Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
setup.msi

Overview

General Information

Sample name:setup.msi
Analysis ID:1582766
MD5:314486685f91f6b02313d1ad18919b2e
SHA1:0e5445e6a68cb5349dfe731c2647764b0224d20d
SHA256:1c041d279cadcc4ec2ab42e16d52ed0d67a49e78b9f2006361fbb49fd405ef2e
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Suricata IDS alerts for network traffic
AI detected suspicious sample
Bypasses PowerShell execution policy
Query firmware table information (likely to detect VMs)
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Msiexec Initiated Connection
Sigma detected: Suspicious MsiExec Embedding Parent
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected AdvancedInstaller

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 6764 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 1096 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 2452 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding E7FCD295C1DCFE14718D81B356B76280 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • powershell.exe (PID: 2836 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue." MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 6584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1716 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\suriqk.bat" "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • obs-ffmpeg-mux.exe (PID: 6692 cmdline: "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe" MD5: D3CAC4D7B35BACAE314F48C374452D71)
        • conhost.exe (PID: 3380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • createdump.exe (PID: 4768 cmdline: "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe" MD5: 71F796B486C7FAF25B9B16233A7CE0CD)
      • conhost.exe (PID: 6048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_AdvancedInstallerYara detected AdvancedInstallerJoe Security

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: Script Interpreter Execution From Suspicious Folder
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding E7FCD295C1DCFE14718D81B356B76280, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 2452, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 2836, ProcessName: powershell.exe
    Sigma detected: Suspicious Script Execution From Temp Folder
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding E7FCD295C1DCFE14718D81B356B76280, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 2452, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 2836, ProcessName: powershell.exe
    Sigma detected: Change PowerShell Policies to an Insecure Level
    Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding E7FCD295C1DCFE14718D81B356B76280, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 2452, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 2836, ProcessName: powershell.exe
    Sigma detected: Msiexec Initiated Connection
    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 45.77.249.79, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 2452, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49704
    Sigma detected: Suspicious MsiExec Embedding Parent
    Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding E7FCD295C1DCFE14718D81B356B76280, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 2452, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 2836, ProcessName: powershell.exe
    Sigma detected: Non Interactive PowerShell Process Spawned
    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding E7FCD295C1DCFE14718D81B356B76280, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 2452, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 2836, ProcessName: powershell.exe

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-31T12:47:58.010727+010028292021A Network Trojan was detected192.168.2.54970445.77.249.79443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-31T12:47:58.006424+010028225211Domain Observed Used for C2 Detected45.77.249.79443192.168.2.549704TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: https://kikoschmidt.com/updater.phpAvira URL Cloud: Label: malware
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 85.1% probability
    Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9B95379-39C0-4003-BD36-AF035097CDF9}Jump to behavior
    Source: unknownHTTPS traffic detected: 45.77.249.79:443 -> 192.168.2.5:49704 version: TLS 1.2
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000008.00000002.2264162182.00007FF66D588000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2261596064.00007FF66D588000.00000002.00000001.01000000.00000006.sdmp, createdump.exe.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: ucrtbase.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: api-ms-win-core-debug-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2270899605.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
    Source: Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2266458870.00007FF799A05000.00000004.00000001.01000000.00000007.sdmp, obs-ffmpeg-mux.exe, 0000000B.00000000.2263748708.00007FF799A05000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000008.00000002.2264162182.00007FF66D588000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2261596064.00007FF66D588000.00000002.00000001.01000000.00000006.sdmp, createdump.exe.1.dr
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.1.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: ucrtbase.pdbUGP source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
    Source: Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2270984768.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.msi, MSIB81A.tmp.1.dr, MSIB75B.tmp.1.dr, MSIB72B.tmp.1.dr, 59ad65.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
    Source: Binary string: D:\releases\dva\shared\adobe\utest\lib\win\release\64\utest.pdb source: utest.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.1.dr
    Source: Binary string: D:\releases\dva\shared\adobe\utest\lib\win\release\64\utest.pdb((! source: utest.dll.1.dr
    Source: Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: setup.msi, 59ad65.msi.1.dr
    Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
    Source: C:\Windows\System32\cmd.exeFile opened: c:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2822521 - Severity 1 - ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner) : 45.77.249.79:443 -> 192.168.2.5:49704
    Source: Network trafficSuricata IDS: 2829202 - Severity 1 - ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA : 192.168.2.5:49704 -> 45.77.249.79:443
    Source: Joe Sandbox ViewIP Address: 45.77.249.79 45.77.249.79
    Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: kikoschmidt.com
    Source: unknownHTTP traffic detected: POST /updater.php HTTP/1.1Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: AdvancedInstallerHost: kikoschmidt.comContent-Length: 71Cache-Control: no-cache
    Source: setup.msi, utest.dll.1.dr, 59ad65.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: utest.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
    Source: utest.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
    Source: setup.msi, utest.dll.1.dr, 59ad65.msi.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: setup.msi, 59ad65.msi.1.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
    Source: createdump.exe.1.drString found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
    Source: createdump.exe.1.drString found in binary or memory: http://ccsca2021.ocsp-certum.com05
    Source: createdump.exe.1.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
    Source: createdump.exe.1.drString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
    Source: createdump.exe.1.drString found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
    Source: powershell.exe, 00000004.00000002.2201184798.0000000006D9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microI
    Source: powershell.exe, 00000004.00000002.2192954539.0000000002772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: setup.msi, utest.dll.1.dr, 59ad65.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
    Source: utest.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    Source: setup.msi, 59ad65.msi.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: swresample-4.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: utest.dll.1.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
    Source: setup.msi, 59ad65.msi.1.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
    Source: setup.msi, utest.dll.1.dr, 59ad65.msi.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
    Source: setup.msi, utest.dll.1.dr, 59ad65.msi.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: utest.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: utest.dll.1.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
    Source: setup.msi, 59ad65.msi.1.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0K
    Source: setup.msi, utest.dll.1.dr, 59ad65.msi.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
    Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2266807647.00007FF8A4BAB000.00000002.00000001.01000000.0000000A.sdmp, avformat-60.dll.1.drString found in binary or memory: http://dashif.org/guidelines/trickmode
    Source: powershell.exe, 00000004.00000002.2195866754.00000000055BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
    Source: setup.msi, avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, utest.dll.1.dr, 59ad65.msi.1.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: utest.dll.1.drString found in binary or memory: http://ocsp.digicert.com0H
    Source: utest.dll.1.drString found in binary or memory: http://ocsp.digicert.com0I
    Source: setup.msi, 59ad65.msi.1.drString found in binary or memory: http://ocsp.digicert.com0K
    Source: setup.msi, 59ad65.msi.1.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: setup.msi, utest.dll.1.dr, 59ad65.msi.1.drString found in binary or memory: http://ocsp.digicert.com0O
    Source: avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
    Source: powershell.exe, 00000004.00000002.2193566664.00000000046A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
    Source: createdump.exe.1.drString found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
    Source: createdump.exe.1.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
    Source: createdump.exe.1.drString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
    Source: createdump.exe.1.drString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
    Source: setup.msi, 59ad65.msi.1.drString found in binary or memory: http://schemas.micj
    Source: powershell.exe, 00000004.00000002.2193566664.0000000004551000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2266807647.00007FF8A4BAB000.00000002.00000001.01000000.0000000A.sdmp, avformat-60.dll.1.drString found in binary or memory: http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsd
    Source: createdump.exe.1.drString found in binary or memory: http://subca.ocsp-certum.com01
    Source: createdump.exe.1.drString found in binary or memory: http://subca.ocsp-certum.com02
    Source: createdump.exe.1.drString found in binary or memory: http://subca.ocsp-certum.com05
    Source: powershell.exe, 00000004.00000002.2193566664.00000000046A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2193065449.00000000027B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
    Source: createdump.exe.1.drString found in binary or memory: http://www.certum.pl/CPS0
    Source: setup.msi, avformat-60.dll.1.dr, zlib.dll.1.dr, swresample-4.dll.1.dr, utest.dll.1.dr, 59ad65.msi.1.drString found in binary or memory: http://www.digicert.com/CPS0
    Source: utest.dll.1.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
    Source: powershell.exe, 00000004.00000002.2192954539.0000000002772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co=
    Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2269209883.00007FF8A6D80000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.videolan.org/x264.html
    Source: zlib.dll.1.drString found in binary or memory: http://www.zlib.net/D
    Source: powershell.exe, 00000004.00000002.2193566664.0000000004551000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lBjq
    Source: setup.msi, 59ad65.msi.1.drString found in binary or memory: https://aka.ms/winui2/webview2download/Reload():
    Source: powershell.exe, 00000004.00000002.2195866754.00000000055BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
    Source: powershell.exe, 00000004.00000002.2195866754.00000000055BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
    Source: powershell.exe, 00000004.00000002.2195866754.00000000055BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
    Source: powershell.exe, 00000004.00000002.2193566664.00000000046A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
    Source: utest.dll.1.drString found in binary or memory: https://github.com/google/googletest/
    Source: utest.dll.1.drString found in binary or memory: https://github.com/google/googletest/blob/master/googlemock/docs/CookBook.md#knowing-when-to-expect
    Source: powershell.exe, 00000004.00000002.2193566664.0000000004D7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
    Source: setup.msi, 59ad65.msi.1.drString found in binary or memory: https://kikoschmidt.com/updater.phpx
    Source: powershell.exe, 00000004.00000002.2195866754.00000000055BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
    Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2270576969.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://streams.videolan.org/upload/
    Source: createdump.exe.1.drString found in binary or memory: https://www.certum.pl/CPS0
    Source: setup.msi, utest.dll.1.dr, 59ad65.msi.1.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownHTTPS traffic detected: 45.77.249.79:443 -> 192.168.2.5:49704 version: TLS 1.2
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\59ad65.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB66E.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB6DC.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB72B.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB75B.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB7AA.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB7DA.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB81A.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID3D0.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E9B95379-39C0-4003-BD36-AF035097CDF9}Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDF99.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDFAA.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\59ad68.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\59ad68.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIB66E.tmpJump to behavior
    Source: avcodec-60.dll.1.drStatic PE information: Number of sections : 13 > 10
    Source: avutil-58.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: swresample-4.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: swscale-7.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: zlib.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: avformat-60.dll.1.drStatic PE information: Number of sections : 12 > 10
    Source: api-ms-win-core-handle-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-memory-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-debug-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-environment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-console-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l2-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-profile-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-localization-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-datetime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-util-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-interlocked-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-conio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-timezone-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-convert-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
    Source: setup.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenameDataUploader.dllF vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenameucrtbase.dllj% vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenamevcruntime140.dllT vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenamemsvcp140.dllT vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenameMicrosoft.Web.WebView2.Core.dll vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenameMicrosoft.UI.Xaml.dllD vs setup.msi
    Source: setup.msiBinary or memory string: OriginalFilenameembeddeduiproxy.dllF vs setup.msi
    Source: classification engineClassification label: mal76.evad.winMSI@17/88@1/1
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CMLE7BF.tmpJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3380:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6584:120:WilError_03
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6048:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7120:120:WilError_03
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF3D507C68A39BB447.TMPJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\suriqk.bat" "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe""
    Source: C:\Windows\SysWOW64\msiexec.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\PayloadJump to behavior
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E7FCD295C1DCFE14718D81B356B76280
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\suriqk.bat" "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe""
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe"
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E7FCD295C1DCFE14718D81B356B76280Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\suriqk.bat" "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe""Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe"Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe" Jump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: atlthunk.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exeSection loaded: dbgcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeSection loaded: obs.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeSection loaded: avcodec-60.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeSection loaded: avutil-58.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeSection loaded: avformat-60.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeSection loaded: w32-pthreads.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeSection loaded: avutil-58.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeSection loaded: swresample-4.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9B95379-39C0-4003-BD36-AF035097CDF9}Jump to behavior
    Source: setup.msiStatic file information: File size 60720930 > 1048576
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb source: createdump.exe, 00000008.00000002.2264162182.00007FF66D588000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2261596064.00007FF66D588000.00000002.00000001.01000000.00000006.sdmp, createdump.exe.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb= source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: ucrtbase.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll.1.dr
    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: api-ms-win-core-debug-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdbGCTL source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\msvcp140_app.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcomp140_app.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb!! source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2270899605.00007FF8BFB91000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll.1.dr
    Source: Binary string: obs-ffmpeg-mux.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2266458870.00007FF799A05000.00000004.00000001.01000000.00000007.sdmp, obs-ffmpeg-mux.exe, 0000000B.00000000.2263748708.00007FF799A05000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\s\Win32\Release\Microsoft.Toolkit.Win32.UI.XamlApplication\Microsoft.Toolkit.Win32.UI.XamlHost.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\debug\createdump\createdump.pdb;;;GCTL source: createdump.exe, 00000008.00000002.2264162182.00007FF66D588000.00000002.00000001.01000000.00000006.sdmp, createdump.exe, 00000008.00000000.2261596064.00007FF66D588000.00000002.00000001.01000000.00000006.sdmp, createdump.exe.1.dr
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.1.dr
    Source: Binary string: Microsoft.Web.WebView2.Core.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: ucrtbase.pdbUGP source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll.1.dr
    Source: Binary string: w32-pthreads.pdb source: obs-ffmpeg-mux.exe, 0000000B.00000002.2270984768.00007FF8BFBA8000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: setup.msi, MSIB81A.tmp.1.dr, MSIB75B.tmp.1.dr, MSIB72B.tmp.1.dr, 59ad65.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\WinUiBootstrapperEui\WinUiBootstrapperEui.pdb)) source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdbk source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\DataUploader.pdbj source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbm source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vcamp140_app.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdbGCTL source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: E:\BA\201\s\140_release\vcrt_fwd_x86_release\Release\vccorlib140_app.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: api-ms-win-crt-conio-l1-1-0.dll.1.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.1.dr
    Source: Binary string: D:\releases\dva\shared\adobe\utest\lib\win\release\64\utest.pdb source: utest.dll.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.1.dr
    Source: Binary string: D:\releases\dva\shared\adobe\utest\lib\win\release\64\utest.pdb((! source: utest.dll.1.dr
    Source: Binary string: C:\a\_work\1\s\BuildOutput\Release\x86\Microsoft.UI.Xaml\Microsoft.UI.Xaml.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\140_release\vcrt_fwd_x86_release\Release\vcruntime140_app.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: setup.msi, 59ad65.msi.1.dr
    Source: Binary string: D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdbGCTL source: setup.msi, 59ad65.msi.1.dr
    Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: 0x8A188CB0 [Tue Jun 2 13:31:28 2043 UTC]
    Source: vcruntime140.dll.1.drStatic PE information: section name: _RDATA
    Source: BCUninstaller.exe.1.drStatic PE information: section name: _RDATA
    Source: createdump.exe.1.drStatic PE information: section name: _RDATA
    Source: UnRar.exe.1.drStatic PE information: section name: _RDATA
    Source: avformat-60.dll.1.drStatic PE information: section name: .xdata
    Source: avutil-58.dll.1.drStatic PE information: section name: .xdata
    Source: swresample-4.dll.1.drStatic PE information: section name: .xdata
    Source: swscale-7.dll.1.drStatic PE information: section name: .xdata
    Source: zlib.dll.1.drStatic PE information: section name: .xdata
    Source: avcodec-60.dll.1.drStatic PE information: section name: .rodata
    Source: avcodec-60.dll.1.drStatic PE information: section name: .xdata
    Source: MSIDFAA.tmp.1.drStatic PE information: section name: .fptable
    Source: MSIB66E.tmp.1.drStatic PE information: section name: .fptable
    Source: MSIB6DC.tmp.1.drStatic PE information: section name: .fptable
    Source: MSIB72B.tmp.1.drStatic PE information: section name: .fptable
    Source: MSIB75B.tmp.1.drStatic PE information: section name: .fptable
    Source: MSIB7AA.tmp.1.drStatic PE information: section name: .fptable
    Source: MSIB7DA.tmp.1.drStatic PE information: section name: .fptable
    Source: MSIB81A.tmp.1.drStatic PE information: section name: .fptable
    Source: MSID3D0.tmp.1.drStatic PE information: section name: .fptable
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB7AA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\utest.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avformat-60.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avcodec-60.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID3D0.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\BCUninstaller.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB6DC.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDFAA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB81A.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB7DA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avutil-58.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\w32-pthreads.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB66E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\zlib.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\UnRar.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB72B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB75B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\msvcp140.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swscale-7.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swresample-4.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB6DC.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDFAA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB81A.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB72B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB75B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB7DA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB7AA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID3D0.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB66E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Query firmware table information (likely to detect VMs)
    Source: C:\Windows\SysWOW64\msiexec.exeSystem information queried: FirmwareTableInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3975Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 729Jump to behavior
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB6DC.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDFAA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB81A.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB7DA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB7AA.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\utest.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB66E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\zlib.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\UnRar.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140_1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB72B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB75B.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\msvcp140.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swscale-7.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID3D0.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\BCUninstaller.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4564Thread sleep count: 3975 > 30Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1988Thread sleep count: 729 > 30Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4768Thread sleep time: -1844674407370954s >= -30000sJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2884Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: 59ad65.msi.1.drBinary or memory string: HKEY_USERSRegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1VMware20,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
    Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2269209883.00007FF8A696A000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Video @
    Source: obs-ffmpeg-mux.exe, 0000000B.00000002.2269209883.00007FF8A696A000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: VMware Screen Codec / VMware Video
    Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\suriqk.bat" "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe""Jump to behavior

