24C758C72EF69FCE2898CB8EFF8D2CC2FA16036EC61ED4
        SHA-512:1DF4D7AC8EAD2A150229FA8CE6F50F567C68416639E97CE57AB25C92685B91E771832A3A4D624A0035BB46FC69EFD89F6DDFD0C7C66D3645F8057E860D1ED254
        Malicious:true
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................L.........................................I...............I.......I. .....I.......Rich....................PE..L........................................... ....@.......................................@.................................<&.......@..Hn...........................!..p........................... "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...Hn...@...p..."..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\jawt.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):9216
        Entropy (8bit):5.156022742858668
        Encrypted:false
        SSDEEP:192:Uyx7G4o41NyvUdZtzQi9L98LjOTpmzPRts6lu8RlN:UysKNBdnQo8j37RyURl
        MD5:37829FA6C09A1DE70475F2D562CE276C
        SHA1:66022C315F9B38519693C5B97A00D154C069B294
        SHA-256:7194E616CA841B0628B9E7F45F3B0C470D25B0D4C5CD41D0485DFBA504261AC1
        SHA-512:DE352D83447D2716E1C75E9DB9834059144BAB3C86FC7CED9F8F360D5EF5D68C2AF2AC06586A3789205468CB33E3FAD5A3FB0BD84527A73D9C71A7FFDBDE8F45
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M...M...M...D.Y.O.......O.......F.......G.......L.......N.....O...M...j.......L.......L.....5.L.......L...RichM...................PE..L......&...........!......................... ...............................`............@.........................`%..L....%..d....@.......................P..`.... ..p...........................0!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..`....P......."..............@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\jimage.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):18432
        Entropy (8bit):5.823283435150848
        Encrypted:false
        SSDEEP:192:RWfQMW5PpwtopsVrzfPhiGbDc2qlIupq5I2MAqcjO1oHr8d26G9eYEljs9HfrN8P:MvAu2uZzfpiGbFT5IeqcjhL999HfrN8
        MD5:3B76754411B148CDD972BA0CA060F9BC
        SHA1:0FF74CDABD78907C3922E4181A9B58D943765ED0
        SHA-256:F64FE42E360A4746E0A2A28CBF48AACFFCAF4A739B16503314FB663763E30575
        SHA-512:EBEEA757F818A697F2FEB3E34317A779ECB43BCEE92E86F2EB3D7BC25D00C16F670CC146AEE2D89B52DB6D97A1EF1AF89A1BF74564508F0206F4F9DDEE37A4BB
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K.............W.............0.................9.............................l.......l.......l.;.....l.......Rich............................PE..L......]...........!.....&...".......*.......@............................................@..........................K..$...4L.......p..........................P....B..p............................C..@............@...............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data........`.......>..............@....rsrc........p.......@..............@..@.reloc..P............D..............@..B........................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\jli.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):68608
        Entropy (8bit):6.823089556404005
        Encrypted:false
        SSDEEP:1536:5zP6VBc5yzrThwnQVumpIODPnToIfkzIUhwWRRQm:5zP+BmyzBwnQVumDDfTBfathw4Qm
        MD5:7E2A6F8DF5E8282020B9528D4FD11607
        SHA1:58C520450DEA71FBDDCBDD8AA601BD82444AB257
        SHA-256:8F228CB7005DBB91F3214518F735A34A7CA0FE9797BAF47E9EE52B6274A55FCB
        SHA-512:225D59E45CE6F2A74DD3BFE9652C7D1D41FA0821C4F3354BE8927B70545EABD965F8AF7533230B2A8A6CA613A6157FCDCE51D4275918D229853798554B9A321E
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........c..0..0..0..n0..0...1..0...0..0...1..0...1..0...1..03..1..0..0...0o..1..0o..1..0o..0..0o..1..0Rich..0........PE..L...GO.............!.........n..............................................@............@.............................t...T........ .......................0..0...4...p...............................@............................................text............................... ..`.rdata..`Y.......Z..................@..@.data...............................@....rsrc........ ......................@..@.reloc..0....0......................@..B........................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\jrunscript.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11776
        Entropy (8bit):5.564478703467656
        Encrypted:false
        SSDEEP:192:IujeUrZfvE3Cq9TjOlmTaP70lls82J5pz6ERxa5ARK:pjeEfsyq9TjGmK982HRo5AR
        MD5:30B93A22915353ADF3E985735A2324F9
        SHA1:9D7FC5D2E09995AADCF1EAABDE98AFD78A52F40B
        SHA-256:2BA582F71263B9357D02B09D4B24040448BB43964308BD45893E5E10AFF4A5DD
        SHA-512:5D167480DCB9BA4D53E33E752502D362561C991C27C7901503C1F323A4B1F228E132DDFE74EFE3D3ED6E58F859D8E331B743AD9C1EE0F650FE584A63C8B89643
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................s.........................................Y...............Y.......Y.......Y.......Y.......Rich....................PE..L.....c...................................... ....@..........................`...........@..........................&..H....&.......@.......................P.......!..p...........................p"..@............ ...............................text............................... ..`.rdata..x.... ......................@..@.data........0....... ..............@....rsrc........@......."..............@..@.reloc.......P.......,..............@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\jsound.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):40960
        Entropy (8bit):6.4391165971672475
        Encrypted:false
        SSDEEP:768:0OvuheALy7FZwYV8qwFW4ahh1fT4JQc3tOF4r2c4vZOJAA:0OsLy7FZwYV8qwuh1b4JoF4n4vZOJA
        MD5:AB00C17B04E12E9C35F7891A5297ABD4
        SHA1:ABF9CB1412115AC156A1857A6F588A44C79BF5FA
        SHA-256:4959A9F8111CD761C91A15FF867B39B6AA5623E6F26E4B1BFB07FBD96A402435
        SHA-512:C324F2B3DD45F491565F24E13F038FB439D5153EA743A2B290EF0E512EFFA85C24D1368D17F5C23AAF2BD1D0774705A5FDFA91B822BBADBB6786C2B2800E3037
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................O................................g............;......;......;......;.#....;......Rich............................PE..L...p.=............!.....h...@.......n....................................................@.........................................................................|...p...............................@............................................text....g.......h.................. ..`.rdata..4&.......(...l..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\keytool.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11776
        Entropy (8bit):5.5467659869352826
        Encrypted:false
        SSDEEP:192:2pewRb5f3E3qD/n/JGI2jOKcc1PjGlls82J5pz6gKOa5A+qK:2pewff06D//JG9jhcir82bKj5Az
        MD5:1E6AA2909616631AAAC5C8D37C96FB70
        SHA1:A47E288A5035666CE3C6DD32E3DB41089647E202
        SHA-256:1EB0DE3ED0CCF1AFE1D696C2CA58642A7049B660A9B9822161F18FD6C3FE7CE5
        SHA-512:30778D54855D79A02DE010DB1C93B45E647744B4BD851F098C9B11895FFEA5D6EE690617FDD471C7846037796D89E7E8AAC6D95D64CA236739BDAF9BA074CB4B
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................s.........................................Y...............Y.......Y.......Y.......Y.......Rich....................PE..L....Z.B..................................... ....@..........................`......M.....@..........................&..D....&.......@.......................P.......!..p...........................H"..@............ ...............................text............................... ..`.rdata..t.... ......................@..@.data........0....... ..............@....rsrc........@......."..............@..@.reloc.......P.......,..............@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\kinit.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11776
        Entropy (8bit):5.5557421672725456
        Encrypted:false
        SSDEEP:192:55ewRb5f3E3qD/n/JGIrajOYDMNPjdjlls82J5pz6wPEQa5AAK:55ewff06D//JGEajjIpJ482DPEZ5AA
        MD5:23015C30E3223AE30DF9D6B9C03C5F39
        SHA1:E66C83E06B514750C78E5D7DD1146737806A4483
        SHA-256:984EC51776C8205155FD4C147364D636BD61F40D6FF703F3D8E3A931F81E30A6
        SHA-512:B9F2B22BD491D920A29E04F509CC0EA7B915642FA2D3A2F5B0A9C4048288057039C0BDCAF1B31C15ED37588EA023CA2B53F149617B750331F0D3B1A98D99AF1F
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................s.........................................Y...............Y.......Y.......Y.......Y.......Rich....................PE..L............................................ ....@..........................`............@..........................&..D....&.......@.......................P.......!..p...........................X"..@............ ...............................text............................... ..`.rdata..t.... ......................@..@.data........0....... ..............@....rsrc........@......."..............@..@.reloc.......P.......,..............@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\klist.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11776
        Entropy (8bit):5.55385782736454
        Encrypted:false
        SSDEEP:192:z5ewRb5f3E3qD/n/JGIrajOoLPPj1lls82J5pz6IUqa5AAK:z5ewff06D//JGEajTjC82bUn5AA
        MD5:7E5D3DD741C932F221B5AD2221728296
        SHA1:26435F7A82477FABCE837A439BF541F33933AD4E
        SHA-256:30B7A484A2E2CF1BDEA444C1F44561BAD388089155E3ACB093D2FC52EDA19B91
        SHA-512:A4054DB69A4412A878700E26B5F545248D2269C721DA8C81C3B99C70EA07993E7AE3A65050C410FDBC7C0D71EE5FA6C80BCCCFEE24FF5A84A7E3B4603248CF12
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................s.........................................Y...............Y.......Y.......Y.......Y.......Rich....................PE..L...C..!..................................... ....@..........................`......%.....@..........................&..D....&.......@.......................P.......!..p...........................X"..@............ ...............................text............................... ..`.rdata..t.... ......................@..@.data........0....... ..............@....rsrc........@......."..............@..@.reloc.......P.......,..............@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\ktab.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11776
        Entropy (8bit):5.5502642163327875
        Encrypted:false
        SSDEEP:192:75ewRb5f3E3qD/n/JGIrajO8nAlPTfAlls82J5pz66hRa5ACK:75ewff06D//JGEaj7OZ82FhI5AC
        MD5:A84228B4062901C51499E82BEAE51694
        SHA1:EFAEF972104F7F9CFE4E8433986A45DC42E85495
        SHA-256:A3F1579DED60F2A512B0D62C4E08E8105ECA0987419B20FE88A25881E4E086F7
        SHA-512:4E286EF2A9493C146615BFEB2E2059A079583A2E8DE469A314F9DD49445BFC27C0FE9FA60E8E7995E9AA2D2A54875CF675AF636292B1A0BBDD12A096AA5F209E
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................s.........................................Y...............Y.......Y.......Y.......Y.......Rich....................PE..L....7....................................... ....@..........................`............@..........................&..@....&.......@.......................P.......!..p...........................X"..@............ ...............................text............................... ..`.rdata..p.... ......................@..@.data........0....... ..............@....rsrc........@......."..............@..@.reloc.......P.......,..............@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\lcms.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):202752
        Entropy (8bit):6.380030505350821
        Encrypted:false
        SSDEEP:3072:klvE1MyCBrxke9+z09VYtuv3Okv4w4IR94gY10BWM3q2Ku2d8wu7Qbw+DHDhv10f:kQYxv+ft6lzb7aWWduKgADhv109Ff
        MD5:58CABC6A7DF21C2486FC0F50B15BB121
        SHA1:C320EDBC3BFD7FDDC3538FA875DB0CB600EAA6CA
        SHA-256:570A9532EF2157A82CD2B50C86CD4107E23719EC5C9AE18278CD12F100E15277
        SHA-512:3DA9D2276E79A0B5EA06F63C25FC33E07C2348D08736A3485D6EDA0BCFB1D270BA3653BB66CB03ACDE6ED800CB7CAB51CE3CA4CD524CD78DDDDEFB787895E96F
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Fo;.'.h.'.h.'.h._.h.'.h.R.i.'.h.W.i.'.h.R.i.'.h.R.i.'.h.R.i.'.hER.i.'.h.'.h.'.hER.i.'.hER.i.'.hER.h.'.hER.i.'.hRich.'.h................PE..L..................!.....t..........tz.......................................p............@.........................`...(............@.......................P..........p........................... ...@............................................text...Fs.......t.................. ..`.rdata...].......^...x..............@..@.data....E.......*..................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\management.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):16896
        Entropy (8bit):5.499534311795455
        Encrypted:false
        SSDEEP:384:fPM9VdAZapijhLAT8jp/KtEarvHvuvvFtYRmdvuH6:2aaYR8UKtGFtY2uH6
        MD5:E624C057B4443DEC7E90A8F2FD79B7F3
        SHA1:44F2247E4099531CB5F7D5BA04B2C77B41626943
        SHA-256:56B201116F0C1083E058918B7572BA112CA970FF18B710B534D7E1336656D962
        SHA-512:22BCC69824AEA987AF0490C2903D0E60ADD98412CD09F35687DF1EFF390D3997C9DA2C1C51E41EE2C367D436B3115D80DC7512F7FF409FE60C49C86E908857C8
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[..w...w...w.......w..v...w.o.v...w..r...w..s...w..t...w.3.v...w...v...w.3.s...w.3.w...w.3.....w.3.u...w.Rich..w.........PE..L.................!.........*...............0............................................@..........................6......pH.......`.......................p.......2..p............................2..@............0...............................text...X........................... ..`.rdata.......0......................@..@.data........P.......8..............@....rsrc........`.......:..............@..@.reloc.......p.......>..............@..B........................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\mlib_image.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):409600
        Entropy (8bit):6.485952021660731
        Encrypted:false
        SSDEEP:6144:tNWV8pb1V2XfVW5x6Rv3FAqKcyIn5jzVx++AilRVfzD0Hq+Qk:tNWV8pb1MmkRv3FAT2Rz6+Ai3VkxZ
        MD5:F08FCF0CEDB33F51CFE00260FDDA08C4
        SHA1:6F34D25161D734808915510E68D240A8AA723251
        SHA-256:F2583C7B0764F283512D14F3CF7492AAE6BE7556390C62E7B342467F14737CF5
        SHA-512:DBACF5C2CBA40164E2063114E5E4667E1BB211AE7DC3900F7FC233E6EC96D81290AFAD5D9EE04C1CBAB5CD51DBF2CB5584A95C7C2F5DD5F9A62D35949BBE3625
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w.\^...^...^...WnV.X....c..\....f..]...^...x....c..R....c..T....c..Z....c..l....c.._....c:._....c.._...Rich^...........................PE..L..................!.....f.........._l....................................................@..........................8..$....9..d....P.......................`.......3..p...........................`4..@...............t............................text...Gd.......f.................. ..`.rdata...............j..............@..@.data........@.......(..............@....rsrc........P.......*..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\msvcp140.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):436616
        Entropy (8bit):6.647453543674329
        Encrypted:false
        SSDEEP:12288:/gc0BGzePo6+J+4P0xYv7IQgVhUgiW6QR7t5s03Ooc8dHkC2espkWK:R01Po6+J+dxYv7IQgy03Ooc8dHkC2egD
        MD5:0A0042FE544C91CD57BC2F7EF40BB974
        SHA1:8BF31F44BA3E47B8B186C3D8CC219A4D2F67DA63
        SHA-256:4190F0A1306257CED4975448794E1D42BE312E334FFCCFB4910A4A39CDE9DF57
        SHA-512:C4C56C06CD40213EBDCEAD6A256510B44BEEFC3A18D7F84EFEBCD05BAC7BB1B942F97B7F7798420CA8FF0C1592F32301D751554FB63125B4703FEADFCED2F6BE
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.. 4.os4.os4.os..nr6.os=..s".os4.ns..osf.nr7.osf.kr?.osf.lr<.osf.jr..osf.or5.osf.s5.osf.mr5.osRich4.os........................PE..L...+.-a.........."!.........~...............0.......................................o....@A.........................T......<c...........................#.......6...W..8............................W..@............`..8............................text...b........................... ..`.data...L(...0......................@....idata.......`.......2..............@..@.rsrc................J..............@..@.reloc...6.......8...N..............@..B........................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\net.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):71168
        Entropy (8bit):6.426486860984056
        Encrypted:false
        SSDEEP:1536:PeDAUeS9+jTHuedzlu1jFTdyZMh2VeUhTdtGVWS+h:+AEITu51jFTdyBXcVWS2
        MD5:F97578BB2A6AF29BBE82690D266D1AFA
        SHA1:B477FF07F24BA8203651335ED189D90CFB5CAF56
        SHA-256:E48D431AE9A6B3803FD333617AF80EC69449574DC86A786801920484E5E0472F
        SHA-512:8289B738247130026F191A5E4A3A427DE9309F39BE7A12C2D9B9841DFBAA177E2835314C166AC81518F8C76A370DF19D0DAD76D87C184CC8DFFECA050D603157
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4..Z..Z..Z......Z...[..Z...^..Z...Y..Z..._..Z.P.[..Z..[.e.Z...[..Z...^..Z.P.^...Z.P.Z..Z.P....Z.P.X..Z.Rich.Z.........PE..L....W8x...........!.........h..............................................@............@.........................P.......X........ .......................0..........p...............................@.......................`....................text............................... ..`.rdata...L.......N..................@..@.data...............................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\nio.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):55808
        Entropy (8bit):6.428559994024487
        Encrypted:false
        SSDEEP:768:5yIFdHQi6+6IPHP9FryGp83NwPkbp/6PZ4CbqdpLBXHgrG1+IjGeHwqCdLBXkZDW:5y+HQO6OHCxJ1/mvq5ZDfNxf
        MD5:4220996BD4C1D23296F50E2DA94A5457
        SHA1:2687788CE196A19969A8A5C72D076F16153A5876
        SHA-256:DAA6706D802DFAEE49299D2520A89D6E9AD8E377632F0C118A47219B601B3254
        SHA-512:1DFD0BE37B90BE6C5B431E5E1FD0F36608B6B7FA653E4E84F713C104720DF9230AAF026ABA0E67AD6A794D790A0E414A3F5FE0BE791B4F52524859E6B6F01E82
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................._..............................................A......................3...........Rich............PE..L...>y.7...........!.....t...h......K{....................................... ............@......................... ....0..........................................\...p..............................@............................................text....s.......t.................. ..`.rdata...S.......T...x..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\prefs.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11776
        Entropy (8bit):5.383484517687554
        Encrypted:false
        SSDEEP:192:maQjw4Mb2uWP3Zlgz03/DPQWOjOjyKNg28XtVb5lneccNt3ljsvjEjYP1ie2:mAbggzMDPojYyKNr81lneVNtuvjEjYH2
        MD5:DE991DC8988607BC9CE7B22EF04665ED
        SHA1:652CE353CD19B29A69F47C603377360337DDE9B6
        SHA-256:9A22CB96231F845550DD5EAE405732D55F25998B69623CE36D3804744D10E361
        SHA-512:A3D70D1054C730AF89913FA38B487B8E593B9475FD2BF406AC04117E0BE8315836A234D78463EAF0EDEF6BCC7528CD9BAB915101AA84AD694497062C7A170100
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:r..T!..T!..T!...!..T!..U ..T!..Q ..T!..P ..T!..W ..T!q.U ..T!-.U ..T!..U!..T!q.P ..T!q.T ..T!q..!..T!q.V ..T!Rich..T!........PE..L...8.............!.........................0...............................p............@..........................5..h....9.......P.......................`..|....0..p...........................p1..@............0...............................text...x........................... ..`.rdata.......0......................@..@.data........@.......&..............@....rsrc........P.......(..............@..@.reloc..|....`.......,..............@..B........................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\rmi.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):9216
        Entropy (8bit):4.930213616309824
        Encrypted:false
        SSDEEP:192:7NF0ozpyCRL0eAi9LFp2LjOORobWs6lubbtzf23:fACRxAoTAjTwDbtzf
        MD5:E7784593C7432D8DCE63F95A4751FB3C
        SHA1:D8A4A247F16BEABD0F1356B1197E595133443836
        SHA-256:9F4AA526779AC8025313A42CBEFF73ED60A883484C3F9D01C851DCAB979B8347
        SHA-512:3CA63E8BBA08CCDF5886FD0609B0FF95C7F4696F3DFBE46ADD34C9531A2BB873BC58D7029CDFCDCAE673218930E0CE681724922BB846AD2F58B8CB2CBD920231
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'.M.I.M.I.M.I.D...O.I...H.O.I.H.O.I...L.F.I...M.G.I...J.L.I...H.N.I.M.H.m.I...M.L.I...I.L.I.....L.I...K.L.I.RichM.I.................PE..L....YM...........!................N........ ...............................`............@.........................`%..p....%..d....@.......................P..D.... ..p............................!..@............ ..p............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..D....P......."..............@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\rmiregistry.exe