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Bypasses PowerShell execution policy
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe" Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\psse011.ps1" -propfile "c:\users\user\appdata\local\temp\msie00e.txt" -scriptfile "c:\users\user\appdata\local\temp\scre00f.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scre010.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."
    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\psse011.ps1" -propfile "c:\users\user\appdata\local\temp\msie00e.txt" -scriptfile "c:\users\user\appdata\local\temp\scre00f.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scre010.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."Jump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity Information1
    Scripting    		1
    Replication Through Removable Media    		1
    Command and Scripting Interpreter    		1
    Windows Service    		1
    Windows Service    		21
    Masquerading    		OS Credential Dumping11
    Security Software Discovery    		Remote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		1
    Scripting    		11
    Process Injection    		1
    Disable or Modify Tools    		LSASS Memory1
    Process Discovery    		Remote Desktop ProtocolData from Removable Media2
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAt1
    DLL Side-Loading    		1
    DLL Side-Loading    		121
    Virtualization/Sandbox Evasion    		Security Account Manager121
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive3
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
    Process Injection    		NTDS1
    Application Window Discovery    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Timestomp    		LSA Secrets11
    Peripheral Device Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain Credentials12
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    File Deletion    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582766 Sample: setup.msi Startdate: 31/12/2024 Architecture: WINDOWS Score: 76 49 kikoschmidt.com 2->49 57 Suricata IDS alerts for network traffic 2->57 59 Antivirus detection for URL or domain 2->59 61 AI detected suspicious sample 2->61 63 2 other signatures 2->63 9 msiexec.exe 138 104 2->9         started        12 msiexec.exe 2 2->12         started        signatures3 process4 file5 35 C:\Windows\Installer\MSIDFAA.tmp, PE32 9->35 dropped 37 C:\Windows\Installer\MSID3D0.tmp, PE32 9->37 dropped 39 C:\Windows\Installer\MSIB81A.tmp, PE32 9->39 dropped 41 51 other files (none is malicious) 9->41 dropped 14 msiexec.exe 21 9->14         started        19 cmd.exe 1 9->19         started        21 createdump.exe 1 9->21         started        process6 dnsIp7 51 kikoschmidt.com 45.77.249.79, 443, 49704 AS-CHOOPAUS United States 14->51 43 C:\Users\user\AppData\Local\...\scrE00F.ps1, Unicode 14->43 dropped 45 C:\Users\user\AppData\Local\...\pssE011.ps1, Unicode 14->45 dropped 47 C:\Users\user\AppData\Local\...\msiE00E.txt, Unicode 14->47 dropped 53 Query firmware table information (likely to detect VMs) 14->53 55 Bypasses PowerShell execution policy 14->55 23 powershell.exe 17 14->23         started        25 obs-ffmpeg-mux.exe 1 19->25         started        27 conhost.exe 19->27         started        29 conhost.exe 21->29         started        file8 signatures9 process10 process11 31 conhost.exe 23->31         started        33 conhost.exe 25->33         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    setup.msi7%VirustotalBrowse

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\BCUninstaller.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\UnRar.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avcodec-60.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avformat-60.dll3%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avutil-58.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\msvcp140.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swresample-4.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swscale-7.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\utest.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\w32-pthreads.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\zlib.dll0%ReversingLabs
    C:\Windows\Installer\MSIB66E.tmp0%ReversingLabs
    C:\Windows\Installer\MSIB6DC.tmp0%ReversingLabs
    C:\Windows\Installer\MSIB72B.tmp0%ReversingLabs
    C:\Windows\Installer\MSIB75B.tmp0%ReversingLabs
    C:\Windows\Installer\MSIB7AA.tmp0%ReversingLabs
    C:\Windows\Installer\MSIB7DA.tmp0%ReversingLabs
    C:\Windows\Installer\MSIB81A.tmp0%ReversingLabs
    C:\Windows\Installer\MSID3D0.tmp0%ReversingLabs
    C:\Windows\Installer\MSIDFAA.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://kikoschmidt.com/updater.php100%Avira URL Cloudmalware
    http://crl.microI0%Avira URL Cloudsafe
    https://streams.videolan.org/upload/0%Avira URL Cloudsafe
    http://www.microsoft.co=0%Avira URL Cloudsafe
    http://schemas.micj0%Avira URL Cloudsafe
    http://subca.ocsp-certum.com050%Avira URL Cloudsafe
    http://ccsca2021.ocsp-certum.com050%Avira URL Cloudsafe
    http://dashif.org/guidelines/trickmode0%Avira URL Cloudsafe
    https://kikoschmidt.com/updater.phpx0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    kikoschmidt.com
    		45.77.249.79
    		truetrue
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://kikoschmidt.com/updater.phptrue
      • Avira URL Cloud: malware
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://nuget.org/NuGet.exepowershell.exe, 00000004.00000002.2195866754.00000000055BA000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://crl.certum.pl/ctsca2021.crl0ocreatedump.exe.1.drfalse
          		high
          http://crl.microIpowershell.exe, 00000004.00000002.2201184798.0000000006D9B000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://repository.certum.pl/ctnca.cer09createdump.exe.1.drfalse
            		high
            https://kikoschmidt.com/updater.phpxsetup.msi, 59ad65.msi.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.2193566664.00000000046A6000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://crl.certum.pl/ctnca.crl0kcreatedump.exe.1.drfalse
                		high
                http://crl.microsoftpowershell.exe, 00000004.00000002.2192954539.0000000002772000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.2193566664.00000000046A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2193065449.00000000027B5000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://go.micropowershell.exe, 00000004.00000002.2193566664.0000000004D7C000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://contoso.com/Licensepowershell.exe, 00000004.00000002.2195866754.00000000055BA000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://contoso.com/Iconpowershell.exe, 00000004.00000002.2195866754.00000000055BA000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://schemas.micjsetup.msi, 59ad65.msi.1.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://standards.iso.org/ittf/PubliclyAvailableStandards/MPEG-DASH_schema_files/DASH-MPD.xsdobs-ffmpeg-mux.exe, 0000000B.00000002.2266807647.00007FF8A4BAB000.00000002.00000001.01000000.0000000A.sdmp, avformat-60.dll.1.drfalse
                            		high
                            http://ccsca2021.crl.certum.pl/ccsca2021.crl0screatedump.exe.1.drfalse
                              		high
                              https://www.certum.pl/CPS0createdump.exe.1.drfalse
                                		high
                                http://www.microsoft.co=powershell.exe, 00000004.00000002.2192954539.0000000002772000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.2193566664.00000000046A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://repository.certum.pl/ccsca2021.cer0createdump.exe.1.drfalse
                                    		high
                                    https://github.com/google/googletest/utest.dll.1.drfalse
                                      		high
                                      http://repository.certum.pl/ctsca2021.cer0createdump.exe.1.drfalse
                                        		high
                                        https://streams.videolan.org/upload/obs-ffmpeg-mux.exe, 0000000B.00000002.2270576969.00007FF8A7CA6000.00000002.00000001.01000000.00000009.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://subca.ocsp-certum.com05createdump.exe.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.zlib.net/Dzlib.dll.1.drfalse
                                          		high
                                          http://subca.ocsp-certum.com02createdump.exe.1.drfalse
                                            		high
                                            http://subca.ocsp-certum.com01createdump.exe.1.drfalse
                                              		high
                                              http://www.videolan.org/x264.htmlobs-ffmpeg-mux.exe, 0000000B.00000002.2269209883.00007FF8A6D80000.00000002.00000001.01000000.00000008.sdmpfalse
                                                		high
                                                https://contoso.com/powershell.exe, 00000004.00000002.2195866754.00000000055BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://nuget.org/nuget.exepowershell.exe, 00000004.00000002.2195866754.00000000055BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://dashif.org/guidelines/trickmodeobs-ffmpeg-mux.exe, 0000000B.00000002.2266807647.00007FF8A4BAB000.00000002.00000001.01000000.0000000A.sdmp, avformat-60.dll.1.drfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://crl.certum.pl/ctnca2.crl0lcreatedump.exe.1.drfalse
                                                      		high
                                                      http://repository.certum.pl/ctnca2.cer09createdump.exe.1.drfalse
                                                        		high
                                                        https://aka.ms/pscore6lBjqpowershell.exe, 00000004.00000002.2193566664.0000000004551000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://ccsca2021.ocsp-certum.com05createdump.exe.1.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://aka.ms/winui2/webview2download/Reload():setup.msi, 59ad65.msi.1.drfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000004.00000002.2193566664.0000000004551000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.certum.pl/CPS0createdump.exe.1.drfalse
                                                                		high

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                45.77.249.79
                                                                		kikoschmidt.comUnited States
                                                                		20473AS-CHOOPAUStrue

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1582766
                                                                Start date and time:2024-12-31 12:46:53 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 6m 12s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:14
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:setup.msi
                                                                Detection:MAL
                                                                Classification:mal76.evad.winMSI@17/88@1/1
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .msi

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                • Excluded IPs from analysis (whitelisted): 13.107.246.45, 172.202.163.200
                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                • Not all processes where analyzed, report is missing behavior information

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                06:47:58API Interceptor4x Sleep call for process: powershell.exe modified

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                45.77.249.79UoktqWamLR.exeGet hashmaliciousAZORultBrowse
                                                                • ehzwq.shop/erd/mac/index.php
                                                                RgZaLjgCto.exeGet hashmaliciousTinbaBrowse
                                                                • uyhgqunqkxnx.pw/EiDQjNbWEQ/
                                                                java.exeGet hashmaliciousTinbaBrowse
                                                                • uyhgqunqkxnx.pw/EiDQjNbWEQ/

                                                                Domains

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                kikoschmidt.comsetup.msiGet hashmaliciousUnknownBrowse
                                                                • 172.67.165.214

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                AS-CHOOPAUShttp://parrottalks.infoGet hashmaliciousUnknownBrowse
                                                                • 149.28.124.84
                                                                botx.mips.elfGet hashmaliciousMiraiBrowse
                                                                • 149.253.144.7
                                                                db0fa4b8db0333367e9bda3ab68b8042.x86.elfGet hashmaliciousMirai, GafgytBrowse
                                                                • 78.141.232.165
                                                                3OQL58yflv.exeGet hashmaliciousMetasploitBrowse
                                                                • 202.182.125.24
                                                                armv5l.elfGet hashmaliciousUnknownBrowse
                                                                • 44.174.62.96
                                                                loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                • 8.12.100.87
                                                                d1c701d984c5e04b42f3cb7165fc8907dd9f46e91e14d.exeGet hashmaliciousNetSupport RATBrowse
                                                                • 45.76.253.210
                                                                d1c701d984c5e04b42f3cb7165fc8907dd9f46e91e14d.exeGet hashmaliciousNetSupport RATBrowse
                                                                • 45.76.253.210
                                                                armv5l.elfGet hashmaliciousMiraiBrowse
                                                                • 66.42.103.144
                                                                jklm68k.elfGet hashmaliciousUnknownBrowse
                                                                • 44.40.163.25