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):11776
        Entropy (8bit):5.540967999790028
        Encrypted:false
        SSDEEP:192:ZpewRb5f3E3SD/n/JGI2jO7VXwP73lls82J5pz6ceQa5A+IK:Zpewff0iD//JG9jMVgw82feZ5Ax
        MD5:9412217874607E025FAEC40154B4BBC3
        SHA1:2AAEC40FD27979920D09BF0E79EA21E472CFFF33
        SHA-256:6A2172A9B6DB2F54AB7F9CF76A89FCCF06F6C3B8E4DBACE42467CFE151EAC835
        SHA-512:26214DBDBBC1A5FC17E646B5C84A6CBCABF5887494B9915677A526E65CDAB505E3EA34A2159ED08B87B667AE88F3152C8B58649B46D7395C7D30B430AC57339D
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................s.........................................Y...............Y.......Y.......Y.......Y.......Rich....................PE..L...}.o...................................... ....@..........................`......P.....@..........................&..H....&.......@.......................P.......!..p...........................H"..@............ ...............................text............................... ..`.rdata..x.... ......................@..@.data........0....... ..............@....rsrc........@......."..............@..@.reloc.......P.......,..............@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\server\jvm.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):8404992
        Entropy (8bit):6.767421080836342
        Encrypted:false
        SSDEEP:196608:No3CGbOh15QynCivkgo25cwa9hagdCLWG8V7C4DjTwh/uLGSdCFBGwe2YAgmpWpZ:W3CGbOhHnCivkgo25cwa9hagdCLWBV7v
        MD5:5D52B30FB84AA476E3E55D2ED93A8581
        SHA1:EFB96C941F4F966739CACE6D06E96307AF1E150F
        SHA-256:3C9B1D2DB9F38B849BA8E7494BBB9A7BFFCCA6F8A97BFA4B32E18FC8E6DF5AFF
        SHA-512:59FF7AA2775FC4E54C5B8C75CA320EDA26977DF715ADF6B28C74E5C94C55AC3866CD7852C622212FAAE8CD3ED1B14D395036F6D9649F290DDA3890F6D52E34E5
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x[...5...5...5..a....5..l4...5..v...5..l1...5..l6...5..l0...5.*i4...5...4...5.vl0...5.vl5...5.vl...5.......5.vl7...5.Rich..5.................PE..L...<..............!......]...$.......].......^...........................................@...........................r..-..h7t.h.... {.@....................0{.....,.l.p.....................l.......l.@.............^.P............................text... .].......]................. ..`.rdata...?....^..@....].............@..@.data........Pt..4...6t.............@....rsrc...@.... {......jx.............@..@.reloc.......0{......px.............@..B........................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\splashscreen.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):179200
        Entropy (8bit):6.801985240387737
        Encrypted:false
        SSDEEP:3072:RrwGlwhGjgAdKp57eNTMEExlm5ebFKliGlrPN3fJk8KdcXOHCzJXuRsGJvfXTBfS:RrwGwKdKvKVhExMpgGlr9fmldiumGJvE
        MD5:EBDF22D9F64C05E1D8FCF3AE881D95BC
        SHA1:CF1493C594BEE5742D67FC1DD7560975A0A63BA6
        SHA-256:9B01CE127C577FCE996A2235E057CE721097EA35B73CEDFFE8DCEECA23087221
        SHA-512:DA481DDD5A7433B887858A0820D97162E9A970CB02750644776D4534F8D21557FD6AC511E6319BAB1134DDE23DBC739CB005349730AEC60119823819F43CCFB4
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........B.9.#.j.#.j.#.j.[Zj.#.j.V.k.#.j.L4j.#.j.V.k.#.j.V.k.#.j.V.k.#.j.V.k.#.jNS.k.#.j.#.j##.j.V.k.#.j.V.k.#.j.V.k.#.j.V6j.#.j.V.k.#.jRich.#.j........................PE..L.................!......................... ............................... ............@.............................,...............................................p...............................@............ ..p...D...@....................text............................... ..`.rdata....... ......................@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\sspi_bridge.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):28160
        Entropy (8bit):6.069336980484323
        Encrypted:false
        SSDEEP:384:TU3CjvqeA5ieA9PpH+OZ4aPTRsCoKFlq+0lkLAcTjd/0taKLm5wHA9yl:TUYvqhA9PMOPTOs0lDRLm5wEo
        MD5:E25E2146B6F26369115CBC6679719208
        SHA1:9B15667893F24D0EF89182B5E164A1110FE9CACE
        SHA-256:561BDCEB5AE68E1DA8070F9C40BAAC8E6583F285891CB724E6355F9280D4FD5F
        SHA-512:838C3BBCBE736525083911CC2B6CF4E6894FE9F22034434CE91E155B6DED20E1E1CFD6C1277CA988E1970A4E847A622A23CAD3E8CC8364DFE53C0BF9CA4F6A58
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.=N%vnN%vnN%vnG].nD%vn.PwoL%vn.ProD%vn.PuoL%vn.UwoK%vnN%wn.%vn.PsoZ%vn.PsoO%vn.PvoO%vn.P.nO%vn.PtoO%vnRichN%vn................PE..L.....K............!.....<...2.......@.......P............................................@.........................pe..`....h......................................<^..p............................^..@............P.. ............................text....:.......<.................. ..`.rdata... ...P..."...@..............@..@.data...8............b..............@....rsrc................d..............@..@.reloc...............h..............@..B........................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\ucrtbase.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):1117136
        Entropy (8bit):6.786901390487033
        Encrypted:false
        SSDEEP:24576:fh8isthAmAuXv5jrKc5Xv2mcvIZPoy4R0Nt:58isgwjrKc5XvM0Nt
        MD5:2357E85AFEA76C3E143D14D4D5EEADDD
        SHA1:EF68655D4119BE43B152BEC0F1C16E50F720AA8B
        SHA-256:5E0570E228A3D602227168D56BBAF42FE9E928EDB503B8B09F443B2A297F57DF
        SHA-512:75AB477BA48570560908A1D998C503B65BD93808AB90C0AACD451ABAF6D52C7DC6643B37969D665B019F97F7452032182E010CFAB1E35E081CB59B70EA705C6B
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........c.|.0.|.0.|.0..40.|.0.|.0p|.0..Z0.|.0...1.|.0...1.|.0...1.|.0...1.|.0...1.~.0..X0.|.0...1.|.0Rich.|.0................PE..L...M..1...........!.....(...................@...............................0.......H....@A........................@Z......tb...........................!......4...\...T............................"..@............`..p............................text....&.......(.................. ..`.data...,....@.......,..............@....idata.......`.......<..............@..@.rsrc................R..............@..@.reloc..4............X..............@..B................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\vcruntime140.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):76152
        Entropy (8bit):6.765545830906817
        Encrypted:false
        SSDEEP:1536:L2HuqvERNjBwySXtVaSvrgOFw9RxKMniecbCerlLi:L2HZMRNjKySdLcOiHiecbCerhi
        MD5:AFA8FB684EDED0D4CA6AA03AEBEA446F
        SHA1:98BBB8543D4B3FBECEBB952037ADB0F9869A63A5
        SHA-256:44DE8D0DC9994BFF357344C44F12E8BFFF8150442F7CA313298B98E6C23A588E
        SHA-512:6669EEC07269002C881467D4F4AF82E5510928EA32CE79A7B1F51A71BA9567E8D99605C5BC86F940A7B70231D70638AEB2F6C2397EF197BD4C28F5E9FAD40312
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................{.........i.............................................................Rich....................PE..L...+.-a.........."!.........................................................@............@A......................................... ..................x#...0.......#..8............................#..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\verify.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):36352
        Entropy (8bit):6.281692650674674
        Encrypted:false
        SSDEEP:768:qkAx8NJ7RtYyyHUKSLAIb8rHVPsrCbgn54igdnq0oyhWFoH72S:qkAx8NJ7XYzqso6higd9o5FoH72S
        MD5:54E2C3E2CBA43E604B4D47CECF708717
        SHA1:2FB4A04D406BCE926880B5CF9E7A7AC458E1DD2D
        SHA-256:006A44F8F93E2E76B28AD791E0A905DCB34FC36672C630FB17D4C798549F86EF
        SHA-512:8A639815C989FF49CEF834B9A7FA6547A97470AC544EB236A23376C6FEEFC0B846C2B2366D057BB1794703B3C6D3B235824A73008891BE7689AEFB743356DD62
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-.._i...i...i...`.K.o...;...k.......k...;...b...;...c...;...h......j...i..."......h......h....'.h......h...Richi...........PE..L.../..<...........!.....V...8.......[.......p............................................@......................... ...X...x.......................................\...p..............................@............p..$............................text....T.......V.................. ..`.rdata..4$...p...&...Z..............@..@.data...X...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\w2k_lsa_auth.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):17408
        Entropy (8bit):5.748565819393912
        Encrypted:false
        SSDEEP:384:I1+tAImO5jVW09bLvMjaT6YnwNoZTUHikOHEbGGGGNET7T7T7T7H/uLeW6/Sw4Bj:U+tAIXB/bL5T6YnwNoZTUHikOHEbGGGl
        MD5:84B2C8405C942C98BF183AA3A59A6583
        SHA1:F23C3966120CC514A6BBD12F32AAEF7F12FEE1CF
        SHA-256:F5EC4871E29E9C2120A82BA19F54BEA0EC0745E95BF07ABB03D510520AE57A0F
        SHA-512:3ECE03A0448EF873F6A33331B45B717132EF5C1FD35B72994ECD563900D638E96B72F332A577591758D659B98FD26A223B3E1EB0CA9C70C54F0AC61479D671C1
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N../.../.../...W!../...Z.../...Z.../...Z.../...Z.../..._.../.../.../..#Z.../..#Z.../..#ZM../..#Z.../..Rich./..........PE..L...I.4k...........!.........&......p#.......0............................................@......................... @.......A.......`.......................p......l;..p............................;..@............0...............................text...4........................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....rsrc........`.......<..............@..@.reloc.......p.......@..............@..B................................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\bin\zip.dll

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):68096
        Entropy (8bit):6.744110791526747
        Encrypted:false
        SSDEEP:1536:3Vqdo7kc2aMHFeBUbNlW9EJIOQIO8GnToIfSVqxy:wOkcLMHFeB6Nle4G8yTBfSVqx
        MD5:0A6DBD5A3BC89A43F3B057262D0425B3
        SHA1:2CF05CA2DDED11F7D43E4659065040BFC1331887
        SHA-256:EC9EA43A928B6A8E793EAE03078FAB0BFE0985EE4FB9D9BB4F7DA0C22154B450
        SHA-512:9C710901A0D1F667125525D6A91DCBA824E3CBA52B40001CD9054B85C466997DFCFAFA59E8BF0AAE63F3AC66D91E68A164A87E7B62E0D8088634A40FAF775E4D
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................$..................J......................V...........V......V......V.H....V......Rich...........PE..L......S...........!.........h...............................................@............@.................................h........ .......................0..,.......p...........................`...@............................................text...]........................... ..`.rdata...X.......Z..................@..@.data...............................@....rsrc........ ......................@..@.reloc..,....0......................@..B................................................................................................................................................................................................................................................................................................

        C:\Program Files (x86)\PWMinder\runtime\conf\logging.properties

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):2732
        Entropy (8bit):4.543704203888891
        Encrypted:false
        SSDEEP:48:EmdSDPz08pRNYHjwsnkYXxInhkOGk1xdvTMgQI:GjA3Hjw5l1XrMVI
        MD5:0F00EC3E7A7767A4EFEAE1875FB5F3D4
        SHA1:167808418571E9209B952188DDAB2F4E62920E68
        SHA-256:B62D2733AB99556B108A1951D894C5A8D76B1AC7A00C02C388F9EB9BE046C56F
        SHA-512:E869F4A3B821A9933796DC9A56EE00483493369DFBFE07B3B1D895CB8318C6821CD44134EB37513F15B830C25861B596646824ED56672D08B678FEFE6A4C7504
        Malicious:false
        Preview:############################################################.# .Default Logging Configuration File.#.# You can use a different file by specifying a filename.# with the java.util.logging.config.file system property..# For example, java -Djava.util.logging.config.file=myfile.############################################################..############################################################.# .Global properties.############################################################..# "handlers" specifies a comma-separated list of log Handler.# classes. These handlers will be installed during VM startup..# Note that these classes must be on the system classpath..# By default we only configure a ConsoleHandler, which will only.# show messages at the INFO and above levels..handlers= java.util.logging.ConsoleHandler..# To also add the FileHandler, use the following line instead..#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler..# Default global logging level..# This s

        C:\Program Files (x86)\PWMinder\runtime\conf\net.properties

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):6671
        Entropy (8bit):4.786259481951573
        Encrypted:false
        SSDEEP:96:6ATE+VEtGObfObz3Ob6Onte3CO0V+r/aJ7SFXtqBZUT+gTzDuBnZkRnF:/LVGG4f4z346et5m27SnCgTe9GnF
        MD5:385443B7E4A37BC277C018CD1D336D49
        SHA1:B2C0DFB00BF699E817BDD49B14BC24B8D3282C65
        SHA-256:5BC726671936E0AF4FDF6BED67D9E3A20A92C30B0BA23673D0314BAA5E3FFB08
        SHA-512:260AFC7671A1DC0C443564F1D10386F0B241BB53C76DF68D8D03F1D0B1CEAF3F68847AB3477732C876C2B01C812EF7521744BEFE88E312F3AA63164B608B67A1
        Malicious:false
        Preview:############################################################.# Default Networking Configuration File.#.# This file may contain default values for the networking system properties..# These values are only used when the system properties are not specified.# on the command line or set programmatically..# For now, only the various proxy settings can be configured here..############################################################..# Whether or not the DefaultProxySelector will default to System Proxy.# settings when they do exist..# Set it to 'true' to enable this feature and check for platform.# specific proxy settings.# Note that the system properties that do explicitly set proxies.# (like http.proxyHost) do take precedence over the system settings.# even if java.net.useSystemProxies is set to true...java.net.useSystemProxies=false..#------------------------------------------------------------------------.# Proxy configuration for the various protocol handlers..# DO NOT uncomment th

        C:\Program Files (x86)\PWMinder\runtime\conf\security\java.policy

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):2180
        Entropy (8bit):4.44345130079058
        Encrypted:false
        SSDEEP:24:VP2hdA1rjIw9c3BBgqyYnhpwcdpULSELuodwZdw1yEQwSR:IA1rkw9cBgc1dKly
        MD5:FBF2B55342947695AA2A15E3485ED29F
        SHA1:A04C23F61D2958FC1E9882509927B43CAB0E799C
        SHA-256:F2A00A1DEC3B7A097F0815F338A84717BA1017D5D7AAE96D842D2188D67C3250
        SHA-512:35FFE47EB7D404785E5BEF3F1F26629F5DC04C54F9DCB082A250DA367414095B024E6486AD0332CEBE0348A2F972E9D58979C8C86AB9753F72FF0727BDA07C1C
        Malicious:false
        Preview://.// This system policy file grants a set of default permissions to all domains.// and can be configured to grant additional permissions to modules and other.// code sources. The code source URL scheme for modules linked into a.// run-time image is "jrt"..//.// For example, to grant permission to read the "foo" property to the module.// "com.greetings", the grant entry is:.//.// grant codeBase "jrt:/com.greetings" {.// permission java.util.PropertyPermission "foo", "read";.// };.//..// default permissions granted to all domains.grant {. // allows anyone to listen on dynamic ports. permission java.net.SocketPermission "localhost:0", "listen";.. // "standard" properies that can be read by anyone. permission java.util.PropertyPermission "java.version", "read";. permission java.util.PropertyPermission "java.vendor", "read";. permission java.util.PropertyPermission "java.vendor.url", "read";. permission java.util.PropertyPermission "java.class.version", "read";.

        C:\Program Files (x86)\PWMinder\runtime\conf\security\java.security

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):58403
        Entropy (8bit):4.930833501920088
        Encrypted:false
        SSDEEP:768:rfBzVIMtipMfSyvqOpjt1p+SiIj4sjyaF/IJnoIqHihz3oFoBfCDqrsoZ9d5eDF:rIMy8SiqOpjt1p5/jCG/UoQhzYKpNnCF
        MD5:0A750027C4C6AAC1F2ADBCF0CB61D5AA
        SHA1:62FA8FA8BBBF09264C5DB08D2229B01C3DFD911C
        SHA-256:F9B32ADEEE2ED2D3EA558CCC0DC5023EC9474BE301CF83FA09067B2A2A73D15F
        SHA-512:FD9BF2410F53824D8F593A3266A572D414EA90FF14E20C0EE454716BE0B652BEB74F2B79F10E6C8A7E81FE54818C0EEED2C1CE6C7C778A09AD60FEFDDA92A23E
        Malicious:false
        Preview:#..# This is the "master security properties file"...#..# An alternate java.security properties file may be specified..# from the command line via the system property..#..# -Djava.security.properties=<URL>..#..# This properties file appends to the master security properties file...# If both properties files specify values for the same key, the value..# from the command-line properties file is selected, as it is the last..# one loaded...#..# Also, if you specify..#..# -Djava.security.properties==<URL> (2 equals),..#..# then that properties file completely overrides the master security..# properties file...#..# To disable the ability to specify an additional properties file from..# the command line, set the key security.overridePropertiesFile..# to false in the master security properties file. It is set to true..# by default.....# In this file, various security properties are set for use by..# java.security classes. This is where users can statically register..# Cryptography Packag

        C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\README.txt

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):2390
        Entropy (8bit):4.7611843972228405
        Encrypted:false
        SSDEEP:48:E8GAAhgyWyrLrDltqTiPpFbZcX9Ux7VNCVp7hbiqIPb1KAI3ry:wDFbDEiP72X9UxINhbJIPpGy
        MD5:3D47D94BC4F19D18BCC8B23F51D013AF
        SHA1:A97CD312D6A2A9C8C780C15E5AF51A2F4F97C2CB
        SHA-256:6DA0747334B0FEA7592FD92614B2BBC8B126535E129B1FEE483774D914E98EB5
        SHA-512:68A031264CF9442526307364CA74B336AF55564C233C2F514CAC48E910022767562F8FF6A64BB9CFCBF0FB5E755289273382C9246418A4B9207FC7761D03C64E
        Malicious:false
        Preview:. Java(TM) Cryptography Extension Policy Files. for the Java(TM) Platform, Standard Edition Runtime Environment.. README.------------------------------------------------------------------------..Import and export control rules on cryptographic software vary from.country to country. The Java Cryptography Extension (JCE) architecture.allows flexible cryptographic key strength to be configured via the.jurisdiction policy files which are referenced by the "crypto.policy".security property in the <java-home>/conf/security/java.security file...By default, Java provides two different sets of cryptographic policy.files:.. unlimited: These policy files contain no restrictions on cryptographic. strengths or algorithms.. limited: These policy files contain more restricted cryptographic. strengths..These files reside in <java-home>/conf/security/policy in the "unlimited".or "limited" subdirectories respectively...

        C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\limited\default_US_export.policy

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):146
        Entropy (8bit):4.527560331114326
        Encrypted:false
        SSDEEP:3:RFWDci4MRvKJHJu3dfeHFGoF+FXGGNNLc0WLVyIGNp5MOsVn9:jq4MR6H82Hf83o0DITOs59
        MD5:1A08FFDF0BC871296C8D698FB22F542A
        SHA1:F3F974D3F6245C50804DCC47173AA29D4D7F0E2C
        SHA-256:758B930A526FC670AB7537F8C26321527050A31F5F42149A2DDA623C56A0A1A9
        SHA-512:4CFCA5B10CD7ADDCFF887C8F3621D2FBEC1B5632436326377B0CE5AF1AE3E8B68AC5A743CA6082FC79991B8EEC703A6E1DFD5B896153407AD72327753222FDB3
        Malicious:false
        Preview:// Default US Export policy file...grant {. // There is no restriction to any algorithms.. permission javax.crypto.CryptoAllPermission; .};.

        C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\limited\default_local.policy

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):647
        Entropy (8bit):4.651231515753206
        Encrypted:false
        SSDEEP:12:jtGrnXjZnhQBI9hcv2/9BW3iVKXYU/9pY/9xl:krj1A8imGiVk6xl
        MD5:6D7B4616A5DBA477B6B6D3F9A12E568F
        SHA1:7FB67E217C53A685CB9314001592B5BD50B5FBB9
        SHA-256:2B2627548E61316150D47FFC3E6CAD465CA05B3CCCD4785EB7D21AA7BAA0F441
        SHA-512:A0B98CBBB49184DF973BB2C4A506E9BC6E025A696BC0C8054A6352CC3F9B4A38E3BAF117C6834DDADDC38498556607ED4EDA8F1BC683F662D61DA50E0DB0C8C2
        Malicious:false
        Preview:// Some countries have import limits on crypto strength. This policy file.// is worldwide importable...grant {. permission javax.crypto.CryptoPermission "DES", 64;. permission javax.crypto.CryptoPermission "DESede", *;. permission javax.crypto.CryptoPermission "RC2", 128, . "javax.crypto.spec.RC2ParameterSpec", 128;. permission javax.crypto.CryptoPermission "RC4", 128;. permission javax.crypto.CryptoPermission "RC5", 128, . "javax.crypto.spec.RC5ParameterSpec", *, 12, *;. permission javax.crypto.CryptoPermission "RSA", *;. permission javax.crypto.CryptoPermission *, 128;.};.

        C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\limited\exempt_local.policy

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):566
        Entropy (8bit):4.521178196551511
        Encrypted:false
        SSDEEP:12:jtGrnXjbIbnPp7U5fKBuDeHHxYzKBuKKX8HHxYAKdKBuKfFxZwn:krjmnPp7UBKY6HHxoKYRX8HHxYvdKYKq
        MD5:4CBB03F484C86CBEA1A217BAAE07D3C9
        SHA1:EE67275BC119C98191A09FF72F043872B05AB7FD
        SHA-256:8C3D7648ABCD95A272CE12DB870082937F4D7F6878D730D83CB7FBB31EB8B2C9
        SHA-512:2BD70518AED6B0E01C520C446830C5F567FA72974548818CAC3E1E5C2BE6F03DB78CE6012F5463B1E19C36243D04CBAAD38EC79524635EAAE2E427EB1875CCDB
        Malicious:false
        Preview:// Some countries have import limits on crypto strength, but may allow for.// these exemptions if the exemption mechanism is used...grant {. // There is no restriction to any algorithms if KeyRecovery is enforced.. permission javax.crypto.CryptoPermission *, "KeyRecovery"; .. // There is no restriction to any algorithms if KeyEscrow is enforced.. permission javax.crypto.CryptoPermission *, "KeyEscrow"; .. // There is no restriction to any algorithms if KeyWeakening is enforced. . permission javax.crypto.CryptoPermission *, "KeyWeakening";.};.

        C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\unlimited\default_US_export.policy

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):146
        Entropy (8bit):4.527560331114326
        Encrypted:false
        SSDEEP:3:RFWDci4MRvKJHJu3dfeHFGoF+FXGGNNLc0WLVyIGNp5MOsVn9:jq4MR6H82Hf83o0DITOs59
        MD5:1A08FFDF0BC871296C8D698FB22F542A
        SHA1:F3F974D3F6245C50804DCC47173AA29D4D7F0E2C
        SHA-256:758B930A526FC670AB7537F8C26321527050A31F5F42149A2DDA623C56A0A1A9
        SHA-512:4CFCA5B10CD7ADDCFF887C8F3621D2FBEC1B5632436326377B0CE5AF1AE3E8B68AC5A743CA6082FC79991B8EEC703A6E1DFD5B896153407AD72327753222FDB3
        Malicious:false
        Preview:// Default US Export policy file...grant {. // There is no restriction to any algorithms.. permission javax.crypto.CryptoAllPermission; .};.

        C:\Program Files (x86)\PWMinder\runtime\conf\security\policy\unlimited\default_local.policy

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):193
        Entropy (8bit):4.403143222843641
        Encrypted:false
        SSDEEP:3:RF9QnzMGFgZJgQFcxqNGMRCKxGXcjQqbvUWeHFGoF+FXGGNNLc0WLVyIGNp5MOsn:j9Qna3FcxuwTXjkUZHf83o0DITOs59
        MD5:2A0F330C51AFF13A96AF8BD5082C84A8
        SHA1:AD2509631ED743C882999AC1200FD5FB8A593639
        SHA-256:8D8A318E6D90DFD7E26612D2B6385AA704F686CA6134C551F8928418D92B851A
        SHA-512:2B0385417A3FC2AF58B1CBB186DD3E0B0875E42923884153DEEE0EFCB390CA00B326ED5B266B3892D31BF7D40E10969A0B51DAA6D0B4CA3183770786925D3CDE
        Malicious:false
        Preview:// Country-specific policy file for countries with no limits on crypto strength...grant {. // There is no restriction to any algorithms.. permission javax.crypto.CryptoAllPermission; .};.

        C:\Program Files (x86)\PWMinder\runtime\conf\sound.properties

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):1210
        Entropy (8bit):4.681309933800066
        Encrypted:false
        SSDEEP:24:va19LezUlOGdZ14BilDEwG5u3nVDWc/Wy:iaLGr1OsS5KnVaIWy
        MD5:4F95242740BFB7B133B879597947A41E
        SHA1:9AFCEB218059D981D0FA9F07AAD3C5097CF41B0C
        SHA-256:299C2360B6155EB28990EC49CD21753F97E43442FE8FAB03E04F3E213DF43A66
        SHA-512:99FDD75B8CE71622F85F957AE52B85E6646763F7864B670E993DF0C2C77363EF9CFCE2727BADEE03503CDA41ABE6EB8A278142766BF66F00B4EB39D0D4FC4A87
        Malicious:false
        Preview:############################################################.# Sound Configuration File.############################################################.#.# This properties file is used to specify default service.# providers for javax.sound.midi.MidiSystem and.# javax.sound.sampled.AudioSystem..#.# The following keys are recognized by MidiSystem methods:.#.# javax.sound.midi.Receiver.# javax.sound.midi.Sequencer.# javax.sound.midi.Synthesizer.# javax.sound.midi.Transmitter.#.# The following keys are recognized by AudioSystem methods:.#.# javax.sound.sampled.Clip.# javax.sound.sampled.Port.# javax.sound.sampled.SourceDataLine.# javax.sound.sampled.TargetDataLine.#.# The values specify the full class name of the service.# provider, or the device name..#.# See the class descriptions for details..#.# Example 1:.# Use MyDeviceProvider as default for SourceDataLines:.# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider.#.# Example 2:.# Specify the default Synthesizer by it

        C:\Program Files (x86)\PWMinder\runtime\legal\java.base\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):2114
        Entropy (8bit):4.530565844905079
        Encrypted:false
        SSDEEP:48:r5lMXnnElB0wQCcM2acHM3WzguKzZmBwYq8K:r5lMUPJ4Z4buKVKG
        MD5:71BB3AD0017BF36D14BB96A8D4B32C45
        SHA1:1A5C553E71BDB7D94995B206BC9EAA49ABD1E888
        SHA-256:A69BCE275BA7A3570AF6579CB0F55682CD75FEDFCD49E0E8E9022270C447C916
        SHA-512:9F658DFEA71BDC3CC1549EDFB5AD3171DBFA0082B2D91E820C09ABE0B376B6BCD8B5170442A5E25E72274E98F130176BBDECFA7997C59705782B214F02136A20
        Malicious:false
        Preview: ADDITIONAL INFORMATION ABOUT LICENSING..Certain files distributed by Oracle America, Inc. and/or its affiliates are .subject to the following clarification and special exception to the GPLv2, .based on the GNU Project exception for its Classpath libraries, known as the .GNU Classpath Exception...Note that Oracle includes multiple, independent programs in this software .package. Some of those programs are provided under licenses deemed .incompatible with the GPLv2 by the Free Software Foundation and others. .For example, the package includes programs licensed under the Apache .License, Version 2.0 and may include FreeType. Such programs are licensed .to you under their original licenses. ..Oracle facilitates your further distribution of this package by adding the .Classpath Exception to the necessary parts of its GPLv2 code, which permits .you to use that code in combination with other independent modules not .licensed under the GPLv2. However, note that this woul

        C:\Program Files (x86)\PWMinder\runtime\legal\java.base\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):1522
        Entropy (8bit):4.747042537008044
        Encrypted:false
        SSDEEP:24:b0fFDmMbmRMAOJDcJb3W2zeD34eXqC/5Wx/kaRilV8hWrwr1:b09PbmqAOJIW2KT4eXqC/5WFkaEQW8Z
        MD5:D94F7C92FF61C5D3F8E9433F76E39F74
        SHA1:7A9B074CA8D783DBE5310ECC22F5538B65CC918E
        SHA-256:A44EB7B5CAF5534C6EF536B21EDB40B4D6BABF91BF97D9D45596868618B2C6FB
        SHA-512:D4044F6CEB094753075036920C0669631F4D3C13203CAF2BEA345E2CC4094905719732010BBE1CAE97BC78743AA6DEF7C2AA33F3E8FCA9971F2CA0457837D3B0
        Malicious:false
        Preview:.OPENJDK ASSEMBLY EXCEPTION..The OpenJDK source code made available by Oracle America, Inc. (Oracle) at.openjdk.java.net ("OpenJDK Code") is distributed under the terms of the GNU.General Public License <http://www.gnu.org/copyleft/gpl.html> version 2.only ("GPL2"), with the following clarification and special exception... Linking this OpenJDK Code statically or dynamically with other code. is making a combined work based on this library. Thus, the terms. and conditions of GPL2 cover the whole combination... As a special exception, Oracle gives you permission to link this. OpenJDK Code with certain code licensed by Oracle as indicated at. http://openjdk.java.net/legal/exception-modules-2007-05-08.html. ("Designated Exception Modules") to produce an executable,. regardless of the license terms of the Designated Exception Modules,. and to copy and distribute the resulting executable under GPL2,. provided that the Designated Exception Modules continue to be.

        C:\Program Files (x86)\PWMinder\runtime\legal\java.base\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):19274
        Entropy (8bit):4.667864876938965
        Encrypted:false
        SSDEEP:384:sY2fSz/rGvS/66YsaZdIP3Lf4vAkMVhPGkupdDdicW:7vuvVmjkbylupdDdiZ
        MD5:3E0B59F8FAC05C3C03D4A26BBDA13F8F
        SHA1:A4FB972C240D89131EE9E16B845CD302E0ECB05F
        SHA-256:4B9ABEBC4338048A7C2DC184E9F800DEB349366BDF28EB23C2677A77B4C87726
        SHA-512:6732288C682A39ED9EDF11A151F6F48E742696F4A762C0C7D8872B99B9F6D5AB6C305064D4910B1A254862A873129F11FD0FA56FF11BC577D29303F4FB492673
        Malicious:false
        Preview:The GNU General Public License (GPL)..Version 2, June 1991..Copyright (C) 1989, 1991 Free Software Foundation, Inc..51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA..Everyone is permitted to copy and distribute verbatim copies of this license.document, but changing it is not allowed...Preamble..The licenses for most software are designed to take away your freedom to share.and change it. By contrast, the GNU General Public License is intended to.guarantee your freedom to share and change free software--to make sure the.software is free for all its users. This General Public License applies to.most of the Free Software Foundation's software and to any other program whose.authors commit to using it. (Some other Free Software Foundation software is.covered by the GNU Library General Public License instead.) You can apply it to.your programs, too...When we speak of free software, we are referring to freedom, not price. Our.General Public Licenses are designed to make sure that

        C:\Program Files (x86)\PWMinder\runtime\legal\java.base\aes.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):1444
        Entropy (8bit):5.194600884456683
        Encrypted:false
        SSDEEP:24:j6omedtxUno8PbOIFThJyprYFTcQLey9Rwq32stOkg9SQROd32sZyxtT41BtGW+F:mhedtuTOIJarYJt7Cq32srX32sZEt01Q
        MD5:2E33468A535A4EB09EF57FC12A2652D0
        SHA1:E64516F3FA1E72F88CAA50F14B8046DD74D012B6
        SHA-256:45C6D4DA48325EDFBFF3DCF71C704E504C057904435ED23C6D57046D551EB69D
        SHA-512:4D14B5DDBB4D09797264ED29BA71FAB6986B4A9E75EFB9402C1476E0A9E2884813D6A922DEA125643B4F74E1F3E458F4E48D6C840E0F4D16ED72FFBC4611DBB2
        Malicious:false
        Preview:## Cryptix AES v3.2.0..### Cryptix General License.<pre>..Cryptix General License..Copyright (c) 1995-2005 The Cryptix Foundation Limited..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are.met:.. 1. Redistributions of source code must retain the copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in. the documentation and/or other materials provided with the. distribution...THIS SOFTWARE IS PROVIDED BY THE CRYPTIX FOUNDATION LIMITED AND.CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,.INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF.MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED..IN NO EVENT SHALL THE CRYPTIX FOUNDATION LIMITED OR CONTRIBUTORS BE.LIABLE FOR ANY DIRECT

        C:\Program Files (x86)\PWMinder\runtime\legal\java.base\asm.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Unicode text, UTF-8 text
        Category:dropped
        Size (bytes):1584
        Entropy (8bit):5.200960306339295
        Encrypted:false
        SSDEEP:48:/5OorYJCrYJ5zO432sHj32sZEtY17wNH7:UorYJCrYJZF3X31ENb
        MD5:66C0CECD7AADDF8F7D0CDB433C5C6036
        SHA1:C34EB481A27B11495D8E0A5505BE89826B8051E2
        SHA-256:1FF912740E84E024711DEF5FA482FFBB46EFF64559760C467352DFA7C39A3307
        SHA-512:7ECBF4EF5B621227CAA6889937E980CD3492E344B2EA06D0B8F6F247EB484420625EEBED3AD5F23F84251B47390CB115F41197909593D3CA7D293415AC9188C1
        Malicious:false
        Preview:## ASM Bytecode Manipulation Framework v8.0.1..### ASM License.<pre>..Copyright (c) 2000-2011 France T.l.com.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions.are met:..1. Redistributions of source code must retain the above copyright. notice, this list of conditions and the following disclaimer...2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution...3. Neither the name of the copyright holders nor the names of its. contributors may be used to endorse or promote products derived from. this software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS".AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE.IMPLIED WARRANTIES OF MERCHAN