                                                                JA3 Fingerprints

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                37f463bf4616ecd445d4a1937da06e19GYede3Gwn0.lnkGet hashmaliciousUnknownBrowse
                                                                • 45.77.249.79
                                                                6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                • 45.77.249.79
                                                                heteronymous.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                • 45.77.249.79
                                                                zku4YyCG6L.exeGet hashmaliciousUnknownBrowse
                                                                • 45.77.249.79
                                                                hca5qDUYZH.exeGet hashmaliciousUnknownBrowse
                                                                • 45.77.249.79
                                                                Loader.exeGet hashmaliciousMeduza StealerBrowse
                                                                • 45.77.249.79
                                                                setup.msiGet hashmaliciousUnknownBrowse
                                                                • 45.77.249.79
                                                                BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                • 45.77.249.79
                                                                Open Purchase Order Summary Details-16-12-2024.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                • 45.77.249.79
                                                                Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                • 45.77.249.79

                                                                Dropped Files

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\BCUninstaller.exesetup.msiGet hashmaliciousUnknownBrowse
                                                                  setup.msiGet hashmaliciousUnknownBrowse
                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                      48.252.190.9.zipGet hashmaliciousUnknownBrowse
                                                                        setup.msiGet hashmaliciousUnknownBrowse
                                                                          TrdIE26br9.msiGet hashmaliciousUnknownBrowse
                                                                            b8ygJBG5cb.msiGet hashmaliciousUnknownBrowse
                                                                              setup.msiGet hashmaliciousUnknownBrowse
                                                                                installer.msiGet hashmaliciousUnknownBrowse
                                                                                  setup.msiGet hashmaliciousUnknownBrowse
                                                                                    C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\UnRar.exesetup.msiGet hashmaliciousUnknownBrowse
                                                                                      setup.msiGet hashmaliciousUnknownBrowse
                                                                                        setup.msiGet hashmaliciousUnknownBrowse
                                                                                          48.252.190.9.zipGet hashmaliciousUnknownBrowse
                                                                                            setup.msiGet hashmaliciousUnknownBrowse
                                                                                              TrdIE26br9.msiGet hashmaliciousUnknownBrowse
                                                                                                b8ygJBG5cb.msiGet hashmaliciousUnknownBrowse
                                                                                                  setup.msiGet hashmaliciousUnknownBrowse
                                                                                                    installer.msiGet hashmaliciousUnknownBrowse
                                                                                                      setup.msiGet hashmaliciousUnknownBrowse

                                                                                                        Created / dropped Files

                                                                                                        C:\Config.Msi\59ad67.rbs

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:modified
                                                                                                        Size (bytes):20759
                                                                                                        Entropy (8bit):5.822188269938195
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:naymAuatBEZ3/oFhnJ2RII2+2NnySJwW8L3merfF183YfjQMWhr5ykpdttYu6w5l:nFmAuatBEZ3/oFhnJ2RII2+2NnySJwWB
                                                                                                        MD5:F6F638F89D26AD2AA37D1CC837A15D3B
                                                                                                        SHA1:340917EFD6DEA88C51B893A596FDDA262EFC2869
                                                                                                        SHA-256:28B9D74E9E38675F9E2BB68EE5ECF7BB3059B6CE44205872DA4A17219C875C9D
                                                                                                        SHA-512:61982B672FFEF1529510CB8A72ACEB21F8C549EF3B6AAA7B9B56C3F94EDA32E26F26AAB94FA2702E40A9D3FF011AD41DA84A7E83AF5ECA86200302A50B753046
                                                                                                        Malicious:false
                                                                                                        Preview:...@IXOS.@.....@.6.Y.@.....@.....@.....@.....@.....@......&.{E9B95379-39C0-4003-BD36-AF035097CDF9}..Strave App..setup.msi.@.....@.....@.....@......icon_24.exe..&.{C1CE6CFA-C174-4027-92C4-1BDA03096B6B}.....@.....@.....@.....@.......@.....@.....@.......@......Strave App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F39C344E-A83E-4760-8DA8-F27602095B4F}&.{E9B95379-39C0-4003-BD36-AF035097CDF9}.@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82}&.{E9B95379-39C0-4003-BD36-AF035097CDF9}.@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}&.{E9B95379-39C0-4003-BD36-AF035097CDF9}.@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}&.{E9B95379-39C0-4003-BD36-AF035097CDF9}.@......&.{FDDB96EE-847D-4B25-85B1-65E662CF63A8}&.{E9B95379-39C0-4003-BD36-AF035097CDF9}.@......&.{9608D8ED-8EC6-4540-B232-4A823606F862}&.{E9B95379-39C0-4003-BD36-AF035097CDF9}.@......&.{17B6E8D6-C004-40DB-BB2D-125D7C1CC21E}&.{E9B95379-39C0-40

                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1360
                                                                                                        Entropy (8bit):5.414845440181211
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:3Uyt3WSKco4KmZjKbmOIKod6emZ9tYs4RPQoUEJ0gt/NK3R82iagSVbV:ky9WSU4xympjmZ9tz4RIoUl8NWR823Vx
                                                                                                        MD5:20AF6AC3179B0479717A0DCBD1DF5AF8
                                                                                                        SHA1:C47C1A9F9BB2DC8AB791316E62FFB39B8429F596
                                                                                                        SHA-256:DD6ACBE2DEDB2F64D6067FC59D5D02136F239D81B7E56033278AE6F795DDA644
                                                                                                        SHA-512:721F377C49D283854A0EFAD8536B0A8593E137AF7D6DF130E6A03DAABBDDF28746EA4BACF9F19DAE263FFA38723E852F9999B2FD56FE193A7A3C25097877C793
                                                                                                        Malicious:false
                                                                                                        Preview:@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5fgwxpim.or4.ps1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jxcjkvhq.dti.psm1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                        C:\Users\user\AppData\Local\Temp\msiE00E.txt

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):100
                                                                                                        Entropy (8bit):3.0073551160284637
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Q0JUINRYplflrOdlVWNlANf5Yplf955:Q0JB0LJOn03ANqLN
                                                                                                        MD5:7A131AC8F407D08D1649D8B66D73C3B0
                                                                                                        SHA1:D93E1B78B1289FB51E791E524162D69D19753F22
                                                                                                        SHA-256:9ACBF0D3EEF230CC2D5A394CA5657AE42F3E369292DA663E2537A278A811FF5B
                                                                                                        SHA-512:47B6FF38B4DF0845A83F17E0FE889747A478746E1E7F17926A5CCAC1DD39C71D93F05A88E0EC176C1E5D752F85D4BDCFFB5C64125D1BA92ACC91D03D6031848D
                                                                                                        Malicious:true
                                                                                                        Preview:..Q.u.i.t.e.S.e.s. .:.<.-.>.:. . .<.<.:.>.>. .E.x.t.e.n.d.E.x.p.i.r.e. .:.<.-.>.:. .0. .<.<.:.>.>. .

                                                                                                        C:\Users\user\AppData\Local\Temp\pssE011.ps1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):6668
                                                                                                        Entropy (8bit):3.5127462716425657
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:5Wb5VNkKmeHn/V2BVrIovmgNlGjxcj6BngOcvjb:5WbyZ/gVyvb
                                                                                                        MD5:30C30EF2CB47E35101D13402B5661179
                                                                                                        SHA1:25696B2AAB86A9233F19017539E2DD83B2F75D4E
                                                                                                        SHA-256:53094DF6FA4E57A3265FF04BC1E970C10BCDB3D4094AD6DD610C05B7A8B79E0F
                                                                                                        SHA-512:882BE2768138BB75FF7DDE7D5CA4C2E024699398BAACD0CE1D4619902402E054297E4F464D8CB3C22B2F35D3DABC408122C207FACAD64EC8014F2C54834CF458
                                                                                                        Malicious:true
                                                                                                        Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".l.i.n.e.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.L.i.n.e.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                        C:\Users\user\AppData\Local\Temp\scrE00F.ps1

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):254
                                                                                                        Entropy (8bit):3.555045878547657
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:QfFok79idK3fOlFogltHN+KiVmMXFVrMTlP1LlG7JidK3falnUOn03AnfInO:QfF3KvogM/XFVrMTQNeFUr3+
                                                                                                        MD5:E8A84AE0A0597E0C4FBB7FA36F7D0CA7
                                                                                                        SHA1:B97096DF7801FA5F91542F0F9A70616DD5D49B03
                                                                                                        SHA-256:9F2D8F053895BF9377A4686714833304E87A4E926B7581599D44B45380B5DFDE
                                                                                                        SHA-512:83960868B8DBFFEF2B3EE557AD89BB18CF80043FEB2A7BFDB0630F32A1870585158E4F4B367C72BBFDD760A586E5D1FEB73192C0E769507A6ED81E90BF4925EB
                                                                                                        Malicious:true
                                                                                                        Preview:..$.o.i.g.n.q.p. .=. .A.I._.G.e.t.M.s.i.P.r.o.p.e.r.t.y. .".Q.u.i.t.e.S.e.s.".....$.a.v.o.i.j.g. .=. .[.u.i.n.t.3.2.].(.$.o.i.g.n.q.p. .-.r.e.p.l.a.c.e. .'.t.'.,. .'.'.).....A.I._.S.e.t.M.s.i.P.r.o.p.e.r.t.y. .".E.x.t.e.n.d.E.x.p.i.r.e.". .$.a.v.o.i.j.g.

                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Installer\{E9B95379-39C0-4003-BD36-AF035097CDF9}\icon_24.exe

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                        Category:dropped
                                                                                                        Size (bytes):195906
                                                                                                        Entropy (8bit):4.669224805215773
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:k1Z0Ceau0a/r3NLZZOjjDcC7uFFy9Z8YJNs9Z7E9ykl:k1Z0vZXJZYDFufyXbJNCcr
                                                                                                        MD5:E40B08C6FF5F07916B45741B7D0C5E87
                                                                                                        SHA1:94C2357A59BAA3B537993F570CEA03EC51C1917B
                                                                                                        SHA-256:131ABD59B7D4B6177F2815E8CEB0F3DA325CB1074AEFBE99F61A382F1895AF44
                                                                                                        SHA-512:FA8453DD4936F772381E50533CD91DB8857F1A608CEB91F225300FC4E9DE8475EB416A3682D0C85829058570EBB9BBDF18CC650D36FA87E13BC262C827D0C695
                                                                                                        Malicious:false
                                                                                                        Preview:............ .............. .(.......``.... .........HH.... ..T..R"..@@.... .(B...v..00.... ..%...... .... ............... .....R......... .h........PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..yx.e.>|.Ug?Y.N..d%...6M."....".=......v..f....5}..3.b.h#v..".....b.(...@.}..........8kr...}]\".N.[u.y.g....|....|....|....|....|....|....|...[..F/......h4..h$...5.....Z.f..J%322...... .p...\HH.l6.a..c.............rC>.8|..&..;....f.Y.q....a.?.e.x..eY6F....a..DBH...F....@..R.\v.!...QJ[....(...Z.!.@#!d.R..l'!.3..V........s3..|..|.`.b..LSS...._A.Q.....@. ...2.o...J)C.a(...B.a.s.B......>N.......PB.O..(.m...t..P.0L...^&..p.g.....<x..g...S......2.L..h4..a.y..#.,..A.I..@)..`.!.!.qv>W...D...Z.R...cLA..Z.|G)..p.a.J..8..t..9......S.7.EEEZ..Q*.I..;.AXJ.Y.0L....0......8Z#.....B,..*J...e...p..~???...n..+...)...7.[[[.4.M0.%..{(........jA.m..)...A.x.).+.."....|E...y.p..q..Y.m....a....CBB.,..0.s/...q.^.@1Q@nvaw.W./..#.p...J.Q.e..B..,;..._.o.Ro.....`...^....ls.!......

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\BCUninstaller.exe

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):310928
                                                                                                        Entropy (8bit):6.001677789306043
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3072:Zczkitvo4BpYN/6mBPry8TXROLdW5m4mURs9OOGC0kvxVCd7wANmSrvlPSIB0P+4:ZA4NCmBPry/N24OOjVxM7RNrrvEc0a
                                                                                                        MD5:147B71C906F421AC77F534821F80A0C6
                                                                                                        SHA1:3381128CA482A62333E20D0293FDA50DC5893323
                                                                                                        SHA-256:7DCD48CEF4CC4C249F39A373A63BBA97C66F4D8AFDBE3BAB196FD452A58290B2
                                                                                                        SHA-512:2FCD2127D9005D66431DD8C9BD5BC60A148D6F3DFE4B80B82672AFD0D148F308377A0C38D55CA58002E5380D412CE18BD0061CB3B12F4DAA90E0174144EA20C8
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: setup.msi, Detection: malicious, Browse
                                                                                                        • Filename: setup.msi, Detection: malicious, Browse
                                                                                                        • Filename: setup.msi, Detection: malicious, Browse
                                                                                                        • Filename: 48.252.190.9.zip, Detection: malicious, Browse
                                                                                                        • Filename: setup.msi, Detection: malicious, Browse
                                                                                                        • Filename: TrdIE26br9.msi, Detection: malicious, Browse
                                                                                                        • Filename: b8ygJBG5cb.msi, Detection: malicious, Browse
                                                                                                        • Filename: setup.msi, Detection: malicious, Browse
                                                                                                        • Filename: installer.msi, Detection: malicious, Browse
                                                                                                        • Filename: setup.msi, Detection: malicious, Browse
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8.}|...|...|....../p....../v....../1...u.a.l....../u...|........./v....../}...Rich|...........PE..d...i..d..........".................`<.........@..........................................`.................................................t$...........S...`..@........(..............T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data........@......................@....pdata..@....`.......&..............@..@_RDATA...............<..............@..@.rsrc....S.......T...>..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\UnRar.exe