        C:\Program Files (x86)\PWMinder\runtime\legal\java.base\c-libutl.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):1556
        Entropy (8bit):5.222803386080423
        Encrypted:false
        SSDEEP:48:M6IHO9JnJzn6432svv32s3EsIm3tYHzNb:jn9JnJznR3r3zVHaBb
        MD5:2E89A282A50F8702E52703464E6937CA
        SHA1:CFC22A6F5B17CD539234D5B3160A5224ABEFADB9
        SHA-256:BEF40679922D6FDFB7E4DDB223AD6722300F6054BA737BBF6188D60FCEC517F9
        SHA-512:AE459D8CE5581EA57E203088373C1CE86D122D0E27EB871EE1383E0E64CD8A184FA207EEE0E835347316E70AFA24A1C95AEC30DEF3E09D15EE19A0B2C3AD2095
        Malicious:false
        Preview:## c-libutl 20160225..### c-libutl License.```..This software is distributed under the terms of the BSD license...== BSD LICENSE ===============================================================.. (C) 2009 by Remo Dentato (rdentato@gmail.com)...Redistribution and use in source and binary forms, with or without modification,.are permitted provided that the following conditions are met:.. * Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer.. * Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE.DISCLAIMED. IN NO EVENT

        C:\Program Files (x86)\PWMinder\runtime\legal\java.base\cldr.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Unicode text, UTF-8 text, with very long lines (837)
        Category:dropped
        Size (bytes):9130
        Entropy (8bit):5.032821254249109
        Encrypted:false
        SSDEEP:192:sFOhggAjHJc/3V/Prf26+n62WOdb/9R4FXghdxMHD3x0AS0FTZjU6pc:4OhggAu3VXrf261Sb/96X6AuASmvc
        MD5:8F5780E8D582FE686ED11535DEC512ED
        SHA1:B63B615A826D8A40F5A45DC49DA0FF1D8B6666C1
        SHA-256:F2BD33DED550A05D59E8F659416EF382490504548D846E6388B1DFFD273AA077
        SHA-512:49996CDCD2BFBF0E018E0FE127A98E5435E50C0B3F4891404E897826BE74AD56D253BFEB51934195ED559BE3C251613ECAE744C39FD6793F59DBC87DE6E970E5
        Malicious:false
        Preview:## Unicode Common Local Data Repository (CLDR) v39..### CLDR License..```..UNICODE, INC. LICENSE AGREEMENT - DATA FILES AND SOFTWARE..See Terms of Use for definitions of Unicode Inc.'s.Data Files and Software...NOTICE TO USER: Carefully read the following legal agreement..BY DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING UNICODE INC.'S.DATA FILES ("DATA FILES"), AND/OR SOFTWARE ("SOFTWARE"),.YOU UNEQUIVOCALLY ACCEPT, AND AGREE TO BE BOUND BY, ALL OF THE.TERMS AND CONDITIONS OF THIS AGREEMENT..IF YOU DO NOT AGREE, DO NOT DOWNLOAD, INSTALL, COPY, DISTRIBUTE OR USE.THE DATA FILES OR SOFTWARE...COPYRIGHT AND PERMISSION NOTICE..Copyright . 1991-2021 Unicode, Inc. All rights reserved..Distributed under the Terms of Use in https://www.unicode.org/copyright.html...Permission is hereby granted, free of charge, to any person obtaining.a copy of the Unicode data files and any associated documentation.(the "Data Files") or Unicode software and any associated documentation.(the "Software") to

        C:\Program Files (x86)\PWMinder\runtime\legal\java.base\icu.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Unicode text, UTF-8 text, with very long lines (849)
        Category:dropped
        Size (bytes):11086
        Entropy (8bit):4.982322403001006
        Encrypted:false
        SSDEEP:192:OQkggAjHJc/3V/Prff/BX1QH1DcT7mrfrGj+Bn6W2+d7/tRgXwhdxMHD324nkAyV:OQkggAu3VXrff/HparfKjfi7/t6X6AOD
        MD5:2F77C0CAE3FDC2B5B6E8D85898CC4C2F
        SHA1:92DB4D2A0CDC8680910FC434A1A637A5B87ED599
        SHA-256:AF0057E8553906083F69C2FB9FE9ED4AE8BC2340A0B1E376A424702F00300B29
        SHA-512:2A105217C50F345C1FBA6DEC9FF8A3C70EC0C14F4821C1175C2C21D4E6B5F4F1E7A49D29AAE9698C4850A2298802EB926EB6D80CD6082EEAA623394B10F28967
        Malicious:false
        Preview:## International Components for Unicode (ICU4J) v67.1..### ICU4J License.```..COPYRIGHT AND PERMISSION NOTICE (ICU 58 and later)..Copyright . 1991-2020 Unicode, Inc. All rights reserved..Distributed under the Terms of Use in https://www.unicode.org/copyright.html...Permission is hereby granted, free of charge, to any person obtaining.a copy of the Unicode data files and any associated documentation.(the "Data Files") or Unicode software and any associated documentation.(the "Software") to deal in the Data Files or Software.without restriction, including without limitation the rights to use,.copy, modify, merge, publish, distribute, and/or sell copies of.the Data Files or Software, and to permit persons to whom the Data Files.or Software are furnished to do so, provided that either.(a) this copyright and permission notice appear with all copies.of the Data Files or Software, or.(b) this copyright and permission notice appear in associated.Documentation...THE DATA FILES AND SOFTWARE ARE

        C:\Program Files (x86)\PWMinder\runtime\legal\java.base\public_suffix.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):17785
        Entropy (8bit):4.591906517978096
        Encrypted:false
        SSDEEP:384:gn7Ga28R/9yoeF6cXpMPWeXlUl5omyzQdBGYVSleCqxi:gn7GNw/woj25kzQdBG4CqI
        MD5:A90527D48AD0216FD1E5241015BB0F77
        SHA1:A59B3BF9478184BE7AE959E27CE7257BC418985A
        SHA-256:BCA182053946267C1F3BB5D160849A6A290B2AEFC57ABC7155180CA98DB87301
        SHA-512:6FE7F9980D1E29A0AB7CCCF8ACB1B73C867E48A975799F57E07381A432B5EAD70B2F470649AA36E38B6BFBF3E819FA2D2B9C4E3281C86ECF500549B1B4800038
        Malicious:false
        Preview:## Mozilla Public Suffix List..### Public Suffix Notice.```.You are receiving a copy of the Mozilla Public Suffix List in the following.file: <java-home>/lib/security/public_suffix_list.dat. The terms of the.Oracle license do NOT apply to this file; it is licensed under the.Mozilla Public License 2.0, separately from the Oracle programs you receive..If you do not wish to use the Public Suffix List, you may remove the.<java-home>/lib/security/public_suffix_list.dat file...The Source Code of this file is available under the.Mozilla Public License, v. 2.0 and is located at.https://raw.githubusercontent.com/publicsuffix/list/3c213aab32b3c014f171b1673d4ce9b5cd72bf1c/public_suffix_list.dat..If a copy of the MPL was not distributed with this file, you can obtain one.at https://mozilla.org/MPL/2.0/...Software distributed under the License is distributed on an "AS IS" basis,.WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License.for the specific language governing rights and l

        C:\Program Files (x86)\PWMinder\runtime\legal\java.base\unicode.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Unicode text, UTF-8 text
        Category:dropped
        Size (bytes):2384
        Entropy (8bit):5.168907700608063
        Encrypted:false
        SSDEEP:48:fbgsglbhyAY4FCNPcNSyW5rSr+lP1JKrzteztw/wHasTI4c/Lr0in/Prfk0x:jd+hythPggfPQzkzqYHJc/3V/Prf5x
        MD5:A37C772AAEB922A5FF741A1DA81D52AC
        SHA1:85C21732F4903895DAE6E512D23ACCC5D26010DF
        SHA-256:5E4E6623A21A63F9BC16EA54AF4133B8038E490C0D499A74676F9E5A61B9C5B2
        SHA-512:17805F146FAE2058FF99D051D231BFC7238C2B79DC70930AF01F3C56657E06D037664CD9DBDC42FE48C3539DCF39F4B799E0A53D08A8891BA2AF484745B956AA
        Malicious:false
        Preview:## The Unicode Standard, Unicode Character Database, Version 13.0.0. .### Unicode Character Database.```..UNICODE, INC. LICENSE AGREEMENT - DATA FILES AND SOFTWARE..See Terms of Use for definitions of Unicode Inc.'s.Data Files and Software...NOTICE TO USER: Carefully read the following legal agreement..BY DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING UNICODE INC.'S.DATA FILES ("DATA FILES"), AND/OR SOFTWARE ("SOFTWARE"),.YOU UNEQUIVOCALLY ACCEPT, AND AGREE TO BE BOUND BY, ALL OF THE.TERMS AND CONDITIONS OF THIS AGREEMENT..IF YOU DO NOT AGREE, DO NOT DOWNLOAD, INSTALL, COPY, DISTRIBUTE OR USE.THE DATA FILES OR SOFTWARE...COPYRIGHT AND PERMISSION NOTICE..Copyright . 1991-2020 Unicode, Inc. All rights reserved..Distributed under the Terms of Use in https://www.unicode.org/copyright.html...Permission is hereby granted, free of charge, to any person obtaining.a copy of the Unicode data files and any associated documentation.(the "Data Files") or Unicode software and any associated do

        C:\Program Files (x86)\PWMinder\runtime\legal\java.base\wepoll.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):1454
        Entropy (8bit):5.23517420325372
        Encrypted:false
        SSDEEP:24:jGjqwlJQUnoc+bOI/rYFTY+Jy/rYFTj5794Os43sEskuZKWROLTt3hyxLTfyL3tI:qj3viOYrYJarYJ74943JL53hELmL3tqh
        MD5:CEF1D92FF8ACE278BD32AC5E18735B86
        SHA1:6C7D15E2B8F3E99527458C8EA33420EE1D34AF7B
        SHA-256:3AC2992770080453B98C42AFA807BA4B2C1738EF756B92A55C645F55E7DF48F0
        SHA-512:12AA61AE93FC626A230F39F44CA11C75086FD9BB50F2794FB9FEC29B9BEF924545FC19D9CB38FDA631560CA78AE8E587144CF3CF3C83A6B336BB4711611393BF
        Malicious:false
        Preview:## Bert Belder: wepoll v 1.5.8..### wepoll License.```.wepoll - epoll for Windows.https://github.com/piscisaureus/wepoll..Copyright 2012-2020, Bert Belder <bertbelder@gmail.com>.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are.met:.. * Redistributions of source code must retain the above copyright. notice, this list of conditions and the following disclaimer... * Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS."AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT.OWNER OR CONTRIBUTORS BE LIABLE F

        C:\Program Files (x86)\PWMinder\runtime\legal\java.base\zlib.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):1011
        Entropy (8bit):4.589717550699574
        Encrypted:false
        SSDEEP:24:jxxuyMlc/LxAbno0QNplTp4XGBi+g7Y8PaO:ZCc/LebnN63Tp4X4i/7ZSO
        MD5:19F03867B2027801B674A81134FC94BD
        SHA1:C239D2DA15DAC52B8B928C712BBB29A0BC18AAE4
        SHA-256:19ABD401BAC9AF9B3E34C07E226DE1E6F2C1F0806FFCDC3FE2F1AD5855A42FF8
        SHA-512:E37AA89A4F46987A6BC1B2B5FAD4CBF8DAA1F27CA30C02BB0405512BC9DE9C76B8655222B35DDB1C6AAE89234EDBB59B7D8B0989505CB72D216FD3D44DB76824
        Malicious:false
        Preview:## zlib v1.2.11..### zlib License.<pre>..Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler..This software is provided 'as-is', without any express or implied.warranty. In no event will the authors be held liable for any damages.arising from the use of this software...Permission is granted to anyone to use this software for any purpose,.including commercial applications, and to alter it and redistribute it.freely, subject to the following restrictions:..1. The origin of this software must not be misrepresented; you must not. claim that you wrote the original software. If you use this software. in a product, an acknowledgment in the product documentation would be. appreciated but is not required..2. Altered source versions must be plainly marked as such, and must not be. misrepresented as being the original software..3. This notice may not be removed or altered from any source distribution...Jean-loup Gailly Mark Adler.jloup@gzip.org madler@alumni.caltech.e

        C:\Program Files (x86)\PWMinder\runtime\legal\java.compiler\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.compiler\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.compiler\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.datatransfer\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.datatransfer\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.datatransfer\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\colorimaging.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):167
        Entropy (8bit):4.67070372864436
        Encrypted:false
        SSDEEP:3:RFRELUacKIVVPDwwP1FZenv+PELUaRHUBQecOczDP8LUacKIVG9V4n:jxKIVbZAevcvLKIVGon
        MD5:0889FD01A6802A5A934572D9BD47F430
        SHA1:7A7E547452EE1C72E8B0D96DCCBE315F62D5B564
        SHA-256:04D61E3E8E71DD452EBE52008AF5378D9F6640D14578AEB515DC5375973B0189
        SHA-512:F5872960470810CDBDC2DB1DFB216CAB88203B23400B16E157C8654C2EECFF8D9B26CE066EC18718C8E6D54EE1C54533FDADE395C454210FED5159FD4A7A0ADB
        Malicious:false
        Preview:## Eastman Kodak Company: Portions of color management and imaging software..### Eastman Kodak Notice.<pre>.Portions Copyright Eastman Kodak Company 1991-2003.</pre>..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\freetype.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Unicode text, UTF-8 text
        Category:dropped
        Size (bytes):28780
        Entropy (8bit):4.777647368499231
        Encrypted:false
        SSDEEP:384:uG8+ZxGw7hiVHEUwi5rRL67cyV12rPd34FomzM2/R+qWo72gUo3JoWfKvJ:uGfGKM7FCExGFzeqf72gUzWfKB
        MD5:5CCE8D927FE2E23F3894983720BA4668
        SHA1:093124C101C910C8EA5ED4FAE90BB1EEEFCCBC0E
        SHA-256:131C94CFB6CA086689486F7853BAFC9FCC83EE114B5B20596B3553DD537E5925
        SHA-512:B77C0485440477EC596CE5306A568806A81B2978BDC8BAF842924C047D71F5AB68A43380EDB9638BC86C952E739E1FF0E3628575E7AD4466EE76C302F6382FB0
        Malicious:false
        Preview:## The FreeType Project: Freetype v2.12.1...### FreeType Notice..```.FreeType comes with two licenses from which you can choose the one.which fits your needs best... The FreeType License (FTL) is the most commonly used one. It is. a BSD-style license with a credit clause and thus compatible with. the GNU Public License (GPL) version 3, but not with the. GPL version 2... The GNU General Public License (GPL), version 2. Use it for all. projects which use the GPLv2 also, or which need a license. compatible to the GPLv2...```..### FreeType License.```. The FreeType Project LICENSE. ----------------------------.. 2006-Jan-27.. Copyright 1996-2002, 2006 by. David Turner, Robert Wilhelm, and Werner Lemberg....Introduction.============.. The FreeType Project is distributed in several archive packages;. some of them may contain, in addition to the FreeType font engine,. various

        C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\giflib.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):1288
        Entropy (8bit):5.243726093802808
        Encrypted:false
        SSDEEP:24:jXksrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4q/m3oqLF5/zwO8pn:7ksaJHlxE35QHOs5e/m3ogF5/rqn
        MD5:867001E2A577F88CFC856F45959502AA
        SHA1:109C11CEC13349212BA94B9F3EB7D0943229938E
        SHA-256:C8B99F33890887D27AD56FBA9EDD8EBBC668CFE0689168505A95613D1D4B32F8
        SHA-512:DAFAC31D75A7AB4DDD7666799A24ABF22C1583CA22554A738CC26A77BF927B20DDE52F12194670A5196BCE3A43BD58DE46944291727C8877FEE1FE4A38A1F1CA
        Malicious:false
        Preview:## GIFLIB v5.2.1..### GIFLIB License.```..The GIFLIB distribution is Copyright (c) 1997 Eric S. Raymond..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF C

        C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\harfbuzz.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Unicode text, UTF-8 text
        Category:dropped
        Size (bytes):2886
        Entropy (8bit):5.374433724190025
        Encrypted:false
        SSDEEP:48:3kF1J5JkTZLbvAfD+ZiOt9jPxsrN8IAgKxP/nHpz/C2tuiOnx9AjpF3e0:UFn5JkVLbvIDVOtU8Ia/pLv0i+m/e0
        MD5:F4FF45EDC44103995A71A10AAACA7196
        SHA1:43EE52E19CF9085CC51FFA0D6BC7752A0312233D
        SHA-256:D4F679F8DAA239DF24A4EA9AFDF207F02273A148610262ACEB16DE1B595BA923
        SHA-512:24BF9EA5DE18C7D12A4126E0B7AB9B2D4D918C86613BBC98415A67825783E48B3DC843DC865113EEDF2A9AFED2F793AB3ED7E4930B4167F96FFDE5EB323AA86A
        Malicious:false
        Preview:## Harfbuzz v4.4.1..### Harfbuzz License..https://github.com/harfbuzz/harfbuzz/blob/master/COPYING..<pre>..HarfBuzz is licensed under the so-called "Old MIT" license. Details follow..For parts of HarfBuzz that are licensed under different licenses see individual.files names COPYING in subdirectories where applicable...Copyright . 2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020 Google, Inc..Copyright . 2018,2019,2020 Ebrahim Byagowi.Copyright . 2019,2020 Facebook, Inc. .Copyright . 2012 Mozilla Foundation.Copyright . 2011 Codethink Limited.Copyright . 2008,2010 Nokia Corporation and/or its subsidiary(-ies).Copyright . 2009 Keith Stribley.Copyright . 2009 Martin Hosken and SIL International.Copyright . 2007 Chris Wilson.Copyright . 2006 Behdad Esfahbod.Copyright . 2005 David Turner.Copyright . 2004,2007,2008,2009,2010 Red Hat, Inc..Copyright . 1998-2004 David Turner and Werner Lemberg..For full copyright notices consult the individual files in the packag

        C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\jpeg.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):3475
        Entropy (8bit):4.758544977538361
        Encrypted:false
        SSDEEP:48:4Bu4P6N9yV51OOC+CfubwcdIFwJ2ERKCeSLNCANVgfkPGbhG2uVBWdybKjb9jMNJ:4Bu39yX84O6ZloAD2/sJjWdyejpsh
        MD5:DE0E5A6CFC652C81EE7B582AA004DAD5
        SHA1:FC3BED0E9B640DAAC5C5336BADEBB3A55E89DFD5
        SHA-256:580BE596216EE11E2554B24CE944973ACAEDE2EBF5FFBA34A6BD8CC441C05043
        SHA-512:1B78C0FE3AECAF1D4DA9D7C5D84CB15D7ACEBDECBF73B224CF72B9F84BC269A84B8366150A63A28485EE61D51595CFBFC5FBE6A175A9E277D5A41038C9E0828B
        Malicious:false
        Preview:## Independent JPEG Group: JPEG release 6b..### JPEG License..```.****************************************************************************..Copyright (C) 1991-1998, Thomas G. Lane...This software is the work of Tom Lane, Philip Gladstone, Jim Boucher,.Lee Crocker, Julian Minguillon, Luis Ortiz, George Phillips, Davide Rossi,.Guido Vollbeding, Ge' Weijers, and other members of the Independent JPEG.Group...IJG is not affiliated with the official ISO JPEG standards committee. ..The authors make NO WARRANTY or representation, either express or implied,.with respect to this software, its quality, accuracy, merchantability, or.fitness for a particular purpose. This software is provided "AS IS",.and you, its user, assume the entire risk as to its quality and accuracy...This software is copyright (C) 1991-1998, Thomas G. Lane..All Rights Reserved except as specified below...Permission is hereby granted to use, copy, modify, and distribute.this software (or portions thereof) for any purpos

        C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\lcms.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):1178
        Entropy (8bit):5.181163964818585
        Encrypted:false
        SSDEEP:24:jbCjeClHnDiJHLH0cPP3gt0Hw1hj9QH+sEJv48Ok4F+d1o36qjFv:/JMHnDiJbbvEP5QH+sfIte36AFv
        MD5:62D9F462B20B37C861F5BAD14DE59D6A
        SHA1:5B6D5635FB89E55B3B0B49C1A104984DA34E6263
        SHA-256:41F4D63E670D75F5936A895AAE919E226F5D50C54B5B09DB3BA4D7052A2C1554
        SHA-512:27C9737A0B2B2B1BC897A69745F1C47B763D041BEB17A949411B534738FEC6091FCD005F86482BC95564A9A0EF09D2F2E74356E28C44A843C305A641402B64BD
        Malicious:false
        Preview:## Little Color Management System (LCMS) v2.12..### LCMS License.<pre>..Little Color Management System.Copyright (c) 1998-2020 Marti Maria Saguer..Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the Software.is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO.THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OT

        C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\libpng.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):5398
        Entropy (8bit):4.817755042620107
        Encrypted:false
        SSDEEP:96:Ariz65bh6azhk9L3psog8Qy8+kiQUm+UMotRxg5WUbwsY+:JzuVlzhu3psX8aB9Mo3AWon
        MD5:011DB3AD8FCF04AD9F5789F9E980D4C6
        SHA1:FEC756F73A909490115E5863D98C36681A89351C
        SHA-256:F9E1A0E556F3309246D30C62EF159DE7E21DB39361176DEDA6FB57821C9872EC
        SHA-512:B7F543A1F888D37F212B2EA68711640FC99655B7E29FF7DF53E3DA710973C4B333E769230F2DAC711C4509A642A5123C192F318483B96010565F06D8CCE6A918
        Malicious:false
        Preview:## libpng v1.6.37..### libpng License.<pre>..COPYRIGHT NOTICE, DISCLAIMER, and LICENSE.=========================================..PNG Reference Library License version 2.---------------------------------------.. * Copyright (c) 1995-2019 The PNG Reference Library Authors.. * Copyright (c) 2018-2019 Cosmin Truta.. * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson.. * Copyright (c) 1996-1997 Andreas Dilger.. * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc...The software is supplied "as is", without warranty of any kind,.express or implied, including, without limitation, the warranties.of merchantability, fitness for a particular purpose, title, and.non-infringement. In no event shall the Copyright owners, or.anyone distributing the software, be liable for any damages or.other liability, whether in contract, tort or otherwise, arising.from, out of, or in connection with the software, or the use or.other dealings in the software, even if advised of the possibilit

        C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\mesa3d.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):5732
        Entropy (8bit):5.1453426112774965
        Encrypted:false
        SSDEEP:96:tqsVQHfoGKlxESLI1GXVsCGQHlzQUGP+0nWeHGT+weUGP+0nWeHGT+wI:pQHfh4hE1GX1GQH9pqnWeHGySqnWeHGK
        MD5:C7E0D19C8F4EFF11E97F0EB9AFD3F7F4
        SHA1:6A98EE2703132E181F37D162452F073FB64CED83
        SHA-256:63F4E6F75CAEBBCCB95D903FB43E46AC7111B3624D0A34F146B276D7D9E7B152
        SHA-512:9C4111728AB9472F0B160CB11CE1E4EBD75A83CFDDCA0B3CB87243D15AFC5A7FA34DC6006E6B92084648CBAD1426F70B405259F589CDEF758442643E1618DFF4
        Malicious:false
        Preview:## Mesa 3-D Graphics Library v21.0.3..### Mesa License..```.Copyright (C) 1999-2007 Brian Paul All Rights Reserved...Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN

        C:\Program Files (x86)\PWMinder\runtime\legal\java.logging\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.logging\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.logging\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.management\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.management\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.management\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.naming\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.naming\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.naming\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.prefs\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.prefs\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.prefs\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.rmi\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.rmi\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.rmi\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.scripting\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.scripting\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.scripting\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.security.jgss\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.security.jgss\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.security.jgss\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.security.sasl\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.security.sasl\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.security.sasl\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.sql\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.sql\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.sql\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.transaction.xa\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.transaction.xa\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.transaction.xa\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\bcel.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):11195
        Entropy (8bit):4.560484592386489
        Encrypted:false
        SSDEEP:192:KSEASdeYFPVRQUM9o1XDFMKdFSvJZN+0G04Hrc3Pv8KIHKxF9Nmu3Dzt1XkTYstb:GxNRrM21TiA+8VL+EKdXNt9xkTYE3L
        MD5:8BC98021A73FF0A9CDAD9DC5E84339BE
        SHA1:023EF9164BE63E1794FF97C2A81BA05509919641
        SHA-256:E8C2AA528A5A0531482DBFD23EC9290FCDB373AF67A04870E780BDF98CD6ADC2
        SHA-512:1AE0CDECB6D3D9847E3178B663B38DD396775CEDD5F5745A23192CF6AFFC7667090F56756FA6C36CC762D62B55D2DBFD659323A275DEEFCDCC9ADBA0BEC77044
        Malicious:false
        Preview:## Apache Commons Byte Code Engineering Library (BCEL) Version 6.5.0..### Apache Commons BCEL Notice.<pre>.. Apache Commons BCEL. Copyright 2004-2020 The Apache Software Foundation.. This product includes software developed at. The Apache Software Foundation (https://www.apache.org/)...</pre>..### Apache 2.0 License.<pre>.. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/..TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION..1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity

        C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\dom.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):3028
        Entropy (8bit):5.054060272622458
        Encrypted:false
        SSDEEP:48:O6WEebVkoFxqbvyY5rpErRz+ulK0ZSw1bQknlZFQ/:OFrxWfyrgulK7hklI
        MD5:8067C46049AC09BCFCB9E03C5BCD1107
        SHA1:CBDB9414E25DAFCCDFDC905EB75999E63B9D660B
        SHA-256:89C41F3CE50ACB96280B73D7A9C1710E96DBF6FC97D43CAB2B748DE93F9FE442
        SHA-512:64A6D580C977F3E3AC2B6F1F7D3C9B97D1014ED3597317E88930AB44414AE09366E29AFD99736B534AA4426CAF6333688AFF0BB57692FF9EB4538DDEA21CCF17
        Malicious:false
        Preview:## DOM Level 3 Core Specification v1.0..### W3C License.<pre>..W3C SOFTWARE NOTICE AND LICENSE..http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231..This work (and included software, documentation such as READMEs, or other.related items) is being provided by the copyright holders under the following.license. By obtaining, using and/or copying this work, you (the licensee).agree that you have read, understood, and will comply with the following terms.and conditions...Permission to copy, modify, and distribute this software and its.documentation, with or without modification, for any purpose and without fee.or royalty is hereby granted, provided that you include the following on ALL.copies of the software and documentation or portions thereof, including.modifications:.. 1.The full text of this NOTICE in a location viewable to users of the. redistributed or derivative work... 2.Any pre-existing intellectual property disclaimers, notices, or terms and. conditions. I

        C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\jcup.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):1158
        Entropy (8bit):4.456106924084925
        Encrypted:false
        SSDEEP:24:jj2pTTCb5r9q6kqyiuZLX2DjXkIMmgmlye4ihXSZX3AVmF0xA:GpTTIvteiupX2DNtgmlyF2Xi1F0xA
        MD5:4A1B6AEA2BCDF22E01B136A3FF3256D2
        SHA1:236F841023DFD6039A354D753E152B6CB4D25C05
        SHA-256:8FD4C6732C5C1D63261DC2E87E052F7DE7952CD265E387F8B6CAF5AB3BF8C594
        SHA-512:921CD8EDF856B981EC65EC909FF2901EB811C9FA437CA7986C53274C068F1C7673DD75871AD9251099569913C52BC5C3BC0C6A362F8FA751229B9E1294CF6D36
        Malicious:false
        Preview:## CUP Parser Generator for Java v 0.11b..### CUP Parser Generator License.<pre>..Copyright 1996-2015 by Scott Hudson, Frank Flannery, C. Scott Ananian, Michael Petter..Permission to use, copy, modify, and distribute this software and its.documentation for any purpose and without fee is hereby granted, provided.that the above copyright notice appear in all copies and that both.the copyright notice and this permission notice and warranty disclaimer.appear in supporting documentation, and that the names of the authors or.their employers not be used in advertising or publicity pertaining to.distribution of the software without specific, written prior permission...The authors and their employers disclaim all warranties with regard to.this software, including all implied warranties of merchantability and.fitness. In no event shall the authors or their employers be liable for.any special, indirect or consequential damages or any damages whatsoever.resulting from loss of use, data or profits,

        C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\xalan.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):13494
        Entropy (8bit):4.618562983474662
        Encrypted:false
        SSDEEP:384:BlvxNRrM21TiA+8VL+EKdXNt9xkTYE3c2S2G:BlvxPBTiA+8VLtqPPkXs2S2G
        MD5:B29A2D48A582BE602D54DA738C304350
        SHA1:24D8FEA1126ACFC1EE4F990FD761D138637E6147
        SHA-256:EA67226BE5CFE19C7E79725C2C24A16676323264D69F9747C528DE0B44541B03
        SHA-512:1B63BEEFADAA6AB21A54A68ABE901A38624453F7CC3BA6870E831DFB9C23990D19B67ADA316E72A06129CFCB49CCC495C2ED6B35CD565F05E4AD1DCEB87E8752
        Malicious:false
        Preview:## Apache Xalan v2.7.2..### Apache Xalan Notice.<pre>.. ======================================================================================. == NOTICE file corresponding to the section 4d of the Apache License, Version 2.0, ==. == in this case for the Apache Xalan distribution. ==. ======================================================================================.. This product includes software developed by. The Apache Software Foundation (http://www.apache.org/)... Specifically, we only include the XSLTC portion of the source from the Xalan distribution. . The Xalan project has two processors: an interpretive one (Xalan Interpretive) and a . compiled one (The XSLT Compiler (XSLTC)). We *only* use the XSLTC part of Xalan; We use. the source from the packages that are part of the XSLTC sources... Portions of this software was originally based on the following:.. - software copyright (c) 1999-2002, Lotus Development

        C:\Program Files (x86)\PWMinder\runtime\legal\java.xml\xerces.md

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):11852
        Entropy (8bit):4.611377085862739
        Encrypted:false
        SSDEEP:192:CNuXsEASdeYFPVRQUM9o1XDFMKdFSvJZN+0G04Hrc3Pv8KIHKxF9Nmu3Dzt1XkT/:Cg7xNRrM21TiA+8VL+EKdXNt9xkTYE3L
        MD5:5FEAC4B0A3606D75537B6B9D355E5D3D
        SHA1:D5A230002B75EA8F003984000F743A85EADCF7C9
        SHA-256:472224F99DE833F4F4C19F2F8A0317F22114E1C641F5D77FFA3A4280A1B80176
        SHA-512:D0B638C8EF8BAB5630FAAD0D65B24735B567F7BD413E82F3CA48166C681CF00E8E543AB26EF8C6148A00956EF80C68C06C4FC31632352B403B39C799ECE4DBC2
        Malicious:false
        Preview:## Apache Xerces v2.12.2..### Apache Xerces Notice.<pre>. =========================================================================. == NOTICE file corresponding to section 4(d) of the Apache License, ==. == Version 2.0, in this case for the Apache Xerces Java distribution. ==. =========================================================================. . Apache Xerces Java. Copyright 1999-2022 The Apache Software Foundation.. This product includes software developed at. The Apache Software Foundation (http://www.apache.org/)... Portions of this software were originally based on the following:. - software copyright (c) 1999, IBM Corporation., http://www.ibm.com.. - software copyright (c) 1999, Sun Microsystems., http://www.sun.com.. - voluntary contributions made by Paul Eng on behalf of the. Apache Software Foundation that were originally developed at iClick, Inc.,. software copyright (c) 1999..</pre>..### Apache 2.0 License.<pre>..

        C:\Program Files (x86)\PWMinder\runtime\legal\jdk.charsets\ADDITIONAL_LICENSE_INFO

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):49
        Entropy (8bit):4.433601620014652
        Encrypted:false
        SSDEEP:3:cD5PETXk3sxLwZm+64j:clPETMsxLwZWy
        MD5:19C9D1D2AAD61CE9CB8FB7F20EF1CA98
        SHA1:2DB86AB706D9B73FEEB51A904BE03B63BEE92BAF
        SHA-256:EBF9777BD307ED789CEABF282A9ACA168C391C7F48E15A60939352EFB3EA33F9
        SHA-512:7EC63B59D8F87A42689F544C2E8E7700DA5D8720B37B41216CBD1372C47B1BC3B892020F0DD3A44A05F2A7C07471FF484E4165427F1A9CAD0D2393840CD94E5B
        Malicious:false
        Preview:Please see ..\java.base\ADDITIONAL_LICENSE_INFO..

        C:\Program Files (x86)\PWMinder\runtime\legal\jdk.charsets\ASSEMBLY_EXCEPTION

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):44
        Entropy (8bit):4.507742914525315
        Encrypted:false
        SSDEEP:3:cD5PETXkGonu9X1En:clPETQnu4
        MD5:7CAF4CDBB99569DEB047C20F1AAD47C4
        SHA1:24E7497426D27FE3C17774242883CCBED8F54B4D
        SHA-256:B998CDA101E5A1EBCFB5FF9CDDD76ED43A2F2169676592D428B7C0D780665F2A
        SHA-512:A1435E6F1E4E9285476A0E7BC3B4F645BBAFB01B41798A2450390E16B18B242531F346373E01D568F6CC052932A3256E491A65E8B94B118069853F2B0C8CD619
        Malicious:false
        Preview:Please see ..\java.base\ASSEMBLY_EXCEPTION..

        C:\Program Files (x86)\PWMinder\runtime\legal\jdk.charsets\LICENSE

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):33
        Entropy (8bit):3.9801694078807643
        Encrypted:false
        SSDEEP:3:cD5PETXpZgov:clPET53v
        MD5:16989BAB922811E28B64AC30449A5D05
        SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
        SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
        SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
        Malicious:false
        Preview:Please see ..\java.base\LICENSE..