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):506008
                                                                                                        Entropy (8bit):6.4284173495366845
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6144:yY8mmN3YWYGAj9JwXScp39ioIKzKVEKfr01//bbh3S62Wt3A3ksFqXqjh6AusDyn:yY8XiWYGAkXh3Qqia/zAot3A6AhezSpK
                                                                                                        MD5:98CCD44353F7BC5BAD1BC6BA9AE0CD68
                                                                                                        SHA1:76A4E5BF8D298800C886D29F85EE629E7726052D
                                                                                                        SHA-256:E51021F6CB20EFBD2169F2A2DA10CE1ABCA58B4F5F30FBF4BAE931E4ECAAC99B
                                                                                                        SHA-512:D6E8146A1055A59CBA5E2AAF47F6CB184ACDBE28E42EC3DAEBF1961A91CEC5904554D9D433EBF943DD3639C239EF11560FA49F00E1CFF02E11CD8D3506C4125F
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: setup.msi, Detection: malicious, Browse
                                                                                                        • Filename: setup.msi, Detection: malicious, Browse
                                                                                                        • Filename: setup.msi, Detection: malicious, Browse
                                                                                                        • Filename: 48.252.190.9.zip, Detection: malicious, Browse
                                                                                                        • Filename: setup.msi, Detection: malicious, Browse
                                                                                                        • Filename: TrdIE26br9.msi, Detection: malicious, Browse
                                                                                                        • Filename: b8ygJBG5cb.msi, Detection: malicious, Browse
                                                                                                        • Filename: setup.msi, Detection: malicious, Browse
                                                                                                        • Filename: installer.msi, Detection: malicious, Browse
                                                                                                        • Filename: setup.msi, Detection: malicious, Browse
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.}............|.&.....|.$.J...|.%.....H}*.....H}./....H}./.....~P.....H}./.....~D.........z...F}./....F}(.....F}./....Rich............PE..d.....@f.........."....!.b.....................@.....................................'....`.................................................|...........H........4.......(......8...0I..T....................J..(....G..@............................................text....a.......b.................. ..`.rdata...3.......4...f..............@..@.data...............................@....pdata...4.......6..................@..@_RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..8...........................@..B................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12224
                                                                                                        Entropy (8bit):6.596101286914553
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:4nWYhWxWWFYg7VWQ4uWjXUtpwBqnajrmaaGJ:2WYhWvZqlQGJ
                                                                                                        MD5:919E653868A3D9F0C9865941573025DF
                                                                                                        SHA1:EFF2D4FF97E2B8D7ED0E456CB53B74199118A2E2
                                                                                                        SHA-256:2AFBFA1D77969D0F4CEE4547870355498D5C1DA81D241E09556D0BD1D6230F8C
                                                                                                        SHA-512:6AEC9D7767EB82EBC893EBD97D499DEBFF8DA130817B6BB4BCB5EB5DE1B074898F87DB4F6C48B50052D4F8A027B3A707CAD9D7ED5837A6DD9B53642B8A168932
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Y.=i.........." .........................................................0......a.....`.........................................`...,............ ...................!..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-console-l1-2-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12224
                                                                                                        Entropy (8bit):6.640081558424349
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:iTWYhWyWWFYg7VWQ4uWq6Cu87ZqnajgnLSyu:sWYhWi1XHllk2yu
                                                                                                        MD5:7676560D0E9BC1EE9502D2F920D2892F
                                                                                                        SHA1:4A7A7A99900E41FF8A359CA85949ACD828DDB068
                                                                                                        SHA-256:00942431C2D3193061C7F4DC340E8446BFDBF792A7489F60349299DFF689C2F9
                                                                                                        SHA-512:F1E8DB9AD44CD1AA991B9ED0E000C58978EB60B3B7D9908B6EB78E8146E9E12590B0014FC4A97BC490FFE378C0BF59A6E02109BFD8A01C3B6D0D653A5B612D15
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....y1..........." .........................................................0...........`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):11712
                                                                                                        Entropy (8bit):6.6023398138369505
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:5WYhWYWWFYg7VWQ4SWSS/njxceXqnajLJ35H:5WYhW4gjmAlnJpH
                                                                                                        MD5:AC51E3459E8FCE2A646A6AD4A2E220B9
                                                                                                        SHA1:60CF810B7AD8F460D0B8783CE5E5BBCD61C82F1A
                                                                                                        SHA-256:77577F35D3A61217EA70F21398E178F8749455689DB52A2B35A85F9B54C79638
                                                                                                        SHA-512:6239240D4F4FA64FC771370FB25A16269F91A59A81A99A6A021B8F57CA93D6BB3B3FCECC8DEDE0EF7914652A2C85D84D774F13A4143536A3F986487A776A2EAE
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....Ab.........." .........................................................0......d.....`.........................................`................ ...................!..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-debug-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):11720
                                                                                                        Entropy (8bit):6.614262942006268
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:4WYhWFsWWFYg7VWQ4eWZzAR/BVrqnajcJH:4WYhWFMJRLlA5
                                                                                                        MD5:B0E0678DDC403EFFC7CDC69AE6D641FB
                                                                                                        SHA1:C1A4CE4DED47740D3518CD1FF9E9CE277D959335
                                                                                                        SHA-256:45E48320ABE6E3C6079F3F6B84636920A367989A88F9BA6847F88C210D972CF1
                                                                                                        SHA-512:2BADF761A0614D09A60D0ABB6289EBCBFA3BF69425640EB8494571AFD569C8695AE20130AAC0E1025E8739D76A9BFF2EFC9B4358B49EFE162B2773BE9C3E2AD4
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):11720
                                                                                                        Entropy (8bit):6.654155040985372
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:imxD3vEWYhWnWWFYg7VWQ4eWMOwNbDXbBqnaj0qJm8:iIEWYhWFpLbBlwqJm
                                                                                                        MD5:94788729C9E7B9C888F4E323A27AB548
                                                                                                        SHA1:B0BA0C4CF1D8B2B94532AA1880310F28E87756EC
                                                                                                        SHA-256:ACCDD7455FB6D02FE298B987AD412E00D0B8E6F5FB10B52826367E7358AE1187
                                                                                                        SHA-512:AB65495B1D0DD261F2669E04DC18A8DA8F837B9AC622FC69FDE271FF5E6AA958B1544EDD8988F017D3DD83454756812C927A7702B1ED71247E506530A11F21C6
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....:.[.........." .........................................................0......~.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):15304
                                                                                                        Entropy (8bit):6.548897063441128
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:+AuVYPvVX8rFTsRWYhWyWWFYg7VWQ4eWQBAW+JSdqnajeMoLR9au:TBPvVXLWYhWiBdlaLFAu
                                                                                                        MD5:580D9EA2308FC2D2D2054A79EA63227C
                                                                                                        SHA1:04B3F21CBBA6D59A61CD839AE3192EA111856F65
                                                                                                        SHA-256:7CB0396229C3DA434482A5EF929D3A2C392791712242C9693F06BAA78948EF66
                                                                                                        SHA-512:97C1D3F4F9ADD03F21C6B3517E1D88D1BF9A8733D7BDCA1AECBA9E238D58FF35780C4D865461CC7CD29E9480B3B3B60864ABB664DCDC6F691383D0B281C33369
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................@............`.........................................`................0...................!..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l1-2-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):11712
                                                                                                        Entropy (8bit):6.622041192039296
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:dzWYhW1sWWFYg7VWQ4yWL3sQlmqnajlD4h1N:BWYhW2e6l94h1N
                                                                                                        MD5:35BC1F1C6FBCCEC7EB8819178EF67664
                                                                                                        SHA1:BBCAD0148FF008E984A75937AADDF1EF6FDA5E0C
                                                                                                        SHA-256:7A3C5167731238CF262F749AA46AB3BFB2AE1B22191B76E28E1D7499D28C24B7
                                                                                                        SHA-512:9AB9B5B12215E57AF5B3C588ED5003D978071DC591ED18C78C4563381A132EDB7B2C508A8B75B4F1ED8823118D23C88EDA453CD4B42B9020463416F8F6832A3D
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......./....`.........................................`...L............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-file-l2-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):11720
                                                                                                        Entropy (8bit):6.730719514840594
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:/VyWYhWjAWWFYg7VWQ4eWiuNwzNbDXbBqnaj0q:/VyWYhW8g+LbBlwq
                                                                                                        MD5:3BF4406DE02AA148F460E5D709F4F67D
                                                                                                        SHA1:89B28107C39BB216DA00507FFD8ADB7838D883F6
                                                                                                        SHA-256:349A79FA1572E3538DFBB942610D8C47D03E8A41B98897BC02EC7E897D05237E
                                                                                                        SHA-512:5FF6E8AD602D9E31AC88E06A6FBB54303C57D011C388F46D957AEE8CD3B7D7CCED8B6BFA821FF347ADE62F7359ACB1FBA9EE181527F349C03D295BDB74EFBACE
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-handle-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):11720
                                                                                                        Entropy (8bit):6.626458901834476
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:P9RWYhWEWWFYg7VWQ4eWncTjxceXqnajLJS:LWYhWk3TjmAlnJS
                                                                                                        MD5:BBAFA10627AF6DFAE5ED6E4AEAE57B2A
                                                                                                        SHA1:3094832B393416F212DB9107ADD80A6E93A37947
                                                                                                        SHA-256:C78A1217F8DCB157D1A66B80348DA48EBDBBEDCEA1D487FC393191C05AAD476D
                                                                                                        SHA-512:D5FCBA2314FFE7FF6E8B350D65A2CDD99CA95EA36B71B861733BC1ED6B6BB4D85D4B1C4C4DE2769FBF90D4100B343C250347D9ED1425F4A6C3FE6A20AED01F17
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...>G.j.........." .........................................................0............`.........................................`...`............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-heap-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12232
                                                                                                        Entropy (8bit):6.577869728469469
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:5t6DjZlTIWYhWsWWFYg7VWQ4eW4MtkR/BVrqnajc:5t6Dll0WYhWMqkRLlA
                                                                                                        MD5:3A4B6B36470BAD66621542F6D0D153AB
                                                                                                        SHA1:5005454BA8E13BAC64189C7A8416ECC1E3834DC6
                                                                                                        SHA-256:2E981EE04F35C0E0B7C58282B70DCC9FC0318F20F900607DAE7A0D40B36E80AF
                                                                                                        SHA-512:84B00167ABE67F6B58341045012723EF4839C1DFC0D8F7242370C4AD9FABBE4FEEFE73F9C6F7953EAE30422E0E743DC62503A0E8F7449E11C5820F2DFCA89294
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......M.....`.........................................`................ ...................!..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):11712
                                                                                                        Entropy (8bit):6.6496318655699795
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:nWYhWNWWFYg7VWQ4uWtGDlR/BVrqnajcU8:nWYhWLJDlRLlAU8
                                                                                                        MD5:A038716D7BBD490378B26642C0C18E94
                                                                                                        SHA1:29CD67219B65339B637A1716A78221915CEB4370
                                                                                                        SHA-256:B02324C49DD039FA889B4647331AA9AC65E5ADC0CC06B26F9F086E2654FF9F08
                                                                                                        SHA-512:43CB12D715DDA4DCDB131D99127417A71A16E4491BC2D5723F63A1C6DFABE578553BC9DC8CF8EFFAE4A6BE3E65422EC82079396E9A4D766BF91681BDBD7837B1
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...*............." .........................................................0......-.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12736
                                                                                                        Entropy (8bit):6.587452239016064
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:FvuBL3BBLZWYhWxWWFYg7VWQ4uW4g0jrQYcunYqnajv9Ml:FvuBL3BPWYhWv8jYulhMl
                                                                                                        MD5:D75144FCB3897425A855A270331E38C9
                                                                                                        SHA1:132C9ADE61D574AA318E835EB78C4CCCDDEFDEA2
                                                                                                        SHA-256:08484ED55E43584068C337281E2C577CF984BB504871B3156DE11C7CC1EEC38F
                                                                                                        SHA-512:295A6699529D6B173F686C9BBB412F38D646C66AAB329EAC4C36713FDD32A3728B9C929F9DCADDE562F625FB80BC79026A52772141AD2080A0C9797305ADFF2E
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0......V`....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-localization-l1-2-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):14280
                                                                                                        Entropy (8bit):6.658205945107734
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:NOMw3zdp3bwjGzue9/0jCRrndbwNWYhW6WAulh2:NOMwBprwjGzue9/0jCRrndbw5D
                                                                                                        MD5:8ACB83D102DABD9A5017A94239A2B0C6
                                                                                                        SHA1:9B43A40A7B498E02F96107E1524FE2F4112D36AE
                                                                                                        SHA-256:059CB23FDCF4D80B92E3DA29E9EF4C322EDF6FBA9A1837978FD983E9BDFC7413
                                                                                                        SHA-512:B7ECF60E20098EA509B76B1CC308A954A6EDE8D836BF709790CE7D4BD1B85B84CF5F3AEDF55AF225D2D21FBD3065D01AA201DAE6C131B8E1E3AA80ED6FC910A4
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......._....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-memory-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12224
                                                                                                        Entropy (8bit):6.621310788423453
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:qo1aCFEWYhWwp/DEs39DHDs35FrsvYgmr0DD0ADEs3TDL2L4m2grMWaLNpDEs3OC:teWYhWVWWFYg7VWQ4yWwAKZRqnajl6x7
                                                                                                        MD5:808F1CB8F155E871A33D85510A360E9E
                                                                                                        SHA1:C6251ABFF887789F1F4FC6B9D85705788379D149
                                                                                                        SHA-256:DADBD2204B015E81F94C537AC7A36CD39F82D7C366C193062210C7288BAA19E3
                                                                                                        SHA-512:441F36CA196E1C773FADF17A0F64C2BBDC6AF22B8756A4A576E6B8469B4267E942571A0AE81F4B2230B8DE55702F2E1260E8D0AFD5447F2EA52F467F4CAA9BC6
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...f092.........." .........................................................0............`.........................................`...l............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):11720
                                                                                                        Entropy (8bit):6.7263193693903345
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:cWYhWZSWWFYg7VWQ4eWkcc7ZqnajgnLSp:cWYhW84cllk2p
                                                                                                        MD5:CFF476BB11CC50C41D8D3BF5183D07EC
                                                                                                        SHA1:71E0036364FD49E3E535093E665F15E05A3BDE8F
                                                                                                        SHA-256:B57E70798AF248F91C8C46A3F3B2952EFFAE92CA8EF9640C952467BC6726F363
                                                                                                        SHA-512:7A87E4EE08169E9390D0DFE607E9A220DC7963F9B4C2CDC2F8C33D706E90DC405FBEE00DDC4943794FB502D9882B21FAAE3486BC66B97348121AE665AE58B01C
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....%..........." .........................................................0......[.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12744
                                                                                                        Entropy (8bit):6.601327134572443
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:qKWYhWbWWFYg7VWQ4eWYoWjxceXqnajLJe:qKWYhWJ4WjmAlnJe
                                                                                                        MD5:F43286B695326FC0C20704F0EEBFDEA6
                                                                                                        SHA1:3E0189D2A1968D7F54E721B1C8949487EF11B871
                                                                                                        SHA-256:AA415DB99828F30A396CBD4E53C94096DB89756C88A19D8564F0EED0674ADD43
                                                                                                        SHA-512:6EAD35348477A08F48A9DEB94D26DA5F4E4683E36F0A46117B078311235C8B9B40C17259C2671A90D1A210F73BF94C9C063404280AC5DD5C7F9971470BEAF8B7
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......Z....`.........................................`...H............ ...................!..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):14272
                                                                                                        Entropy (8bit):6.519411559704781
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:AWXk1JzX9cKSIvWYhWLWWFYg7VWQ4SWW0uI7oinEqnajxMyqY:AWXk1JzNcKSIvWYhW5+uOEle6
                                                                                                        MD5:E173F3AB46096482C4361378F6DCB261
                                                                                                        SHA1:7922932D87D3E32CE708F071C02FB86D33562530
                                                                                                        SHA-256:C9A686030E073975009F993485D362CC31C7F79B683DEF713E667D13E9605A14
                                                                                                        SHA-512:3AAFEFD8A9D7B0C869D0C49E0C23086115FD550B7DC5C75A5B8A8620AD37F36A4C24D2BF269043D81A7448C351FF56CB518EC4E151960D4F6BD655C38AFF547F
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...j............." .........................................................0......%C....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12232
                                                                                                        Entropy (8bit):6.659079053710614
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:NtxDfIeA6WYhW7WWFYg7VWQ4eWpB5ABzR/BVrqnajcb:NtxDfIeA6WYhWp28RLlA
                                                                                                        MD5:9C9B50B204FCB84265810EF1F3C5D70A
                                                                                                        SHA1:0913AB720BD692ABCDB18A2609DF6A7F85D96DB3
                                                                                                        SHA-256:25A99BDF8BF4D16077DC30DD9FFEF7BB5A2CEAF9AFCEE7CF52AD408355239D40
                                                                                                        SHA-512:EA2D22234E587AD9FA255D9F57907CC14327EAD917FDEDE8B0A38516E7C7A08C4172349C8A7479EC55D1976A37E520628006F5C362F6A3EC76EC87978C4469CD
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......6y....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-profile-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):11200
                                                                                                        Entropy (8bit):6.7627840671368835
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:clIHyZ36WYhWulWWFYg7VWQ4yWqeQDbLtsQlmqnajlDC:clIHyZKWYhWKhlbp6l9C
                                                                                                        MD5:0233F97324AAAA048F705D999244BC71
                                                                                                        SHA1:5427D57D0354A103D4BB8B655C31E3189192FC6A
                                                                                                        SHA-256:42F4E84073CF876BBAB9DD42FD87124A4BA10BB0B59D2C3031CB2B2DA7140594
                                                                                                        SHA-512:8339F3C0D824204B541AECBD5AD0D72B35EAF6717C3F547E0FD945656BCB2D52E9BD645E14893B3F599ED8F2DE6D3BCBEBF3B23ED43203599AF7AFA5A4000311
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....f............" .........................................................0.......>....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12224
                                                                                                        Entropy (8bit):6.590253878523919
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:4GeVvXK9WYhW1WWFYg7VWQ4yWj6k50IsQlmqnajlDl:4GeVy9WYhWzVk6l9l
                                                                                                        MD5:E1BA66696901CF9B456559861F92786E
                                                                                                        SHA1:D28266C7EDE971DC875360EB1F5EA8571693603E
                                                                                                        SHA-256:02D987EBA4A65509A2DF8ED5DD0B1A0578966E624FCF5806614ECE88A817499F
                                                                                                        SHA-512:08638A0DD0FB6125F4AB56E35D707655F48AE1AA609004329A0E25C13D2E71CB3EDB319726F10B8F6D70A99F1E0848B229A37A9AB5427BFEE69CD890EDFB89D2
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...._............" .........................................................0.......S....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-string-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):11720
                                                                                                        Entropy (8bit):6.672720452347989
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:byMvQWYhW5fWWFYg7VWQ4eWio3gDwcunYqnajv9JS:byMvQWYhW/BXwulhw
                                                                                                        MD5:7A15B909B6B11A3BE6458604B2FF6F5E
                                                                                                        SHA1:0FEB824D22B6BEEB97BCE58225688CB84AC809C7
                                                                                                        SHA-256:9447218CC4AB1A2C012629AAAE8D1C8A428A99184B011BCC766792AF5891E234
                                                                                                        SHA-512:D01DD566FF906AAD2379A46516E6D060855558C3027CE3B991056244A8EDD09CE29EACEC5EE70CEEA326DED7FC2683AE04C87F0E189EBA0E1D38C06685B743C9
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....<.........." .........................................................0.......g....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):13760
                                                                                                        Entropy (8bit):6.575688560984027
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:L1dv3V0dfpkXc2MAvVaoKKDWYhWTJWWFYg7VWQ4uWoSUtpwBqnajrmaaGWpmJ:Zdv3V0dfpkXc0vVaeWYhWj/qlQGWpmJ
                                                                                                        MD5:6C3FCD71A6A1A39EAB3E5C2FD72172CD
                                                                                                        SHA1:15B55097E54028D1466E46FEBCA1DBB8DBEFEA4F
                                                                                                        SHA-256:A31A15BED26232A178BA7ECB8C8AA9487C3287BB7909952FC06ED0D2C795DB26
                                                                                                        SHA-512:EF1C14965E5974754CC6A9B94A4FA5107E89966CB2E584CE71BBBDD2D9DC0C0536CCC9D488C06FA828D3627206E7D9CC8065C45C6FB0C9121962CCBECB063D4F
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0............`.........................................`...X............ ...................!..............T............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-synch-l1-2-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12232
                                                                                                        Entropy (8bit):6.70261983917014
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:ztZ3XWYhW3WWFYg7VWQ4eWNnpit7ZqnajgnLSl:ztZ3XWYhWVg+llk2
                                                                                                        MD5:D175430EFF058838CEE2E334951F6C9C
                                                                                                        SHA1:7F17FBDCEF12042D215828C1D6675E483A4C62B1
                                                                                                        SHA-256:1C72AC404781A9986D8EDEB0EE5DD39D2C27CE505683CA3324C0ECCD6193610A
                                                                                                        SHA-512:6076086082E3E824309BA2C178E95570A34ECE6F2339BE500B8B0A51F0F316B39A4C8D70898C4D50F89F3F43D65C5EBBEC3094A47D91677399802F327287D43B
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......G.....`.........................................`...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12744
                                                                                                        Entropy (8bit):6.599515320379107
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:fKIMFFyWYhW6WWFYg7VWQ4eWoVjxceXqnajLJ4:fcyWYhWKRjmAlnJ4
                                                                                                        MD5:9D43B5E3C7C529425EDF1183511C29E4
                                                                                                        SHA1:07CE4B878C25B2D9D1C48C462F1623AE3821FCEF
                                                                                                        SHA-256:19C78EF5BA470C5B295DDDEE9244CBD07D0368C5743B02A16D375BFB494D3328
                                                                                                        SHA-512:C8A1C581C3E465EFBC3FF06F4636A749B99358CA899E362EA04B3706EAD021C69AE9EA0EFC1115EAE6BBD9CF6723E22518E9BEC21F27DDAAFA3CF18B3A0034A7
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r............" .........................................................0............`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12232
                                                                                                        Entropy (8bit):6.690164913578267
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:4EWYhWdWWFYg7VWQ4eWvvJ6jxceXqnajLJn:4EWYhWbwYjmAlnJ
                                                                                                        MD5:43E1AE2E432EB99AA4427BB68F8826BB
                                                                                                        SHA1:EEE1747B3ADE5A9B985467512215CAF7E0D4CB9B
                                                                                                        SHA-256:3D798B9C345A507E142E8DACD7FB6C17528CC1453ABFEF2FFA9710D2FA9E032C
                                                                                                        SHA-512:40EC0482F668BDE71AEB4520A0709D3E84F093062BFBD05285E2CC09B19B7492CB96CDD6056281C213AB0560F87BD485EE4D2AEEFA0B285D2D005634C1F3AF0B
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Y$..........." .........................................................0.......d....`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-core-util-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):11720
                                                                                                        Entropy (8bit):6.615761482304143
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:dZ89WYhWFWWFYg7VWQ4eW5QLyFqnajziMOci:dZ89WYhWDnolniMOP
                                                                                                        MD5:735636096B86B761DA49EF26A1C7F779
                                                                                                        SHA1:E51FFBDDBF63DDE1B216DCCC753AD810E91ABC58
                                                                                                        SHA-256:5EB724C51EECBA9AC7B8A53861A1D029BF2E6C62251D00F61AC7E2A5F813AAA3
                                                                                                        SHA-512:3D5110F0E5244A58F426FBB72E17444D571141515611E65330ECFEABDCC57AD3A89A1A8B2DC573DA6192212FB65C478D335A86678A883A1A1B68FF88ED624659
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......Xc....`.........................................`...<............ ...................!..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12744
                                                                                                        Entropy (8bit):6.627282858694643
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:R0WYhWRWWFYg7VWQ4eWLeNxUUtpwBqnajrmaaG:R0WYhWPzjqlQG
                                                                                                        MD5:031DC390780AC08F498E82A5604EF1EB
                                                                                                        SHA1:CF23D59674286D3DC7A3B10CD8689490F583F15F
                                                                                                        SHA-256:B119ADAD588EBCA7F9C88628010D47D68BF6E7DC6050B7E4B787559F131F5EDE
                                                                                                        SHA-512:1468AD9E313E184B5C88FFD79A17C7D458D5603722620B500DBA06E5B831037CD1DD198C8CE2721C3260AB376582F5791958763910E77AA718449B6622D023C7
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..../}..........." .........................................................0......a.....`.........................................0................ ...................!..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):15816
                                                                                                        Entropy (8bit):6.435326465651674
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:JM0wd8dc9cydWYhWyWWFYg7VWQ4eW9jTXfH098uXqnajH/VCf:G0wd8xydWYhWi2bXuXlTV2
                                                                                                        MD5:285DCD72D73559678CFD3ED39F81DDAD
                                                                                                        SHA1:DF22928E43EA6A9A41C1B2B5BFCAB5BA58D2A83A
                                                                                                        SHA-256:6C008BE766C44BF968C9E91CDDC5B472110BEFFEE3106A99532E68C605C78D44
                                                                                                        SHA-512:84EF0A843798FD6BD6246E1D40924BE42550D3EF239DAB6DB4D423B142FA8F691C6F0603687901F1C52898554BF4F48D18D3AEBD47DE935560CDE4906798C39A
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...x............." .........................................................@.......5....`.........................................0................0...................!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12232
                                                                                                        Entropy (8bit):6.5874576656353145
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:6KNMWYhW6WWFYg7VWQ4eWSA5lJSdqnajeMh3:6KNMWYhWKiKdlaW
                                                                                                        MD5:5CCE7A5ED4C2EBAF9243B324F6618C0E
                                                                                                        SHA1:FDB5954EE91583A5A4CBB0054FB8B3BF6235EED3
                                                                                                        SHA-256:AA3E3E99964D7F9B89F288DBE30FF18CBC960EE5ADD533EC1B8326FE63787AA3
                                                                                                        SHA-512:FC85A3BE23621145B8DC067290BD66416B6B1566001A799975BF99F0F526935E41A2C8861625E7CFB8539CA0621ED9F46343C04B6C41DB812F58412BE9C8A0DE
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...g P..........." .........................................................0............`.........................................0..."............ ...................!..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):13768
                                                                                                        Entropy (8bit):6.645869978118917
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:CGnWlC0i5ClWYhWwWWFYg7VWQ4eWtOUtpwBqnajrmaaGN4P:9nWm5ClWYhWQ8qlQGN6
                                                                                                        MD5:41FBBB054AF69F0141E8FC7480D7F122
                                                                                                        SHA1:3613A572B462845D6478A92A94769885DA0843AF
                                                                                                        SHA-256:974AF1F1A38C02869073B4E7EC4B2A47A6CE8339FA62C549DA6B20668DE6798C
                                                                                                        SHA-512:97FB0A19227887D55905C2D622FBF5451921567F145BE7855F72909EB3027F48A57D8C4D76E98305121B1B0CC1F5F2667EF6109C59A83EA1B3E266934B2EB33C
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r..x.........." .........................................................0.......(....`.........................................0................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avcodec-60.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):37333152
                                                                                                        Entropy (8bit):6.632921864082428
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:393216:LzyCmQCOCLheXbl4MEf+Eidgrpj3xO6FLzq2KHplhrX5:L5WLheXbl4MEf+HgrpjVF6PD5
                                                                                                        MD5:32F56F3E644C4AC8C258022C93E62765
                                                                                                        SHA1:06DFF5904EBBF69551DFA9F92E6CC2FFA9679BA1
                                                                                                        SHA-256:85AF2FB4836145098423E08218AC381110A6519CB559FF6FC7648BA310704315
                                                                                                        SHA-512:CAE2B9E40FF71DDAF76A346C20028867439B5726A16AE1AD5E38E804253DFCF6ED0741095A619D0999728D953F2C375329E86B8DE4A0FCE55A8CDC13946D5AD8
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........(........&"...&............P........................................P.......3:...`... ......................................`...........A.....p.......t...X.9.H'.......M..............................(......................P............................text...............................`..`.rodata.0........................... ..`.data...............................@....rdata....X......X.................@..@.pdata..t...........................@..@.xdata..`...........................@..@.bss...................................edata.......`.......|..............@..@.idata...A.......B..................@....CRT....`..........................@....tls...............................@....rsrc...p..........................@....reloc...M.......N..................@..B........................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avformat-60.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):5100112
                                                                                                        Entropy (8bit):6.374242928276845
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:49152:WBUp8DPNkkup6GAx9HEekwEfG/66xcPiw+UgAnBM+sVf9d3PWKOyz/Omlc69kXOV:WB/Z16w8idUgfT0b6LnBSpytGyodUl
                                                                                                        MD5:01589E66D46ABCD9ACB739DA4B542CE4
                                                                                                        SHA1:6BF1BD142DF68FA39EF26E2CAE82450FED03ECB6
                                                                                                        SHA-256:9BB4A5F453DA85ACD26C35969C049592A71A7EF3060BFA4EB698361F2EDB37A3
                                                                                                        SHA-512:0527AF5C1E7A5017E223B3CC0343ED5D42EC236D53ECA30D6DECCEB2945AF0C1FBF8C7CE367E87BC10FCD54A77F5801A0D4112F783C3B7E829B2F40897AF8379
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........D..,....&"...&.R4...D.....P.........................................E.....r}N...`... .......................................D.0-....D.hX...PE.......?.......M.H'...`E..e............................>.(.....................D.`............................text....P4......R4.................`..`.data....3...p4..4...V4.............@....rdata...&....4..(....4.............@..@.pdata........?.......?.............@..@.xdata..8{....A..|...TA.............@..@.bss..........D..........................edata..0-....D.......C.............@..@.idata..hX....D..Z....C.............@....CRT....`....0E......XD.............@....tls.........@E......ZD.............@....rsrc........PE......\D.............@....reloc...e...`E..f...`D.............@..B................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\avutil-58.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1089600
                                                                                                        Entropy (8bit):6.535744457220272
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:NFUq9wHzADwiB0Bm3k6gz0sA+wLDZyoFNRsKYw:TUdMDwIgm3kpzsNpyoFDsKYw
                                                                                                        MD5:3AAF57892F2D66F4A4F0575C6194F0F8
                                                                                                        SHA1:D65C9143603940EDE756D7363AB6750F6B45AB4E
                                                                                                        SHA-256:9E0D0A05B798DA5D6C38D858CE1AD855C6D68BA2F9822FA3DA16E148E97F9926
                                                                                                        SHA-512:A5F595D9C48B8D5191149D59896694C6DD0E9E1AF782366162D7E3C90C75B2914F6E7AFF384F4B59CA7C5A1ECCCDBF5758E90A6A2B14A8625858A599DCCA429B
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........f..X.....&"...&.2...b......P......................................... ......?....`... ......................................0 .xC.... ....... .h.......@>...x..H'.... ............................. Z..(..................... .P............................text....1.......2..................`..`.data........P.......6..............@....rdata...,...`.......8..............@..@.pdata..@>.......@...f..............@..@.xdata...K.......L..................@..@.bss......... ...........................edata..xC...0 ..D..................@..@.idata........ ......6..............@....CRT....`..... ......N..............@....tls.......... ......P..............@....rsrc...h..... ......R..............@....reloc........ ......V..............@..B................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):57488
                                                                                                        Entropy (8bit):6.382541157520703
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:eQ6XULhGj8TzwsoeZwVAsuEIBh8v6H3eQdFyN+yghK3m5rR8vSoQuSd:ECVbTGkiE/c+XA3g2L7S
                                                                                                        MD5:71F796B486C7FAF25B9B16233A7CE0CD
                                                                                                        SHA1:21FFC41E62CD5F2EFCC94BAF71BD2659B76D28D3
                                                                                                        SHA-256:B2ACB555E6D5C6933A53E74581FD68D523A60BCD6BD53E4A12D9401579284FFD
                                                                                                        SHA-512:A82EA6FC7E7096C10763F2D821081F1B1AFFA391684B8B47B5071640C8A4772F555B953445664C89A7DFDB528C5D91A9ADDB5D73F4F5E7509C6D58697ED68432
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l............uU.....x.....x.....x....{...........ox....ox9....ox....Rich...........................PE..d......d.........."......f...N......p).........@....................................2.....`.....................................................................P........(......d.......T...............................8............................................text....e.......f.................. ..`.rdata...6.......8...j..............@..@.data...............................@....pdata..P...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..d...........................@..B................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\iwhgjds.rar