        C:\Program Files (x86)\PWMinder\runtime\lib\classlist

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with very long lines (522), with CRLF line terminators
        Category:dropped
        Size (bytes):74193
        Entropy (8bit):5.0821962907290725
        Encrypted:false
        SSDEEP:1536:nXnUxpW9couKyMl8anjTICcb+K+5KV2teYS/cU88Tll8slfa+U18rft8s1COzA5n:n3UxpRwyMl8sTteYS/5K
        MD5:074DB6FE4386E84FC7723E6F6693AA7E
        SHA1:8523C36DB3873C4F4999445FDAB0CF962766C7A7
        SHA-256:A2F77D68C6F6F73F1CBEEAD2E1293AB7C9C1AC1BF0E71D1EC4F49DD407677436
        SHA-512:DF37522355C07E51A009775A4CAB96555C68A953BC1446F9FEF117BAFAEE6C216C1C7667BE6E5ECA7FC63DB5712BB7F70CDED060E724A954AEE58944F7A10A2A
        Malicious:false
        Preview:# NOTE: Do not modify this file...#..# This file is generated via the -XX:DumpLoadedClassList=<class_list_file> option..# and is used at CDS archive dump time (see -Xshare:dump)...#..java/lang/Object..java/io/Serializable..java/lang/Comparable..java/lang/CharSequence..java/lang/constant/Constable..java/lang/constant/ConstantDesc..java/lang/String..java/lang/reflect/AnnotatedElement..java/lang/reflect/GenericDeclaration..java/lang/reflect/Type..java/lang/invoke/TypeDescriptor..java/lang/invoke/TypeDescriptor$OfField..java/lang/Class..java/lang/Cloneable..java/lang/ClassLoader..java/lang/System..java/lang/Throwable..java/lang/Error..java/lang/ThreadDeath..java/lang/Exception..java/lang/RuntimeException..java/lang/SecurityManager..java/security/ProtectionDomain..java/security/AccessControlContext..java/security/AccessController..java/security/SecureClassLoader..java/lang/ReflectiveOperationException..java/lang/ClassNotFoundException..java/lang/Record..java/lang/LinkageError..java/lang/NoC

        C:\Program Files (x86)\PWMinder\runtime\lib\fontconfig.bfc

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:raw G3 (Group 3) FAX
        Category:dropped
        Size (bytes):4630
        Entropy (8bit):4.437305910502734
        Encrypted:false
        SSDEEP:96:Pdbj5aublPBl7BWBBTiraXnaZziAaZH29sKG:P5j3pfuBTi2cz0Cs7
        MD5:0E25B41E6ACF99681EAF2E8B572F18D1
        SHA1:D6B4290DA768E050FE6C310366272F87E6C2B6D2
        SHA-256:968AC99BBAAF8A49A474C934E73AD58F88C6C7F2A363CB44771E0378444E36BA
        SHA-512:7C1E98BC6582AF9E9C58C13CDC4D257E441A6D48FD395A3601AD558EBD481257F138D6F0DCBFE12735EB6BEBEB7C8985B3D8AF633B545FA01D56738F56360C08
        Malicious:false
        Preview:...1.......8.h...........................F.G.<.H./.6...=.0.7.2.:.I.@.8.?.1.>.C.4.-.5.D.A.;.B.3.9.E.......................................................................................................!.".#.&.'.(.).+.,.-.#.&.'.(.).+.,.-........................................... ... ... ... .).+.).+... ... ... ... .........$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.$.........%.%.%.%.*.*.*.*.%.%.%.%.%.%.%.%.O.K.T.P.L.U.R.M.Q.S.J.N...........................................................................................!.".#.$.%.&.'.(.).*.+.+.+.+.+.m.l._.`.V.n.j.|.o.c.a.k.X.d.].p.r.s.{.b.Y.~.g.}.e.y.\.W.z.[...f.q.x.^.t.v.Z.u.h.i.w...............................................................................................................!..... ...........#.$.%.'.&.).".(.....................................................................................................................................................................$............./........... .................#.(.-.2.7.<.A.F.K.P.U.[

        C:\Program Files (x86)\PWMinder\runtime\lib\fontconfig.properties.src

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):12345
        Entropy (8bit):5.208754321730197
        Encrypted:false
        SSDEEP:192:GTh0C+e6a1nsNi8bTeOiO/Ywca9nB2RmhC3uB+Guo7Oj:GThBlnHIR9B2Rmh6UOj
        MD5:5A1F8A604694AF3E955C12190DE02F6C
        SHA1:5309AE6DD01DE0090131ECC469E965F286186FA3
        SHA-256:B44540473B97364E0F7A8A0002DD21D7A0717028FA1533F139BC98F40C91C0F0
        SHA-512:DB9D26A8418AC50E74E877B2FFCE8F4D702D109606893E5577FDF467BA80A0339AD12AAC50E175F6F9A9D872540E404682B05B1F22B26CB416708013CA237A07
        Malicious:false
        Preview:#.# .# Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor,

        C:\Program Files (x86)\PWMinder\runtime\lib\jawt.lib

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:current ar archive
        Category:dropped
        Size (bytes):1688
        Entropy (8bit):4.485740109859458
        Encrypted:false
        SSDEEP:24:hnuyRAuuyWb5/KZvRKw5y7u+yAOWuyRb5/Z+BqKOu8yR+/uGZXZK+u/b5/ew:yP5uvRKw5WjyAOS5AqKOLrXZK+Y5Z
        MD5:F7B571642C91DAB3B38A18C218D9A9B0
        SHA1:0F1D4084354F24AD7DCB0380E17BB384B83D0232
        SHA-256:DAAB95E09059402FA15590BD3E93A0C2E8AD4424C99CD178DC7B2DB3C525816A
        SHA-512:F857124F706CF0A539012FB23B4152EAAF465DCD20FB6BD95FD13010281F1F6212279FA394578171BA649374F26DB637A13A97D332E78A1B3B374074F29FF9B8
        Malicious:false
        Preview:!<arch>./ -1 0 132 `....................0...0__IMPORT_DESCRIPTOR_jawt.__NULL_IMPORT_DESCRIPTOR..jawt_NULL_THUNK_DATA._JAWT_GetAWT@8.__imp__JAWT_GetAWT@8./ -1 0 142 `.................0................._JAWT_GetAWT@8.__IMPORT_DESCRIPTOR_jawt.__NULL_IMPORT_DESCRIPTOR.__imp__JAWT_GetAWT@8..jawt_NULL_THUNK_DATA.jawt.dll/ -1 0 482 `.L...................debug$S........>...................@..B.idata$2............................@.0..idata$6............................@. ..............jawt.dll'....................u.Microsoft (R) LINK..................................................jawt.dll..@comp.id.u...........................idata$2@.......h..idata$6...........idata$4@.......h..idata$5@.......h.......................6.............L...__IMPORT_DESCRIPTOR_jawt.__NULL_IMPORT_DESCRIPTOR..jawt_NULL_THUNK_DATA.jawt.dll/ -1 0 247

        C:\Program Files (x86)\PWMinder\runtime\lib\jrt-fs.jar

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java archive data (JAR)
        Category:dropped
        Size (bytes):110514
        Entropy (8bit):7.9320815247110135
        Encrypted:false
        SSDEEP:3072:PWaAmLtu75wTTpUnsT0btH6RtzSwQ0JXheYlTjRZ:PWx8tK4pUFQvRQ0XfPRZ
        MD5:AB690C55339DCB2635AF2C41506CB4A7
        SHA1:048A1D1CBD8CDF92FA2CDCE2287E812A3FBE83B5
        SHA-256:77413EA8FD6B7A98AF176942D73AF86184B7BD14C557502CA0479EC35CA01CF2
        SHA-512:01432EE66B57B8F4BC6CC523B5B9A1BC7D6DCD61B90BF45C829998B0FACFD68EAD8B797D4025C7FF1417BAFCBCF84DAC4C16DB68D2181420F94DC8B025E43F4A
        Malicious:false
        Preview:PK........BfGU................META-INF/......PK..............PK........BfGU................META-INF/MANIFEST.MFm....0.D....]*.P."tW...b..>....$....Z.|...9GaU...+....a.3.4=J.))..E.s8.Q@..u..(.......q.W.u>...R#....N*.k4h)v..K. ...3...V......n..f..&.......(..t7.sX..%,..PK...Z".....4...PK........BfGU............6...META-INF/services/java.nio.file.spi.FileSystemProvider.J....+I-.K...**I+..**q..I..,.I..(./.LI-...PK....'.+...)...PK........AfGU............,...jdk/internal/jimage/BasicImageReader$1.class.TkO.A.=......,......X....@...k...a;.)...._i.H....G..l7R(1.&;wzz..s....?~.x.Wyd.5...~..Vc.~$..=.%wyS8.<...~..!Ty.!..2=.`.^i.=.x.o:.HI.Y..,...;......_.!.L\....!.3...V7[..../.y.l..n....%.Wp.....#..0....>....f*..z.j/d.:n..i..FO&J..K|...2.t..U7L..]..,.G.a.....~...X.b(U6.=..2......P.*.u..x.l......+...5%..'....F2........Yg.-..........P....\}.ro.+...`.....w.a..4.e..Q..t.D.iC....+..y.V..Y.b.R{.9.gJ..R......."....f...)..KP...;3y<..}.........0.!.V.^..*...~s...4Z:"K...

        C:\Program Files (x86)\PWMinder\runtime\lib\jvm.cfg

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):28
        Entropy (8bit):3.8518232255517657
        Encrypted:false
        SSDEEP:3:7CuR5y7IEy7n:TyO7
        MD5:19079CA57B561559ECA94490357EC716
        SHA1:AC99A24A23811CD1AE33A1462882D71E69AE18D0
        SHA-256:C19C19F487657B3E2C4B70865D05B2762B8707F8538AC6CC01C258B9E09D193F
        SHA-512:A24AE4D97810574D43FDA47A63ACF044A7C24ED288B5171E6AC2D13C4088CF42C4CCC6D14BE98BA4EDDF898E8841D72AB10CD507F336DE707498B2394B4EFC32
        Malicious:false
        Preview:-client KNOWN.-server KNOWN.

        C:\Program Files (x86)\PWMinder\runtime\lib\jvm.lib

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:current ar archive
        Category:dropped
        Size (bytes):952688
        Entropy (8bit):5.4644325598751236
        Encrypted:false
        SSDEEP:3072:I1TGPbAs2oO54fb+k+6FgD04PtqKy1mQk8FnMEXRGM1ucEKRYmQVHeTaRaD2ssvD:UTKbAsc5C+V04P5yskFnjw0EKRRQ9eTQ
        MD5:363BC85E269EB2624245F4D66604F431
        SHA1:A9A726645431DE0641941851BA24D830C12485B3
        SHA-256:583E59EEB2E1E450A99056B97F3CC395566559CBFF1FA11785E6F4A356761ABB
        SHA-512:B6D8333DE1B2FBD2E9F0899F2E51518DB19A48003712C25F720B5F0E91A4FE6498BAB4049A0846191A29CDE2228A51C8F0B4ADC0136670A9A4F47CF3CBAC8DFF
        Malicious:false
        Preview:!<arch>./ -1 0 263118 `....................................f...f...........0...0...................f...f..........1...1...V...V....................................................4...4...........F...F...........X...X...........l...l...........~...~...................................................*...*...........>...>...........B...B...........<...<...........L...L...........D...D...........B...B...........\...\.......... l.. l.. ... ...!|..!|.."..."..."..."...#...#...#...#...$>..$>..$...$...%\..%\..%...%...&l..&l..&...&...'x..'x..'...'...(|..(|..)...)...)...)...*...*...*...*...+$..+$..+...+...,>..,>..,...,...-f..-f..-...-.........../.../.../.../...0"..0"..0...0...1:..1:..1...1...2H..2H..2...2...3T..3T..3...3...4d..4d..4...4...5t..5t..6...6...6...6...7...7...7...7...8b..8b..9J..9J..9...9...:z..:z..;...;...;...;...< ..< ..<...<...=6..=6..=...=...>6..>6..>...>...?8..?8..?...?...@>..@>..@...@...AJ..AJ..A...A...BB..BB..B...B...C:..C:..C...C...D4

        C:\Program Files (x86)\PWMinder\runtime\lib\modules

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java module image (little endian), version 1.0
        Category:dropped
        Size (bytes):30932526
        Entropy (8bit):7.984707087312294
        Encrypted:false
        SSDEEP:786432:PlwpH+P65pBBTxSc4BJP8SDv5KGQDp6Vm4sFX:Plw8+/0J9R00mP
        MD5:3728B8768361E6DED985727498237BA3
        SHA1:0280C9B92A2A36D17EECE9B6AC9A38B6F4B2E4D4
        SHA-256:7BA025860F13EE2AEFA36F02253E228ED29CD7B7BC37F5BEFFE5A02B477415D0
        SHA-512:F8CFCB6821A755C6ACF8935025BA54753D2348D65CA6FC08DEF1899D2BB12FAE967F8109F6301C093BBD89DE610B463FED32A064B8E862B36F34B20D7B036C71
        Malicious:false
        Preview:............FD..FD..}...c.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.......q...p...n.......m...................................k...........j...b...a...^...\.......[.......Z...........................V.......Q...........................P...............N...K.......J.......H...G.......................D...<...........:.......9.......

        C:\Program Files (x86)\PWMinder\runtime\lib\psfont.properties.ja

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):3793
        Entropy (8bit):5.260880283220047
        Encrypted:false
        SSDEEP:48:R8grHIty/qHh+m2YPOWK89HoIbTUjbyuJdI2FylXLr96cpcnnI0adbEk+IqdouZ:yg8ThI1Y6CiPFylXLrMGyJU+B
        MD5:D4C735BF5756759A1C3BC8DE408629FC
        SHA1:67C15E05A398B4CE6409D530A058F7E1B2208C20
        SHA-256:5A4BD51B969BF187FF86D94F4A71FDFBFA602762975FA3C73D264B4575F7C78F
        SHA-512:8124B25DECFA64A65433FF2CE1F0F7BDF304ABE2997568ABC35264A705F07152AA993B543DA37C4132B4B1B606743C825C90A0EB17B268518D478F5CF0889062
        Malicious:false
        Preview:#.#.# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor, B

        C:\Program Files (x86)\PWMinder\runtime\lib\psfontj2d.properties

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):11390
        Entropy (8bit):5.012862319190609
        Encrypted:false
        SSDEEP:192:FTh7Pwn+Cyub3Ee4OECKDIcYOhAgZ50OKDQLT2IcpRuWRbHr9NRXUh/QTv9Ho39I:FThTxzubEFOEscAW5VKsCfHz8RPxGt
        MD5:17B15D370018ACC01550175882C7DA91
        SHA1:4EDD9E0FC3D30FBDCABCDCAAB3BC0B3157FC881E
        SHA-256:780C565D5AF3EE6F68B887B75C041CDF46A0592F67012F12EEB691283E92630A
        SHA-512:E4EE92D4598385CB2F6F3A4DB91DDABD7E615DC105ED26CDC5B5598D01C526CEA7726FF93F92A308350229F2E5A5DD64CC0C38865DD97666368A330B410D4892
        Malicious:false
        Preview:#.#.# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor, Boston,

        C:\Program Files (x86)\PWMinder\runtime\lib\security\blocked.certs

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):2527
        Entropy (8bit):4.141598882390435
        Encrypted:false
        SSDEEP:48:NjYQMQgcJrrDJOz74ZeKnZqUyYuj4G0o5xz4lCENa+qJe:NjYQbTwzkZeKnZqUfGxzWCEPqU
        MD5:8273F70416F494F7FA5B6C70A101E00E
        SHA1:AEAEBB14FBF146FBB0AAF347446C08766C86CA7F
        SHA-256:583500B76965EB54B03493372989AB4D3426F85462D1DB232C5AE6706A4D6C58
        SHA-512:E697A57D64ACE1F302300F83E875C2726407F8DAF7C1D38B07AB8B4B11299FD698582D825BEE817A1AF85A285F27877A9E603E48E01C72E482A04DC7AB12C8DA
        Malicious:false
        Preview:Algorithm=SHA-256..03DB9E5E79FE6117177F81C11595AF598CB176AF766290DBCEB2C318B32E39A2..08C396C006A21055D00826A5781A5CCFCE2C8D053AB3C197637A4A7A5BB9A650..14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD..1C5E6985ACC09221DBD1A4B7BBC6D3A8C3F8540D19F20763A9537FDD42B4FFE7..1F6BF8A3F2399AF7FD04516C2719C566CBAD51F412738F66D0457E1E6BDE6F2D..2A464E4113141352C7962FBD1706ED4B88533EF24D7BBA6CCC5D797FD202F1C4..31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133..3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66..3E11CF90719F6FB44D94EAC9A156B89BEBE7B8598F28EC58913F2BFCAF91D0C0..423279423B9FC8CB06F1BB7C3B247522B948D5F18939F378ECC901126DE40BFB..450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2..4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE..4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176..535D04DFCE027C70BD5F8A9E0AD4F218E9AFDCF5BBCF9B6DE0D81E148E2E3172..568FAF38D9F155F624838E2181B1CEB4D8459305EE652B0F810C97C36

        C:\Program Files (x86)\PWMinder\runtime\lib\security\cacerts

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Java KeyStore
        Category:dropped
        Size (bytes):181706
        Entropy (8bit):7.650429453911828
        Encrypted:false
        SSDEEP:3072:VfvFbl03J2pJAG0bpVV21F/PFlyy22pMmOILm/VhMTpCSBvwSB6c:dllkJ2pJYiNz22pMzILUVh+prKSB6c
        MD5:CE4C89FA551DDE7EE66D237E1E848164
        SHA1:CAEE30665A4E3F13A955A012A1FF68717766DF95
        SHA-256:D0D67AE4AA98810C6810893ECE1590B775C88818E723959FAA8224F13ADBF0E4
        SHA-512:F3D08A17F9805D0CCEC39B0E10E4E6223A00C471A69A9C2184F9B1F3A64C10F82205E49018D0243989B8603F9589EF1878E22AD75951FD16349233305DCD43C7
        Malicious:false
        Preview:..................securetrustca [jdk]....../p..X.509....0...0.............\....B...'.Y.0...*.H........0H1.0...U....US1 0...U....SecureTrust Corporation1.0...U....SecureTrust CA0...061107193118Z..291231194055Z0H1.0...U....US1 0...U....SecureTrust Corporation1.0...U....SecureTrust CA0.."0...*.H.............0..................O...x.X.A...@$.9.3f..b\...$[a....A..n......H......A>...).......m.g.W.........f%H...].....O.F..\..^..m.....o1BlR>h...4...V.&....o.....d.KD.....c.f.v.q..6.hzw..../.z.r..k.....Y?.r.D$..s...W/B&..t..R.K.S|G.6..f....4W.f....pT...(.Y...........0..0...+.....7.......C.A0...U........0...U.......0....0...U......B2......]Kz...L@.ZC.04..U...-0+0).'.%.#http://crl.securetrust.com/STCA.crl0...+.....7.......0...*.H.............0.OJ.X:Rr[...e...Q;w...\.Ee{..[.pP.....I.A..s.~.#!....`.Zr.......zo]......iB..q..&....j.q....|!T+.X..W).....&.......i.....+.64{$.xL....&..dR6_`g...t..g#.......0.7~..2.-.D00l....4...@.K.fF.T..2.c&0k...G...b...g.x)c.o....L...7...(

        C:\Program Files (x86)\PWMinder\runtime\lib\security\default.policy

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):10735
        Entropy (8bit):4.693655625183127
        Encrypted:false
        SSDEEP:96:ybf+/XEsL5edlozUlricAlqlnu96l0dh2IDjqKw1au1lgh29:S+jePozUricAlGu92wQLKw1auHgQ9
        MD5:A9BC877EB282751FA4832811BD5FD922
        SHA1:F2B41D0C2C4F708F4C8B4561FF4E42C3875D9903
        SHA-256:A06DB9C282547150E85E7A67590726F112BBDA9305371907C7082215B7D13B5C
        SHA-512:35A1BDF6B24BB5BA0ECB7585454F607E0AA5746DAE8921A49C9DA3644CC309EE21FF85DE34E0861E835E12B2EA4C0E501A1551F081F21D8493C884660C5862DF
        Malicious:false
        Preview://.// Permissions required by modules stored in a run-time image and loaded.// by the platform class loader..//.// NOTE that this file is not intended to be modified. If additional.// permissions need to be granted to the modules in this file, it is.// recommended that they be configured in a separate policy file or.// ${java.home}/conf/security/java.policy..//...grant codeBase "jrt:/java.compiler" {. permission java.security.AllPermission;.};...grant codeBase "jrt:/java.net.http" {. permission java.lang.RuntimePermission "accessClassInPackage.sun.net";. permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util";. permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www";. permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";. permission java.lang.RuntimePermission "modifyThread";. permission java.net.SocketPermission "*","connect,resolve";. permission java.net.URLPermission "http:*","*:*";. permissio

        C:\Program Files (x86)\PWMinder\runtime\lib\security\public_suffix_list.dat

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
        Category:dropped
        Size (bytes):234080
        Entropy (8bit):5.15519850214153
        Encrypted:false
        SSDEEP:3072:r6zDWCjlgMPGILneUughRQhCDBzmgO2Abhsf6YeUORCZ6OI0mGxzhjTBOjtC+scd:r6zDW+luc5nB2PYrHiw2K9U
        MD5:E7A714571A1F7C4E1D2F70B8F3052ADA
        SHA1:2B09124CADDF58EC734F4664264ED5666F7C1C64
        SHA-256:72E17C92D464BA1476FBCC7DAC6CBC493F6FB04F158895368B57D81DDBE277D1
        SHA-512:981250D4DA5FA5F86DAD4FAE8465FD8CE3CF36297A86ECE0FFDFB3963AC5F8E0A56C0AEAB518FACB7B51EC359665F6A0685F2C5443271E70AC8C31C9B1AA01D0
        Malicious:false
        Preview:PK..........!.................aaaUT.......cHLL....PK..|Yd.........PK..........!.................aarpUT.......cHL,*....PK..h.*:........PK..........!.................abarthUT.......cHLJ,*.....PK....9Q........PK..........!.................abbUT.......cHLJ....PK...H..........PK..........!.................abbottUT.......cHLJ./)....PK.....Z........PK..........!.................abbvieUT.......cHLJ*.L....PK..ht..........PK..........!.................abcUT.......cHLJ....PK..."U.........PK..........!.................ableUT.......cHL.I....PK.............PK..........!.................abogadoUT.......cHL.OOL.....PK..^|.T........PK..........!.................abudhabiUT.......cHL*M.HL.....PK..<...........PK..........!.................acUT.......cHL..bH....3RSJ!...2.#/......0......"0..PK...3..+...D...PK..........!.................academyUT.......cHLNLI...b.OK.L.L.....PK...k;.........PK..........!.................accentureUT.......cHLNN.+)-J....PK.............PK..........!.................accoun

        C:\Program Files (x86)\PWMinder\runtime\lib\tzdb.dat

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):102670
        Entropy (8bit):7.14801535155424
        Encrypted:false
        SSDEEP:1536:r0E28tdu/NSr8ILrZojh6xOK5jWLW/////rgUGL1mLTLMXjbF3Da26Myyh:r88Pu/NSrvrO85jWGgUhTLwm2Fh
        MD5:43181995F72430167FFC15B58CC56623
        SHA1:AFC3378A7667EB99E5528E7550A776FCC9F66D9D
        SHA-256:2743C0344131E00B73B2B47C1884F09F23B28B3ECD9135A460D0DD874F57BCD3
        SHA-512:85EE6DBF56FC04B91315AE1568FA5E3734A29C6641AB04E58EEFEA3D47F1D54C90F70CB4BE2C291EDEE9B3C2B5826D98BD858DC86D9972D70A2934322E2EADE4
        Malicious:false
        Preview:...TZDB....2022c.Z..Africa/Abidjan..Africa/Accra..Africa/Addis_Ababa..Africa/Algiers..Africa/Asmara..Africa/Asmera..Africa/Bamako..Africa/Bangui..Africa/Banjul..Africa/Bissau..Africa/Blantyre..Africa/Brazzaville..Africa/Bujumbura..Africa/Cairo..Africa/Casablanca..Africa/Ceuta..Africa/Conakry..Africa/Dakar..Africa/Dar_es_Salaam..Africa/Djibouti..Africa/Douala..Africa/El_Aaiun..Africa/Freetown..Africa/Gaborone..Africa/Harare..Africa/Johannesburg..Africa/Juba..Africa/Kampala..Africa/Khartoum..Africa/Kigali..Africa/Kinshasa..Africa/Lagos..Africa/Libreville..Africa/Lome..Africa/Luanda..Africa/Lubumbashi..Africa/Lusaka..Africa/Malabo..Africa/Maputo..Africa/Maseru..Africa/Mbabane..Africa/Mogadishu..Africa/Monrovia..Africa/Nairobi..Africa/Ndjamena..Africa/Niamey..Africa/Nouakchott..Africa/Ouagadougou..Africa/Porto-Novo..Africa/Sao_Tome..Africa/Timbuktu..Africa/Tripoli..Africa/Tunis..Africa/Windhoek..America/Adak..America/Anchorage..America/Anguilla..America/Antigua..America/Araguaina..America/

        C:\Program Files (x86)\PWMinder\runtime\lib\tzmappings

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):22143
        Entropy (8bit):4.978142372450471
        Encrypted:false
        SSDEEP:192:3nqW46ARn1+RQ7wbNQQSaapvQZglEcCDqvOCJqGiF3yzA6bb/KOFmYXKhJmBW:3nqW46ARnGQqN2KhcQ+q5a3W
        MD5:B02EE240A8DB902961FE886A19BEBA16
        SHA1:C52C42D591F4C650B629E6B374E967E211FB5AEB
        SHA-256:36DC51C4BF787F640A4B45CBB84AB6954F6E595CBD3617C2F5A4E1E607B38BFF
        SHA-512:024811961511B7182860ED03A5670F82412A45D005A1DB0876F6B0C9AF7E96C104566ABFF0EBBDED11A780349444214291F439039D20FB92071C7DD24BDA0E23
        Malicious:false
        Preview:AUS Central Standard Time:AU:Australia/Darwin:..AUS Central Standard Time:001:Australia/Darwin:..AUS Eastern Standard Time:AU:Australia/Sydney:..AUS Eastern Standard Time:001:Australia/Sydney:..Afghanistan Standard Time:AF:Asia/Kabul:..Afghanistan Standard Time:001:Asia/Kabul:..Alaskan Standard Time:US:America/Anchorage:..Alaskan Standard Time:001:America/Anchorage:..Aleutian Standard Time:US:America/Adak:..Aleutian Standard Time:001:America/Adak:..Altai Standard Time:RU:Asia/Barnaul:..Altai Standard Time:001:Asia/Barnaul:..Arab Standard Time:BH:Asia/Bahrain:..Arab Standard Time:KW:Asia/Kuwait:..Arab Standard Time:QA:Asia/Qatar:..Arab Standard Time:SA:Asia/Riyadh:..Arab Standard Time:YE:Asia/Aden:..Arab Standard Time:001:Asia/Riyadh:..Arabian Standard Time:AE:Asia/Dubai:..Arabian Standard Time:OM:Asia/Muscat:..Arabian Standard Time:ZZ:Etc/GMT-4:..Arabian Standard Time:001:Asia/Dubai:..Arabic Standard Time:IQ:Asia/Baghdad:..Arabic Standard Time:001:Asia/Baghdad:..Argentina Standard Time

        C:\Program Files (x86)\PWMinder\runtime\release

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):254
        Entropy (8bit):4.6903972928708235
        Encrypted:false
        SSDEEP:6:Gq2j5QjJ0K8j2FHoBM28bZcNNP64rLzxBhWS:GPNci62j9AS
        MD5:2C558893872E1FD4B5DFAAD5F8232052
        SHA1:122C349D9C414D564031D2FF9D25C65A29BFA459
        SHA-256:AA40CEBB4AA9BFE9FD9B2708CC901D970BF5F598A3C27C3F21B38D771BF867E5
        SHA-512:39E1B7426520CF8D93E2D64FC69F2DB519B77683DA8B1758C9F35421800A4ACD94D6F0E9A518A7C393F04134CF7C6DA7FBA7CEC45F1E85C8FACCE8A50A6A875F
        Malicious:false
        Preview:JAVA_VERSION="17.0.5"..MODULES="java.base java.compiler java.datatransfer java.xml java.prefs java.desktop java.logging java.management java.security.sasl java.naming java.rmi java.scripting java.security.jgss java.transaction.xa java.sql jdk.charsets"..

        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PWMinder Desktop\PWMinder.lnk

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Nov 17 22:20:38 2022, mtime=Thu Nov 24 07:44:34 2022, atime=Thu Nov 17 22:20:38 2022, length=534896, window=hide
        Category:dropped
        Size (bytes):1962
        Entropy (8bit):3.649475184354624
        Encrypted:false
        SSDEEP:24:8IJ+4dOE4FWw4pqAfGWdEdBdE++MltgXQSp+064WltgXHUUh6yfm:8IJ+4dO13UZfHdIdN5lygSp+0lWlyES
        MD5:2BE9CA5C367D0CB6826CE5458EA949D3
        SHA1:EF5431DFB3720B18919BDE5E383DE600A15A0BF0
        SHA-256:8D1E37C9B6C4F291BD2D49CD6BC6554F028FA65827140130081BDCBF0190FE97
        SHA-512:595F4E34CDE6CB3D690C14708AF6887B5F9FFB7CB4E7850ADD46A49A72CEB6612984CD036EE0D7A4F398B8AC8C04802E7F5D083D5404C7D760B84A9F441A66B2
        Malicious:false
        Preview:L..................F.@.. ....g.3.............g.3....p)...........................P.O. .:i.....+00.../C:\.....................1.....xU.E..PROGRA~2.........L.xU.E....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....Z.1.....xU.E..PWMinder..B......xU.ExU.E..........................Wk,.P.W.M.i.n.d.e.r.....f.2.p)..qU.. .PWMinder.exe..J......qU..xU.E....L.........................P.W.M.i.n.d.e.r...e.x.e.......[...............-.......Z............\.$.....C:\Program Files (x86)\PWMinder\PWMinder.exe..;.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.W.M.i.n.d.e.r.\.P.W.M.i.n.d.e.r...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.W.M.i.n.d.e.r.\.J.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.0.5.7.B.D.8.6.F.-.5.4.F.3.-.3.4.3.C.-.A.D.7.C.-.A.5.4.9.1.C.1.B.F.5.9.1.}.\.i.c.o.n._.6.7.3.5.8.3.8.4.2.........%SystemRoot%\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\icon_673583842....................

        C:\Users\Public\Desktop\PWMinder.lnk

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Nov 17 22:20:38 2022, mtime=Thu Nov 24 07:44:34 2022, atime=Thu Nov 17 22:20:38 2022, length=534896, window=hide
        Category:dropped
        Size (bytes):1944
        Entropy (8bit):3.646959784565047
        Encrypted:false
        SSDEEP:24:8IJ+4dOE4FWw4pqAfKdEdBdE++MltgXQSp+064WltgXHUUh6yfm:8IJ+4dO13UZfKdIdN5lygSp+0lWlyES
        MD5:6EB1E6B6DC0507E3BFBE56238C38EEB8
        SHA1:9DEE6A9DC7EAC8E76FD50B5CDE7EC6F60BF8C152
        SHA-256:76E09440439D080A17B065B33054645A6BF3DEC8842CB3C40EF98A4929CD7884
        SHA-512:39A4D9AF4A64573901A55785E33C1F4C12841F860A900EA5963FD6102A3B22DBFCDE6C4023321281AD0EA4A7B65BE8E6DF138C8747F096558D953AB52653A9EE
        Malicious:false
        Preview:L..................F.@.. ....g.3.............g.3....p)...........................P.O. .:i.....+00.../C:\.....................1.....xU.E..PROGRA~2.........L.xU.E....................V........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....Z.1.....xU.E..PWMinder..B......xU.ExU.E..........................Wk,.P.W.M.i.n.d.e.r.....f.2.p)..qU.. .PWMinder.exe..J......qU..xU.E....L.........................P.W.M.i.n.d.e.r...e.x.e.......[...............-.......Z............\.$.....C:\Program Files (x86)\PWMinder\PWMinder.exe..2.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.W.M.i.n.d.e.r.\.P.W.M.i.n.d.e.r...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.P.W.M.i.n.d.e.r.\.J.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.0.5.7.B.D.8.6.F.-.5.4.F.3.-.3.4.3.C.-.A.D.7.C.-.A.5.4.9.1.C.1.B.F.5.9.1.}.\.i.c.o.n._.6.7.3.5.8.3.8.4.2.........%SystemRoot%\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\icon_673583842......................................

        C:\Users\user\AppData\Local\Temp\MSIBC68.tmp

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):116144
        Entropy (8bit):6.633672738599962
        Encrypted:false
        SSDEEP:1536:YImZwomOndvrhsgz56GoiFmntw1ebC0fsWk0FlcdOJKJpPpxyNokVbY4:jewOdvregz5L/mxb7FUOsrPpxyN7/
        MD5:4FDD16752561CF585FED1506914D73E0
        SHA1:F00023B9AE3C8CE5B7BB92F25011EAEBE6F9D424
        SHA-256:AECD2D2FE766F6D439ACC2BBF1346930ECC535012CF5AD7B3273D2875237B7E7
        SHA-512:3695E7EB1E35EC959243A91AB5B4454EB59AEEF0F2699AA5DE8E03DE8FBB89F756A89130526DA5C08815408CB700284A17936522AD2CAD594C3E6E9D18A3F600
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z.b...1...1...1/.^1...1/.\1...1/.]1...1.s.0...1.s.0...1.s.0...1.c<1...1...1^..1.r.0...1.r.0...1.rP1...1..81...1.r.0...1Rich...1........................PE..L....p.]...........!.................4....... ......................................Y.....@.........................p...\..............x...............................T...........................8...@............ ..(............................text...k........................... ..`.rdata...w... ...x..................@..@.data...<"..........................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\MSIC0BF.tmp

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):82432
        Entropy (8bit):6.2349963164097515
        Encrypted:false
        SSDEEP:1536:6ttfyJg++7uc64IAld7pk4Lzf540Tatr1NoNsWTKPcdFE2jOFB5Sbk:mtfyJg+r4IAld7nzfSizfFE4OFPSbk
        MD5:EBCEAC311F924A90A996B543538F1861
        SHA1:96DAD8F8705EEF6DF52E9387F1AA6E8ED3DED10A
        SHA-256:9980ED314E2F2331CAA454FEF0B500690074113E07AB3EEE415AE0ED18FAF1AC
        SHA-512:9A3B14D692C38CEC4E5A3FCFECF5DE9C5844B8A53653A2E19A29166113246F66DA35E5ADCC2FD31CF1F2A763990A5F56D23A45066DE8147F3CE29FBEA61130BA
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P......F...F...F..G...F..G...F..G...FF.G6..FF.G...FF.G...F..G...F...F@..F..G...F..G...F..mF...F..G...FRich...F........................PE..L....K............!......................................................................@.........................`)..P....)..P....`.......................p..........p...........................`...@............... ............................text.............................. ..`.rdata..&`.......b..................@..@.data...8....@.......$..............@....rsrc........`......................@..@.reloc.......p.......2..............@..B........................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\63e8f7.msi

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PWMinder, Author: Ewert Technologies, Keywords: Installer, Comments: This installer database contains the logic and data required to install PWMinder., Template: x64;1033, Revision Number: {5EB4ACF9-60F1-4E53-B837-23C8A24DDA3A}, Create Time/Date: Thu Nov 17 23:20:42 2022, Last Saved Time/Date: Thu Nov 17 23:20:42 2022, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
        Category:dropped
        Size (bytes):73277440
        Entropy (8bit):7.996112634596576
        Encrypted:true
        SSDEEP:1572864:ofTOkJfGtvX2NxgCl6DSgDRljHMStTHXmkK6Nhb/68E:ofaOGtvCPwZRlDMmTHXXZ/6f
        MD5:9661EC2A8A20C92F691E50CD91750A1D
        SHA1:092EE11B9C2805F808E0A072C5DB1CCED5648418
        SHA-256:D621D35135FE84D33A85DA02B68DD2E327CD01D6185B0CDDDA98042259C2DA0C
        SHA-512:93C604FAC599AF1938458F334BE4B47901F48A573762216B496D1FC5FADA7740F69C6532D0BA16A96D4E4106E2E9BDB34183F2F8C8E682DE0D84D9507134DCE8
        Malicious:false
        Preview:......................>.................................................................................... ...$...(...,...0...4...8...<...@...D......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\63e8f9.msi

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PWMinder, Author: Ewert Technologies, Keywords: Installer, Comments: This installer database contains the logic and data required to install PWMinder., Template: x64;1033, Revision Number: {5EB4ACF9-60F1-4E53-B837-23C8A24DDA3A}, Create Time/Date: Thu Nov 17 23:20:42 2022, Last Saved Time/Date: Thu Nov 17 23:20:42 2022, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
        Category:dropped
        Size (bytes):73277440
        Entropy (8bit):7.996112634596576
        Encrypted:true
        SSDEEP:1572864:ofTOkJfGtvX2NxgCl6DSgDRljHMStTHXmkK6Nhb/68E:ofaOGtvCPwZRlDMmTHXXZ/6f
        MD5:9661EC2A8A20C92F691E50CD91750A1D
        SHA1:092EE11B9C2805F808E0A072C5DB1CCED5648418
        SHA-256:D621D35135FE84D33A85DA02B68DD2E327CD01D6185B0CDDDA98042259C2DA0C
        SHA-512:93C604FAC599AF1938458F334BE4B47901F48A573762216B496D1FC5FADA7740F69C6532D0BA16A96D4E4106E2E9BDB34183F2F8C8E682DE0D84D9507134DCE8
        Malicious:false
        Preview:......................>.................................................................................... ...$...(...,...0...4...8...<...@...D......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\MSI8A5.tmp