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:RAR archive data, v5
                                                                                                        Category:dropped
                                                                                                        Size (bytes):418638
                                                                                                        Entropy (8bit):7.999568894545257
                                                                                                        Encrypted:true
                                                                                                        SSDEEP:12288:wJhuJqlVzoMgf1hDAAQve9u4VeMid1GAEZ8Aju70Ty6:3GzoHDDAxv0unMiDGAEJjugR
                                                                                                        MD5:50C5B1E63A6A51B55308EBA90D78B85E
                                                                                                        SHA1:F2EDD3837205DF3C9F06994EAC6D5D1BECC4688F
                                                                                                        SHA-256:ED3A7860162269BCC7B07500D0D4325631BBFD1891558A4D80B8E911F5EAC89E
                                                                                                        SHA-512:0E919BF5D6E86E3B516004D8EDD09AE78D3AAEAD937CB2714D5EBF77FC90DD09916A8A621504D0E26C292911A47AA2DF2BFFB2F37BF4FAB11E15139843B09F3D
                                                                                                        Malicious:false
                                                                                                        Preview:Rar!.....1#.!......PTQ....s....)J...?\I.a.....'.&..Sb.m)............Z$ye.Y........@.?..6...>..Q.x].17=J,..<.Mt&^S#H..".R.M.3.7..k....w..#!#e.`.....3Qn.4F...]i.E...S...,..g...=6 f;hz...O.Y.g....a.q..k3...Z<........}.s/(Bmw.V.9!....Z.'...t.J....A.@.\Z_..._t.....%............/.S...o.......i....Vv)-...I..Z=....\..n....^..,i.:.I..+.-N....lr...Zi.Z.....m.YQ.......v1.~.....)}+.0`\'.-+p..4...E.U*...,.LaS...H?1.O6.x..J.*.?.-..?qD|.....S...P../."*V....U.....8.\..i.l......7V..+..t...s.}...r....p..IX.&.{g..V..A-....Y.."L$.Z.^...GtS.?\.c.W@.......c.-...s,..tq.>7.\.;d.?4@,.._%(.H....._.....".F...S.M.E..0.j.k...A..n..^)s...h...........F.....(A.y.._.F@..'.....z,....*t..a...3.4....z.9.#.{.+..&.U...1.O...i.m~.k.`M5[...bz.1>..a....E.T....i.?..:.G.g|r.\.4..|.Z.3....W..e.G....O......@#....!..h..Bj.'..N....\...`.].C..r......Yt.....U.s..V"...Y.-.c...Yyy......nY....W.q..Q.\.5m...}..V....mI.....|...Q.......'.$.s..d0G.+.-..o..<.I(.(t}..C=T.....l....n.......}..B$...|\...

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\msvcp140.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):566704
                                                                                                        Entropy (8bit):6.494428734965787
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:M/Wn7JnU0QUgqtLe1fqSKnqEXG6IOaaal7wC/QaDWxncycIW6zuyLQEKZm+jWodj:yN59IW6zuAQEKZm+jWodEEY1u
                                                                                                        MD5:6DA7F4530EDB350CF9D967D969CCECF8
                                                                                                        SHA1:3E2681EA91F60A7A9EF2407399D13C1CA6AA71E9
                                                                                                        SHA-256:9FEE6F36547D6F6EA7CA0338655555DBA6BB0F798BC60334D29B94D1547DA4DA
                                                                                                        SHA-512:1F77F900215A4966F7F4E5D23B4AAAD203136CB8561F4E36F03F13659FE1FF4B81CAA75FEF557C890E108F28F0484AD2BAA825559114C0DAA588CF1DE6C1AFAB
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y...................Z.........O.....O.....O.....O.....O.....O.6....O.....Rich...........................PE..d...%|.a.........." .....<...\.......)...................................................`A.........................................5..h...(...,............p...9...~...'......0.......T...............................8............P...............................text....;.......<.................. ..`.rdata..j....P.......@..............@..@.data...`:...0......................@....pdata...9...p...:...6..............@..@.rsrc................p..............@..@.reloc..0............t..............@..B................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):35656
                                                                                                        Entropy (8bit):6.370522595411868
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:ixmeWkfdHAWcgj7Y7rEabyLcRwEpYinAMx1nyqaJ:pXUdg8jU7r4LcRZ7Hx1nyqa
                                                                                                        MD5:D3CAC4D7B35BACAE314F48C374452D71
                                                                                                        SHA1:95D2980786BC36FEC50733B9843FDE9EAB081918
                                                                                                        SHA-256:4233600651FB45B9E50D2EC8B98B9A76F268893B789A425B4159675B74F802AA
                                                                                                        SHA-512:21C8D73CC001EF566C1F3C7924324E553A6DCA68764ECB11C115846CA54E74BD1DFED12A65AF28D9B00DDABA04F987088AA30E91B96E050E4FC1A256FFF20880
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D..D..D..M.3.J......F......W......N......G......F..D..l......A..D.........E...._.E......E..RichD..................PE..d................"....#.2...4......`7.........@..........................................`..................................................b..,....................d..H'......<....Z..p...........................`Y..@............P...............................text....1.......2.................. ..`.rdata..H"...P...$...6..............@..@.data...H............Z..............@....pdata...............\..............@..@.rsrc................`..............@..@.reloc..<............b..............@..B........................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\suriqk.bat

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):22
                                                                                                        Entropy (8bit):3.879664004902594
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:mKDDlR+7H6U:hOD6U
                                                                                                        MD5:D9324699E54DC12B3B207C7433E1711C
                                                                                                        SHA1:864EB0A68C2979DCFF624118C9C0618FF76FA76C
                                                                                                        SHA-256:EDFACD2D5328E4FFF172E0C21A54CC90BAF97477931B47B0A528BFE363EF7C7E
                                                                                                        SHA-512:E8CC55B04A744A71157FCCA040B8365473C1165B3446E00C61AD697427221BE11271144F93F853F22906D0FEB61BC49ADFE9CBA0A1F3B3905E7AD6BD57655EB8
                                                                                                        Malicious:false
                                                                                                        Preview:@echo off..Start "" %1

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swresample-4.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):158968
                                                                                                        Entropy (8bit):6.4238235663554955
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:izN/1rbQ+rTccg/Lla75jjVBzYCDNzuDQr5whduOd7EKPuh9Aco6uAGUtQFUzcnX:8N/FQ+rejlaFhdrXORhjD6VGUtQWk
                                                                                                        MD5:7FB892E2AC9FF6981B6411FF1F932556
                                                                                                        SHA1:861B6A1E59D4CD0816F4FEC6FD4E31FDE8536C81
                                                                                                        SHA-256:A45A29AECB118FC1A27ECA103EAD50EDD5343F85365D1E27211FE3903643C623
                                                                                                        SHA-512:986672FBB14F3D61FFF0924801AAB3E9D6854BB3141B95EE708BF5B80F8552D5E0D57182226BABA0AE8995A6A6F613864AB0E5F26C4DCE4EB88AB82B060BDAC5
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........O.....&"...&.h..........P.....................................................`... ...................................... .......0..T....`..........X....E..H'...p..................................(...................02...............................text....f.......h..................`..`.data................l..............@....rdata...Q.......R...n..............@..@.pdata..X...........................@..@.xdata..............................@..@.bss.....................................edata....... ......................@..@.idata..T....0......................@....CRT....X....@......................@....tls.........P......................@....rsrc........`......................@....reloc.......p......................@..B................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\swscale-7.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):707200
                                                                                                        Entropy (8bit):6.610520126248797
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:hTl8xt5jEuhuoWZz8Rt5brZcXVEZMbYwepVQ0G6ddTD8qevJMLf50555555555mj:hZ8xt5jEuhuoWZz8Rt5brZcXVEZMbYJz
                                                                                                        MD5:1144E36E0F8F739DB55A7CF9D4E21E1B
                                                                                                        SHA1:9FA49645C0E3BAE0EDD44726138D7C72EECE06DD
                                                                                                        SHA-256:65F8E4D76067C11F183C0E1670972D81E878E6208E501475DE514BC4ED8638FD
                                                                                                        SHA-512:A82290D95247A67C4D06E5B120415318A0524D00B9149DDDD8B32E21BBD0EE4D86BB397778C4F137BF60DDD4167EE2E9C6490B3018031053E9FE3C0D0B3250E7
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........-.....&"...&............P.....................................................`... ......................................P.......`..........x....P......8...H'......................................(....................c..`............................text...(...........................`..`.data...............................@....rdata...s.......t..................@..@.pdata.......P...0...&..............@..@.xdata...9.......:...V..............@..@.bss.....................................edata.......P......................@..@.idata.......`......................@....CRT....`....p......................@....tls................................@....rsrc...x...........................@....reloc..............................@..B................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\una_front\classes.jsa