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):824536
        Entropy (8bit):6.17846982859134
        Encrypted:false
        SSDEEP:12288:IlHbspWziAfsZDq+UfEs2xq2wxBkEs2RL:IlHbBziedxD2xq2wxBkD2RL
        MD5:7F0581272F1FBAE71F6299131769D19E
        SHA1:5AE797C6DE588170B20D92E786F5E2DCFD263AB1
        SHA-256:1C2AF7449A430837B7C5F43D73147FB50320B24FA9404A427B87F4679323A5DB
        SHA-512:760C6FA3BACC2D7C6038ABC7258CA7C5BCE1822D3A7C629444C83ABFE94DC72D5B61E0534BF646DA657A0B9CDE274D7AFF98F436910D3D29E78C4E0C1EA700B3
        Malicious:false
        Preview:...@IXOS.@.....@..xU.@.....@.....@.....@.....@.....@......&.{057BD86F-54F3-343C-AD7C-A5491C1BF591}..PWMinder..PWMinderInstaller-3.3.1.1.msi.@.....@.....@.....@......JpARPPRODUCTICON..&.{5EB4ACF9-60F1-4E53-B837-23C8A24DDA3A}.....@.....@.....@.....@.......@.....@.....@.......@......PWMinder......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{F2C5738A-0188-329A-96D3-4D099A819786}:.02:\Software\Ewert Technologies\PWMinder\3.3.1\ProductCode.@.......@.....@.....@......&.{22B8464C-9858-34F2-B091-289D8ED6C2DA}:.01:\Software\Ewert Technologies\PWMinder\3.3.1\ProductCode.@.......@.....@.....@......&.{DF844933-25D0-331C-9ECF-75E7149EBA38}...@.......@.....@.....@......&.{E3E0FA64-2A7F-318D-B4E6-75275DA8A5C3}F.C:\Program Files (x86)\PWMinder\runtime\legal\java.desktop\freetype.md.@.......@.....@.....@......&.{E59A3803-A0DD-34B5-A320-916FEF733F8A}B.C:\Program Files

        C:\Windows\Installer\MSIFF0F.tmp

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):216496
        Entropy (8bit):6.646208142644182
        Encrypted:false
        SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
        MD5:A3AE5D86ECF38DB9427359EA37A5F646
        SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
        SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
        SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
        Malicious:false
        Antivirus:
        • Antivirus: ReversingLabs, Detection: 0%
        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

        C:\Windows\Installer\SourceHash{057BD86F-54F3-343C-AD7C-A5491C1BF591}

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):20480
        Entropy (8bit):1.171664825709552
        Encrypted:false
        SSDEEP:12:JSbX72Fj7aiAGiLIlHVRpIh/7777777777777777777777777vDHFW7Nzi2I6Xf9:JAiQI5wYg8sF
        MD5:3F7CE14CA1A225809B3AF39DB01438E6
        SHA1:AC70579BFA95ED5C018660BE4ED4DB754530D436
        SHA-256:8B681FA7449554FD8E9DB5886F0DC7BFF4FE16BC632405583B8A07F802378319
        SHA-512:3966E383F7C1BA114FA21F1E4F6638D3FFA31A155E3A89D6D9F99C08CFC3B193CB375E40C78A29FCE0A17E1151CA12C51505196868EE75E4A09FCFF4C66068DF
        Malicious:false
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\inprogressinstallinfo.ipi

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):20480
        Entropy (8bit):1.6616839593278527
        Encrypted:false
        SSDEEP:48:zo8Ph9PuRc06WXJUFT5tp655LCydu6AdxmLRgR8RfS5uyP9Ld7SIT7Ny:z3hd1XFTl655G/5u+n5
        MD5:101ED935DFBF053EA698E6BE5B8EF8F0
        SHA1:4DA1F95085B8EB75D88EF1C488DEAB0CBDA3EF43
        SHA-256:B1BD5C3F9D73E8FBFA4C69B6CB1108C4D2831445464B8DE86AFD9027FBB44E47
        SHA-512:5C17570C63603C7E4466E48C704225D7FB82445AF519C8078805A355CB674EFB18B879A1B8718AB23AD9628920C91A34FD8766CBD40714DB89B5F6D75941A0E1
        Malicious:false
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\JpARPPRODUCTICON

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
        Category:dropped
        Size (bytes):534896
        Entropy (8bit):6.272752879884908
        Encrypted:false
        SSDEEP:6144:bLxjgQWziAfsZqCNzuGzFU8SmfAOCA2Hk8GGGwhECKu2xq2wxmm:npWziAfsZDq+UfEs2xq2wxB
        MD5:70A3C9C307218D28ADA05803643C2B10
        SHA1:A105753F73D5068DC6416E533AB2E51BF23A2060
        SHA-256:1499B9DCD5B223A2BFEE521FC9FDC4C440E60286C54AC631D3DA9575CD787932
        SHA-512:038184A2650C1935374D6C67F742CC625E77AFA8ED19A83EAAA114C2CA5AC248B4A6ECF5FD757D770775E9F52283FFBA5C0D1D5CD2E9A2E9C8F49E4B19934ADD
        Malicious:false
        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........'@.t@.t@.t...uO.t...u..t...uV.t...uM.t@.t..t...uQ.t...uT.t...u..t...uA.t...uS.t...uA.t..gtA.t...uA.tRich@.t........PE..L.....?..................j...........L............@..........................0......I.....@.............................`......P.......`...............p).......-...T..p...........................`U..@............................................text....h.......j.................. ..`.rdata...+.......,...n..............@..@.data....&..........................@....rsrc...`........ ..................@..@.reloc...-..........................@..B................................................................................................................................................................................................................................................................................................

        C:\Windows\Installer\{057BD86F-54F3-343C-AD7C-A5491C1BF591}\icon_673583842

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:MS Windows icon resource - 10 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
        Category:dropped
        Size (bytes):200735
        Entropy (8bit):5.216368656784317
        Encrypted:false
        SSDEEP:1536:+Rmdp8eEtQgEwpLGGG4EU4RMr6XzKE6kERRTEZIASLNT0+9NKZfj:+R8eBqAGGGDULlE6PRRwZuYZb
        MD5:2F6FC0D077719768CBF4E665E87B2AAD
        SHA1:C0147734DEFD436D780DCB0CEA0B72B291D671A8
        SHA-256:4C6F8D73849A354FDB1D89FD93BDF83C7EE5DA2605CCE4AF3849DE1C9C8D5E3C
        SHA-512:20D3E2F532C2F88401B2A05CF624F49561F51CA1E7612906C592D06E3D67A22C021C020DFF37D37FD0DCD85A369CA73C66FF3994BD24483A997779C24F712CDC
        Malicious:false
        Preview:............ .Ip............ .(....p..00.... ..%...y.. .... ............... .h...g...........pg.............(...?...00..........g... ......................h........PNG........IHDR.............\r.f....sRGB.........gAMA......a.....pHYs..........o.d..o.IDATx..].xTU.~g&..B.$$$.....b....e.(`A. 6l.. *......6zG....i.g....wKr....;....<.a.{..9.{.....n..n..fp...m.]......|...^..6P....8Ok}....].....5j.F:U.{.....m....O.>o.m..w.m......3g.4e.E..&..._~.e.u.].]UU...n.........N....m.e.\s.5.....sgS{.}'...t[.t..k....n...../<A.E..p...b.qW_}..*++}.w....^zi...3...4....%.....}L&|4z4...`.8..a.G.....S7.<g...o..:......V.....R..z........i.^u.l7.8l.V..s.W...~..|2n..EG..F....h.=uuM....-G".L.....M.:u..N...f.P....+**.....bxL....5.Y.#.^...3.l..N.x..._......r..Ym.5.......M...+......g}'g...V..vV.H .......2y...;.&..z..$..V.?..W_.Q.:...6...G...J.n......]R.jm.E.M.4i....M..UW].Syy....?..z...Y;.%....>.ywSm.....x....H.m7....u.F\~..?...d..7.Q]...v=..A..CS.gy-$"..H..!. ..V..H

        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
        Category:dropped
        Size (bytes):81287
        Entropy (8bit):5.298812919313274
        Encrypted:false
        SSDEEP:192:XL/vcrZZDZo/ZrXczaIcO/gcMH5elWSL+:XDvsDZGrkaIcO/Y5Xu+
        MD5:D2283A70FB038F354E9D7F5E3C123132
        SHA1:BAB3920010AB407E142DE26190E8CA4115B831A2
        SHA-256:5C82A2AC0076DA0809164283F9BA1467F573DDD8DCEFC5379751B2B402315F31
        SHA-512:A231D2203FE6A75A09A491FD1F9388FF10EF269361FF10997D63970383F24F758A965B8A4A68C493C5998B6C078F4F958C43934A5CD483B4848F818CE58EB480
        Malicious:false
        Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..07/23/2020 10:38:04.497 [4552]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 10:38:04.513 [4552]: ngen returning 0x00000000..07/23/2020 10:38:04.559 [4480]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 10:38:04.559 [4480]: ngen returning 0x00000000..07/23/2020 10:38:04.622 [4256]: Command line: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A /queue:3 /NoDependencies ..07/23/2020 10:38:04.622 [

        C:\Windows\Temp\~DF28F7E6DEE047302F.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):20480
        Entropy (8bit):1.6616839593278527
        Encrypted:false
        SSDEEP:48:zo8Ph9PuRc06WXJUFT5tp655LCydu6AdxmLRgR8RfS5uyP9Ld7SIT7Ny:z3hd1XFTl655G/5u+n5
        MD5:101ED935DFBF053EA698E6BE5B8EF8F0
        SHA1:4DA1F95085B8EB75D88EF1C488DEAB0CBDA3EF43
        SHA-256:B1BD5C3F9D73E8FBFA4C69B6CB1108C4D2831445464B8DE86AFD9027FBB44E47
        SHA-512:5C17570C63603C7E4466E48C704225D7FB82445AF519C8078805A355CB674EFB18B879A1B8718AB23AD9628920C91A34FD8766CBD40714DB89B5F6D75941A0E1
        Malicious:false
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DF2A89C155115B02D9.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):32768
        Entropy (8bit):1.3222895069599507
        Encrypted:false
        SSDEEP:48:qFulPucPveFXJJT50tp655LCydu6AdxmLRgR8RfS5uyP9Ld7SIT7Ny:qQlcxTO7655G/5u+n5
        MD5:1A2856803376CDF7C5B78CE35E29D466
        SHA1:576235A089E03B861EAA26A1D04965285BC4C617
        SHA-256:F6B1855DE10CCD7F7C5227E14A04EDC754E928A1EB7370A9BD6ED2B22362E8A4
        SHA-512:830D19E97D142696603E6BC462F312D930FEC3832FEF1F88653E30D60DFAA807B519532E775B2925711A215F8C786C93ABD8D0C3C2DBF22A943C28E83468D0B1
        Malicious:false
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DF34985F8AFC66B7A4.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):32768
        Entropy (8bit):1.3222895069599507
        Encrypted:false
        SSDEEP:48:qFulPucPveFXJJT50tp655LCydu6AdxmLRgR8RfS5uyP9Ld7SIT7Ny:qQlcxTO7655G/5u+n5
        MD5:1A2856803376CDF7C5B78CE35E29D466
        SHA1:576235A089E03B861EAA26A1D04965285BC4C617
        SHA-256:F6B1855DE10CCD7F7C5227E14A04EDC754E928A1EB7370A9BD6ED2B22362E8A4
        SHA-512:830D19E97D142696603E6BC462F312D930FEC3832FEF1F88653E30D60DFAA807B519532E775B2925711A215F8C786C93ABD8D0C3C2DBF22A943C28E83468D0B1
        Malicious:false
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DF58C16B7FCFAF7460.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):69632
        Entropy (8bit):0.1821682695626897
        Encrypted:false
        SSDEEP:48:cyl/Twd7SFdu6AdxmLRgR8RfS5uyP9aQV55Fe:clD5u+0w55F
        MD5:EB5850D41927ABBD6531592F125A6E49
        SHA1:7997C018B03DD7580726372324121F94E9A89C2C
        SHA-256:98C33D5B0D58F533B8A7FDDC9545FCE0C3AFAB479E40959BE33CAEF05602E896
        SHA-512:13B685A013855B6D5D77444E7215EAA85C855F1EB451CB3984B6A3DB862F23AFC7F64ADE3C4CB4E4A4F572CB44139FD9C49AE4554A47B561DD64F3AA50259B5C
        Malicious:false
        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DF6556553E66C7A1C1.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):512
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:3::
        MD5:BF619EAC0CDF3F68D496EA9344137E8B
        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
        Malicious:false
        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DF7F4DF1C345E8CF05.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):32768
        Entropy (8bit):0.07752544096763316
        Encrypted:false
        SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOW7NzY44C1yRsEgXfhSYtiVky6l51:2F0i8n0itFzDHFW7Nzi2I6XfhSyr
        MD5:023AC50C189EDAAB89CF1FC3A256F94A
        SHA1:90838532D5018EB4EFD8E84512F2727E1A7CB1C3
        SHA-256:F704C5A8137DE811A371E70C143418823865E39A5E3AF5C509C8CDD235C49A3A
        SHA-512:E763E3723B07247AB3CB7766C51A88BF45A30BA767F8CC5C6B1B3B28F70913B032232731BE3906E99905EC9EA018982966350F29FB8A9C51F077FBED0104842B
        Malicious:false
        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DF8EFB97866247E032.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):512
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:3::
        MD5:BF619EAC0CDF3F68D496EA9344137E8B
        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
        Malicious:false
        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DFAAF16D10D65F39CB.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):512
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:3::
        MD5:BF619EAC0CDF3F68D496EA9344137E8B
        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
        Malicious:false
        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DFABF413ACF4896DE8.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):512
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:3::
        MD5:BF619EAC0CDF3F68D496EA9344137E8B
        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
        Malicious:false
        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DFD15E0C16046F46DA.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:data
        Category:dropped
        Size (bytes):512
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:3::
        MD5:BF619EAC0CDF3F68D496EA9344137E8B
        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
        Malicious:false
        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DFE6A8E4977D0DABB3.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):20480
        Entropy (8bit):1.6616839593278527
        Encrypted:false
        SSDEEP:48:zo8Ph9PuRc06WXJUFT5tp655LCydu6AdxmLRgR8RfS5uyP9Ld7SIT7Ny:z3hd1XFTl655G/5u+n5
        MD5:101ED935DFBF053EA698E6BE5B8EF8F0
        SHA1:4DA1F95085B8EB75D88EF1C488DEAB0CBDA3EF43
        SHA-256:B1BD5C3F9D73E8FBFA4C69B6CB1108C4D2831445464B8DE86AFD9027FBB44E47
        SHA-512:5C17570C63603C7E4466E48C704225D7FB82445AF519C8078805A355CB674EFB18B879A1B8718AB23AD9628920C91A34FD8766CBD40714DB89B5F6D75941A0E1
        Malicious:false
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Windows\Temp\~DFF038ED5C56C93A0D.TMP

        Download File
        Process:C:\Windows\System32\msiexec.exe
        File Type:Composite Document File V2 Document, Cannot read section info
        Category:dropped
        Size (bytes):32768
        Entropy (8bit):1.3222895069599507
        Encrypted:false
        SSDEEP:48:qFulPucPveFXJJT50tp655LCydu6AdxmLRgR8RfS5uyP9Ld7SIT7Ny:qQlcxTO7655G/5u+n5
        MD5:1A2856803376CDF7C5B78CE35E29D466
        SHA1:576235A089E03B861EAA26A1D04965285BC4C617
        SHA-256:F6B1855DE10CCD7F7C5227E14A04EDC754E928A1EB7370A9BD6ED2B22362E8A4
        SHA-512:830D19E97D142696603E6BC462F312D930FEC3832FEF1F88653E30D60DFAA807B519532E775B2925711A215F8C786C93ABD8D0C3C2DBF22A943C28E83468D0B1
        Malicious:false
        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        Static File Info

        General

        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PWMinder, Author: Ewert Technologies, Keywords: Installer, Comments: This installer database contains the logic and data required to install PWMinder., Template: x64;1033, Revision Number: {5EB4ACF9-60F1-4E53-B837-23C8A24DDA3A}, Create Time/Date: Thu Nov 17 23:20:42 2022, Last Saved Time/Date: Thu Nov 17 23:20:42 2022, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
        Entropy (8bit):7.996112634596576
        TrID:
        • Microsoft Windows Installer (77509/1) 63.77%
        • ClickyMouse macro set (36024/1) 29.64%
        • Generic OLE2 / Multistream Compound File (8008/1) 6.59%
        File name:PWMinderInstaller-3.3.1.1.msi
        File size:73277440
        MD5:9661ec2a8a20c92f691e50cd91750a1d
        SHA1:092ee11b9c2805f808e0a072c5db1cced5648418
        SHA256:d621d35135fe84d33a85da02b68dd2e327cd01d6185b0cddda98042259c2da0c
        SHA512:93c604fac599af1938458f334be4b47901f48a573762216b496d1fc5fada7740f69c6532d0ba16a96d4e4106e2e9bdb34183f2f8c8e682de0d84d9507134dce8
        SSDEEP:1572864:ofTOkJfGtvX2NxgCl6DSgDRljHMStTHXmkK6Nhb/68E:ofaOGtvCPwZRlDMmTHXXZ/6f
        TLSH:0BF73313BC4F7821D2A52D31873A5724C6216D414EE1B966B3A13EABFEF11C0EE64DD2
        File Content Preview:........................>.................................................................................... ...$...(...,...0...4...8...<...@...D.............................................................................................................

        File Icon

        Icon Hash:a2a0b496b2caca72

        Network Behavior

        No network behavior found

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:00:43:50
        Start date:24/11/2022
        Path:C:\Windows\System32\msiexec.exe
        Wow64 process (32bit):false
        Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PWMinderInstaller-3.3.1.1.msi"
        Imagebase:0x7ff6a6920000
        File size:66048 bytes
        MD5 hash:4767B71A318E201188A0D0A420C8B608
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high

        General

        Target ID:1
        Start time:00:43:52
        Start date:24/11/2022
        Path:C:\Windows\System32\msiexec.exe
        Wow64 process (32bit):false
        Commandline:C:\Windows\system32\msiexec.exe /V
        Imagebase:0x7ff6a6920000
        File size:66048 bytes
        MD5 hash:4767B71A318E201188A0D0A420C8B608
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high

        General

        Target ID:2
        Start time:00:44:05
        Start date:24/11/2022
        Path:C:\Windows\SysWOW64\msiexec.exe
        Wow64 process (32bit):true
        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 483844CA7CD225D329998D5B1C5B7780 C
        Imagebase:0x1080000
        File size:59904 bytes
        MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high

        General

        Target ID:3
        Start time:00:44:21
        Start date:24/11/2022
        Path:C:\Windows\SysWOW64\msiexec.exe
        Wow64 process (32bit):true
        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding BD76792E804F7BE88D040374A60ADC55
        Imagebase:0x1080000
        File size:59904 bytes
        MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high

        Disassembly

        No disassembly