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12124160
                                                                                                        Entropy (8bit):4.1175508751036585
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:49152:opbNLHjtBKapOZoWPQ8MQvfyf3t+WpskQS+ZSZmpPwoe5GOSwleJiXACPQDk8p8j:o9NDU1eB1
                                                                                                        MD5:8A13CBE402E0BBF3DA56315F0EBA7F8E
                                                                                                        SHA1:EE8B33FA87D7FA04B9B7766BCF2E2C39C4F641EA
                                                                                                        SHA-256:7B5E6A18A805D030779757B5B9C62721200AD899710FF930FC1C72259383278C
                                                                                                        SHA-512:46B804321AB1642427572DD141761E559924AF5D015F3F1DD97795FB74B6795408DEAD5EA822D2EB8FBD88E747ECCAD9C3EE8F9884DFDB73E87FAD7B541391DA
                                                                                                        Malicious:false
                                                                                                        Preview:.................*.\.....................................+................................Ol.....................................">.............................d..3......................A.......@...... t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................(#......(............... ................Java HotSpot(TM) 64-Bit Server VM (15.0.1+9-18) for windows-amd64 JRE (15.0.1+9-18), built on Sep 15 2020 14:43:54 by "mach5one" with unknown MS VC++:1925....................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\una_front\java.datatransfer.jmod

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Java jmod module version 1.0
                                                                                                        Category:dropped
                                                                                                        Size (bytes):51389
                                                                                                        Entropy (8bit):7.916683616123071
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:GO5DN7hkJDEnwQm0aCDOdC4Lk1eo8eNEyu/73vVjPx5S+3TYWFwSvZt6xdWDvw:GO5h7hkREnyvo8QBuDNjfvD1/3vw
                                                                                                        MD5:8F4C0388762CD566EAE3261FF8E55D14
                                                                                                        SHA1:B6C5AA0BBFDDE8058ABFD06637F7BEE055C79F4C
                                                                                                        SHA-256:AAEFACDD81ADEEC7DBF9C627663306EF6B8CDCDF8B66E0F46590CAA95CE09650
                                                                                                        SHA-512:1EF4D8A9D5457AF99171B0D70A330B702E275DCC842504579E24FC98CC0B276F8F3432782E212589FC52AA93BBBC00A236FE927BE0D832DD083E8F5EBDEB67C2
                                                                                                        Malicious:false
                                                                                                        Preview:JM..PK.........n/Q................classes/module-info.classeP.N.0..../.$...pAM.D.p..!!..X...m.d'.....P7...biw..Y.?._...pM.m..X.q..2.D8o...o.0.J.s...,...".'..>..F..r..M..G.L......!.je.BG....:v.;..a@...Y...3..?.Y....\.m.).CBwn......'.N..+G+^*#.j...R.A..qV.1o...p.....|._.-N$.!.;X....|....G......qi.W{PK...^0.........PK.........n/Q............-...classes/java/awt/datatransfer/Clipboard.class.X.w.W....c...-.Ii...#.P..........@(`.......3.....R...........<....h..W.z......=.=~....l..DN..............;y.@7..#....2.P.._.WR.b.Km..f......9w1T...A.....d..b.r.Ie.Gq,..U+.kcC.be.*.eTe......K3.usU.2...Pe.4T.aYz....>!..q..3.dL.Q..fh/#..P.t.;.f,.."..7..v.(..K7}.2nZ;.Mg..OuzU..c.....!wR.xz....7...tG..d.ED..3...fs.{n\...x...r.!.#X.6.Ke.v........1n.P......#..P...J....)^.dt....k...k...F5...e$.d...=~Do.*t.2....KX....B.#Ha..U2n.j...+fh&....&.zk,.....>...aQ......kj...:.h.Q.uTv.B ......N....*..r'..x..D.4.`k 76fZ....fG..#.....7.4.:w..6....#...x..>lfh.B'.....'l..V.....5..H..

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\una_front\java.instrument.jmod

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Java jmod module version 1.0
                                                                                                        Category:dropped
                                                                                                        Size (bytes):41127
                                                                                                        Entropy (8bit):7.961466748192397
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:L0xH2Z5C7/c8GqFsHWShYYptTpmPSB4gTQSq4Yz1jHoAsbjX:wxH66/crqiH3tTVTsSVYz1jIAsfX
                                                                                                        MD5:D039093C051B1D555C8F9B245B3D7FA0
                                                                                                        SHA1:C81B0DAEDAB28354DEA0634B9AE9E10EE72C4313
                                                                                                        SHA-256:4A495FC5D119724F7D40699BB5D2B298B0B87199D09129AEC88BBBDBC279A68D
                                                                                                        SHA-512:334FD85ACE22C90F8D4F82886EEF1E6583184369A031DCEE6E0B6624291F231D406A2CEC86397C1B94D535B36A5CF7CB632BB9149B8518B794CBFA1D18A2478F
                                                                                                        Malicious:false
                                                                                                        Preview:JM..PK.........n/Q................classes/module-info.classU.M..0..../..........LL...*A.$.t.\x..e,U.N.N..7o.....=B+..,.@..:.`.....`....L.,.".B.M......:...._..uBGf.5.M..g..."..8K\..B.".z..|=6.=1.KB..v,.yJ0/......[.r..OU`....Q}...kP.94oh...b..K{...].'PK........#...PK.........n/Q............2...classes/java/lang/instrument/ClassDefinition.class.SMo.@.}.8q.4M.@.h..b;... ..d.RP$.c...#g...#@.....@.G..........7o.......@.-..J.T.eT..'.......tt.=.P9.C_t.J.5... ...Y...z|*.(..TE...e.....(.......v?pg....<...I.1.:....H.U...1.)..p...P.......|...04..Q..2...%..8~.......#..p"...n..<.Uq..=..:.c..1.2...x.o.w..#....^?q.I..:..Y...6...N..c..>2.k.U...L..&V.H...%....y...[.~GJ...B/M......%...t....+.I.E....H..}....m..j_..8C...:.n...(*..z..Z.Q...$....a.}..T.xW.$....52...T.o..mSL_~.L.FM....W.z.I.]....)..e.....A..$..xH...Td...0i..."...0X....PK..X..~........PK.........n/Q............7...classes/java/lang/instrument/ClassFileTransformer.class.S.n.@.=.8.M.n..b^-/..G..

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\una_front\java.logging.jmod

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Java jmod module version 1.0
                                                                                                        Category:dropped
                                                                                                        Size (bytes):113725
                                                                                                        Entropy (8bit):7.928841651831531
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3072:6jB5A+VPT8IdtpHAUfEzhLpIrxbt2rlnH6:6ZRTPHgU2pItshH6
                                                                                                        MD5:3A03EF8F05A2D0472AE865D9457DAB32
                                                                                                        SHA1:7204170A08115A16A50D5A06C3DE7B0ADB6113B1
                                                                                                        SHA-256:584D15427F5B0AC0CE4BE4CAA2B3FC25030A0CF292F890C6D3F35836BC97FA6D
                                                                                                        SHA-512:1702C6231DAAB27700160B271C3D6171387F89DA0A97A3725B4B9D404C94713CB09BA175DE8E78A8F0CBD8DD0DD73836A38C59CE8D1BD38B4F57771CF9536E77
                                                                                                        Malicious:false
                                                                                                        Preview:JM..PK.........n/Q................classes/module-info.classuQ.N.1.=W......n\1.D.5$&....T...2%....\..~..3(......9.6...o....%..:L...x.=..p..L.......".Gm......*..Z9.R+...}x..$.Y,,..-..z..{.v.K..:9m[.dl....Q#t..F$:5c..h.*.^x".8 \N..A!....O....@.0.Z....p]......0_(.mB...=.J..<.k"4....g<......M$,....:Kz|..^.........8q..{...}.*G....p.S.W...l.M.....PK..R...).......PK.........n/Q................classes/java/util/logging/ConsoleHandler.class}S[o.A...KW..jk.....jy...K.b.R.mH|.......2.K....h...G..,..K...s..r......7....d.u....C...y3..j*..2...1..!wx..2T:.T...b.^..`.D[...0....n.cXy#C..e...=.E.....]..%L..<x.....W........z..u.s..a.e..Zq..-.E@n.!..)....F...\.E...<...[.;W..t.i%.mT".w.x..(.m,...r.....tZ..vPepFI_...D..b..0.U...S;....XP.@..C.#Cq..}aNy_..ZG...q#m<;..g2b.]"..Y.....[7."+..#"wOtb..-..."..@..(.>Y0......C.h...?.~..8A.Mp.....N....Z$ .E...."o.E.uz3;..m.P.z.....7...?.'.q>...2mN.gLv...q1..[}..@~..M.....K..sS.....PK....0w........PK.........n/Q............,...classes/ja

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\una_front\java.management.jmod

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Java jmod module version 1.0
                                                                                                        Category:dropped
                                                                                                        Size (bytes):896846
                                                                                                        Entropy (8bit):7.923431656723031
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:3xz+ej0yUGnip25kAyyrAm0G4hcpbLIWFWb4YNlgWUz4u5cnLXlAVz/Q+9Ec8zCU:3cZpcryy8mp4hpSxWUQuV//yDXX
                                                                                                        MD5:C6FBB7D49CAA027010C2A817D80CA77C
                                                                                                        SHA1:4191E275E1154271ABF1E54E85A4FF94F59E7223
                                                                                                        SHA-256:1C8D9EFAEB087AA474AD8416C3C2E0E415B311D43BCCA3B67CBF729065065F09
                                                                                                        SHA-512:FDDC31FA97AF16470EA2F93E3EF206FFB217E4ED8A5C379D69C512652987E345CB977DB84EDA233B190181C6E6E65C173062A93DB3E6BB9EE7E71472C9BBFE34
                                                                                                        Malicious:false
                                                                                                        Preview:JM..PK.........n/Q................classes/module-info.class.S.N.A.=-.............^PQP4F..|..]{.........S|...(cu/..i.d.z...[....'.M|`.M.GrI.).1.4...8...V.b.EE.Rg...zV.K......Os.W.S?.e.GY.Q`.od..d..Zf....2>.B.29.D.3L7...M&....8.;..2...}..n..n.g...S. ?..._V..Q..9mBo0L..~dD.t.c.ric..2r5qLvr..V....Sm..I}.}.a..Od$2e..M.v.m..w....L..s.C.;...#.f..Ln.......5..9.2....5......P......M.$V.|;...'mw.Vl.2....D..1%.l.a..o...O....!.......h...9V.L.x..?..n]/.6......iVe..{.4.K..s.[....y..|2....3,`.a.....H69.a.;09.5K.C....a_.G.`Jm...ER......9I.D.n...Wp........%..WI...tf..pg5..SN.8y..Y'.:9....U.pq.....}.]X..aE....^t..x.l...^....m.#.......a."r.l.2..Lf).y.^.h..u....PK....N.i.......PK.........n/Q............0...classes/com/sun/jmx/defaults/JmxProperties.class.UMS#U.=.aH.4.4.....J2...h..6v.L2q.......tS.)F........\.....Y..h2...*...{.......w..8Ha.....p.C.c..C;..^+S...F.0..xNt....J5.$.b.og..9l.g....Q..k......"..I....b....-..^.n..<x..4.$pY.(..,\~.F..0...Z<`X[...(p...u^.

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\utest.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):639224
                                                                                                        Entropy (8bit):6.219852228773659
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:FgLcjQQPKZZK8aF4yBj3Fnx4DMDO8jalo:FggjQKuyDnxvOYaC
                                                                                                        MD5:01DACEA3CBE5F2557D0816FC64FAE363
                                                                                                        SHA1:566064A9CB1E33DB10681189A45B105CDD504FD4
                                                                                                        SHA-256:B4C96B1E5EEE34871D9AB43BCEE8096089742032C0669DF3C9234941AAC3D502
                                                                                                        SHA-512:C22BFE54894C26C0BD8A99848B33E1B9A9859B3C0C893CB6039F9486562C98AA4CEAB0D28C98C1038BD62160E03961A255B6F8627A7B2BB51B86CC7D6CBA9151
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*...D..D..D.....D.1J...D...@..D...G..D...A..D...E..D..E..D...E..D..E.O.D...A..D...D..D......D.....D...F..D.Rich..D.........PE..d.....-a.........." ...............................................................E..... .....................................................,.......@....p..xK..................`...T.......................(.......................(............................text............................... ..`.rdata..H=.......>..................@..@.data....H... ...@..................@....pdata..xK...p...L...J..............@..@.rsrc...@...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):98224
                                                                                                        Entropy (8bit):6.452201564717313
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
                                                                                                        MD5:F34EB034AA4A9735218686590CBA2E8B
                                                                                                        SHA1:2BC20ACDCB201676B77A66FA7EC6B53FA2644713
                                                                                                        SHA-256:9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
                                                                                                        SHA-512:D27D5E65E8206BD7923CF2A3C4384FEC0FC59E8BC29E25F8C03D039F3741C01D1A8C82979D7B88C10B209DB31FBBEC23909E976B3EE593DC33481F0050A445AF
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...%|.a.........." .........`......p................................................{....`A.........................................B..4....J...............p..X....X...'..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140_1.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):37256
                                                                                                        Entropy (8bit):6.297533243519742
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl
                                                                                                        MD5:135359D350F72AD4BF716B764D39E749
                                                                                                        SHA1:2E59D9BBCCE356F0FECE56C9C4917A5CACEC63D7
                                                                                                        SHA-256:34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32
                                                                                                        SHA-512:CF23513D63AB2192C78CAE98BD3FEA67D933212B630BE111FA7E03BE3E92AF38E247EB2D3804437FD0FDA70FDC87916CD24CF1D3911E9F3BFB2CC4AB72B459BA
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...)|.a.........." .....:...6......`A....................................................`A.........................................l.......m..x....................n...#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\w32-pthreads.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):53576
                                                                                                        Entropy (8bit):6.371750593889357
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:ij2SSS5nVoSiH/pOfv3Q3cY37Hx1nI6q:GhSSntiH/pOfvAf3
                                                                                                        MD5:E1EEBD44F9F4B52229D6E54155876056
                                                                                                        SHA1:052CEA514FC3DA5A23DE6541F97CD4D5E9009E58
                                                                                                        SHA-256:D96F2242444A334319B4286403D4BFADAF3F9FCCF390F3DD40BE32FB48CA512A
                                                                                                        SHA-512:235BB9516409A55FE7DDB49B4F3179BDCA406D62FD0EC1345ACDDF032B0F3F111C43FF957D4D09AD683D39449C0FFC4C050B387507FADF5384940BD973DAB159
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.<.K.o.K.o.K.o.3.o.K.oK7.n.K.oK7so.K.oK7.n.K.oK7.n.K.oK7.n.K.o'9.n.K.o.K.o.K.o,6.n.K.o,6.n.K.o,6qo.K.o.K.o.K.o,6.n.K.oRich.K.o........PE..d....Q............" ...#.b...J.......f............................................../.....`............................................X...(...........................H'......8.......p...........................P...@...............@............................text...ha.......b.................. ..`.rdata..P,...........f..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..8...........................@..B........................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\zlib.dll

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):144200
                                                                                                        Entropy (8bit):6.592048391646652
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:GjxOs8gLeu4iSssNiTh9Yks32X3KqVy5SmBolzXfqLROJA0o1ZXMvr7Rn6dheIOI:I34iDsG5vm4bfqFKoDmr7h2MHTtwV6K
                                                                                                        MD5:3A0DBC5701D20AA87BE5680111A47662
                                                                                                        SHA1:BC581374CA1EBE8565DB182AC75FB37413220F03
                                                                                                        SHA-256:D53BC4348AD6355C20F75ED16A2F4F641D24881956A7AE8A0B739C0B50CF8091
                                                                                                        SHA-512:4740945606636C110AB6C365BD1BE6377A2A9AC224DE6A79AA506183472A9AD0641ECC63E5C5219EE8097ADEF6533AB35E2594D6F8A91788347FDA93CDB0440E
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...&............P....................................................`... ......................................0..|....@..8....p..................H'......................................(....................A..p............................text...............................`..`.data...............................@....rdata...W.......X..................@..@.pdata..............................@..@.xdata..............................@..@.bss......... ...........................edata..|....0......................@..@.idata..8....@......................@....CRT....X....P......................@....tls.........`......................@....rsrc........p......................@....reloc..............................@..B................................................................................................................................

                                                                                                        C:\Windows\Installer\59ad65.msi

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {C1CE6CFA-C174-4027-92C4-1BDA03096B6B}, Number of Words: 10, Subject: Strave App, Author: Triaox Completely Solutions, Name of Creating Application: Strave App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Strave App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sat Dec 28 14:18:55 2024, Last Saved Time/Date: Sat Dec 28 14:18:55 2024, Last Printed: Sat Dec 28 14:18:55 2024, Number of Pages: 450
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60720930
                                                                                                        Entropy (8bit):7.21483546972935
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:786432:ZrBnuVmrjV7eIAtenOTZboh7Da0HZRfibtgjqp82/3lO:ZrgVmrjV7eIvnOTZbca0qbtgjqX/3lO
                                                                                                        MD5:314486685F91F6B02313D1AD18919B2E
                                                                                                        SHA1:0E5445E6A68CB5349DFE731C2647764B0224D20D
                                                                                                        SHA-256:1C041D279CADCC4EC2AB42E16D52ED0D67A49E78B9F2006361FBB49FD405EF2E
                                                                                                        SHA-512:83F58806B034D35A2D32A13ED0E8C8AC2F0BCC39D5A69D221316B23662EEF796184E8EB062AF5A479DAB62A836011A4EE72F317FFEE9B2A55674DA7CABDE96DE
                                                                                                        Malicious:false
                                                                                                        Preview:......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)...*...................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...X...K...L...e...N...O...P...Q...R...S...T...U...V...W...("..""..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...

                                                                                                        C:\Windows\Installer\59ad68.msi

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {C1CE6CFA-C174-4027-92C4-1BDA03096B6B}, Number of Words: 10, Subject: Strave App, Author: Triaox Completely Solutions, Name of Creating Application: Strave App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Strave App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sat Dec 28 14:18:55 2024, Last Saved Time/Date: Sat Dec 28 14:18:55 2024, Last Printed: Sat Dec 28 14:18:55 2024, Number of Pages: 450
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60720930
                                                                                                        Entropy (8bit):7.21483546972935
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:786432:ZrBnuVmrjV7eIAtenOTZboh7Da0HZRfibtgjqp82/3lO:ZrgVmrjV7eIvnOTZbca0qbtgjqX/3lO
                                                                                                        MD5:314486685F91F6B02313D1AD18919B2E
                                                                                                        SHA1:0E5445E6A68CB5349DFE731C2647764B0224D20D
                                                                                                        SHA-256:1C041D279CADCC4EC2AB42E16D52ED0D67A49E78B9F2006361FBB49FD405EF2E
                                                                                                        SHA-512:83F58806B034D35A2D32A13ED0E8C8AC2F0BCC39D5A69D221316B23662EEF796184E8EB062AF5A479DAB62A836011A4EE72F317FFEE9B2A55674DA7CABDE96DE
                                                                                                        Malicious:false
                                                                                                        Preview:......................>............................................2..................................................................x...............................................................................................................................................%...&...'...(...)...*...................................................Z"..."..E#..F#..G#..H#..I#..J#..K#..L#..M#..N#..O#..P#..Q#..R#..S#..T#..U#...+...+...,...,...,...,...,...,...,..-0...0../0..00...2...2...2...2...2...2...2...2..............d...........................8...............B................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-...7.../...0...1...2...3...4...5...6.......9...M...:...;...<...=...>...?...@...A...D...C...J...E...F...G...H...I...X...K...L...e...N...O...P...Q...R...S...T...U...V...W...("..""..Z...[...\...]...^..._...`...a...b...c.......~...f...g...h...i...j...k...l...m...n...o...p...q...r.......t...u...v...w...x...y...z...

                                                                                                        C:\Windows\Installer\MSIB66E.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1021792
                                                                                                        Entropy (8bit):6.608727172078022
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                        MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                        SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                        SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                        SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Installer\MSIB6DC.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1021792
                                                                                                        Entropy (8bit):6.608727172078022
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                        MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                        SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                        SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                        SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Installer\MSIB72B.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1021792
                                                                                                        Entropy (8bit):6.608727172078022
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                        MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                        SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                        SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                        SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Installer\MSIB75B.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1021792
                                                                                                        Entropy (8bit):6.608727172078022
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                        MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                        SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                        SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                        SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Installer\MSIB7AA.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1201504
                                                                                                        Entropy (8bit):6.4557937684843365
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:W4FsQxRqkY1ngOktwC2Tec+4VGWSlnH/YrjPWeTIUGVUrHtAkJMsFUh29BKjxw:D2QxNwCsec+4VGWSlnfYvO3UGVUrHtAg
                                                                                                        MD5:E83D774F643972B8ECCDB3A34DA135C5
                                                                                                        SHA1:A58ECCFB12D723C3460563C5191D604DEF235D15
                                                                                                        SHA-256:D0A6F6373CFB902FCD95BC12360A9E949F5597B72C01E0BD328F9B1E2080B5B7
                                                                                                        SHA-512:CB5FF0E66827E6A1FA27ABDD322987906CFDB3CDB49248EFEE04D51FEE65E93B5D964FF78095866E197448358A9DE9EC7F45D4158C0913CBF0DBD849883A6E90
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............@G..@G..@G.yCF..@G.yEF..@G.|CF..@G.|DF..@G.|EF..@G.yDF..@G.yAF..@G..AG..@G.}IF..@G.}@F..@G.}.G..@G...G..@G.}BF..@GRich..@G........PE..L...'.$g.........."!...).~..........Pq.......................................`......0.....@A........................ ...t...............................`=.......l......p........................... ...@...............L............................text...J}.......~.................. ..`.rdata...;.......<..................@..@.data...............................@....fptable............................@....rsrc...............................@..@.reloc...l.......n..................@..B........................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Installer\MSIB7DA.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1021792
                                                                                                        Entropy (8bit):6.608727172078022
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                        MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                        SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                        SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                        SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Installer\MSIB81A.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1021792
                                                                                                        Entropy (8bit):6.608727172078022
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
                                                                                                        MD5:EE09D6A1BB908B42C05FD0BEEB67DFD2
                                                                                                        SHA1:1EB7C1304B7BCA649C2A5902B18A1EA57CEAA532
                                                                                                        SHA-256:7BBF611F5E2A16439DC8CD11936F6364F6D5CC0044545C92775DA5646AFC7752
                                                                                                        SHA-512:2DD2E4E66D2F2277F031C5F3C829A31C3B29196AB27262C6A8F1896A2113A1BE1687C9E8CD9667B89157F099DFB969EF14AE3EA602D4C772E960BC41D39C3D05
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L.....$g.........."!...).....`...... ........ ...........................................@A............................L...,...@....................Z..`=......\....K..p....................L...... K..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Installer\MSID3D0.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):380520
                                                                                                        Entropy (8bit):6.512348002260683
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6144:ZSXJmYiFGLzkhEFeCPGi5B8dZ6t+6bUSfcqKgAST:ZSXJ9khElPGvcttbxpAST
                                                                                                        MD5:FFDAACB43C074A8CB9A608C612D7540B
                                                                                                        SHA1:8F054A7F77853DE365A7763D93933660E6E1A890
                                                                                                        SHA-256:7484797EA4480BC71509FA28B16E607F82323E05C44F59FFA65DB3826ED1B388
                                                                                                        SHA-512:A9BD31377F7A6ECF75B1D90648847CB83D8BD65AD0B408C4F8DE6EB50764EEF1402E7ACDFF375B7C3B07AC9F94184BD399A10A22418DB474908B5E7A1ADFE263
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?{..?{..?{..x..?{..~..?{...x..?{......?{...~..?{.....?{..z..?{..?z..>{..r..?{..{..?{....?{..?.?{..y..?{.Rich.?{.........PE..L...>.$g.........."!...)..................... .......................................'....@A........................@3..X....3.......... ...............h:.......6..@...p...............................@............ ..(............................text...J........................... ..`.rdata...$... ...&..................@..@.data....!...P......................@....fptable.............@..............@....rsrc... ............B..............@..@.reloc...6.......8...\..............@..B........................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Installer\MSIDF99.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):216009
                                                                                                        Entropy (8bit):4.956600223170726
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:aq6H9WTo1Z0Ceau0a/r3NLZZOjjDcC7uFFy9Z8YJNs9Z7E9ykK1:adH9D1Z0vZXJZYDFufyXbJNCca
                                                                                                        MD5:C4BF67C34FBB367539B093CC7A10F88A
                                                                                                        SHA1:573576292E90B3C3E681B33BFD379FE431E83E55
                                                                                                        SHA-256:FB6D1D84D55B313F6B84BBE1FA54AAE125F97B5A1758EF17ED1D7599F5B98A90
                                                                                                        SHA-512:7473B1BCB8E5E377131251FA790697686CE3D4ED8EA68CCED1F0F47AA9F21832CBD5F37ED87DE9A0C734C5C017B20D8F1C1535EAB4E7EFFC020B58416B2B5112
                                                                                                        Malicious:false
                                                                                                        Preview:...@IXOS.@.....@.5.Y.@.....@.....@.....@.....@.....@......&.{E9B95379-39C0-4003-BD36-AF035097CDF9}..Strave App..setup.msi.@.....@.....@.....@......icon_24.exe..&.{C1CE6CFA-C174-4027-92C4-1BDA03096B6B}.....@.....@.....@.....@.......@.....@.....@.......@......Strave App......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@3....@.....@.]....&.{F39C344E-A83E-4760-8DA8-F27602095B4F}G.C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\.@.......@.....@.....@......&.{BC83E781-7DE2-47A8-97C3-2E6CC9BCAD82};.21:\Software\Triaox Completely Solutions\Strave App\Version.@.......@.....@.....@......&.{279C32E3-A00A-4513-9A8B-D3984A41A6FB}P.C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\utest.dll.@.......@.....@.....@......&.{B61B35E4-8BE1-4171-B69B-E2423CE9179F}W.C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\vcruntime140.dll.@

                                                                                                        C:\Windows\Installer\MSIDFAA.tmp

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):787808
                                                                                                        Entropy (8bit):6.693392695195763
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:aE33f8zyjmfyY43pNRmkL7mh0lhSMXlEeGXDMGz+:L3fSyjmfyY43pNRp7T0eGwGz+
                                                                                                        MD5:8CF47242B5DF6A7F6D2D7AF9CC3A7921
                                                                                                        SHA1:B51595A8A113CF889B0D1DD4B04DF16B3E18F318
                                                                                                        SHA-256:CCB57BDBB19E1AEB2C8DD3845CDC53880C1979284E7B26A1D8AE73BBEAF25474
                                                                                                        SHA-512:748C4767D258BFA6AD2664AA05EF7DC16F2D204FAE40530430EF5D1F38C8F61F074C6EC6501489053195B6B6F6E02D29FDE970D74C6AE97649D8FE1FD342A288
                                                                                                        Malicious:false
                                                                                                        Antivirus:
                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............m..m..m.'n..m.'h.q.m.'i..m.."i..m.."n..m.."h..m.'l..m..l..m.#d..m.#m..m.#...m.....m.#o..m.Rich.m.........PE..L.....$g.........."!...).....4............................................... ............@A........................@J.......J..........................`=......4`...~..p........................... ~..@............................................text............................... ..`.rdata..Z...........................@..@.data...D-...`.......B..............@....fptable.............^..............@....rsrc................`..............@..@.reloc..4`.......b...f..............@..B........................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Installer\SourceHash{E9B95379-39C0-4003-BD36-AF035097CDF9}

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):20480
                                                                                                        Entropy (8bit):1.1621313663647939
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:JSbX72FjRIAGiLIlHVRpMh/7777777777777777777777777vDHFRQRp3Xl0i8Q:JUQI5cEf6F
                                                                                                        MD5:CCA7DB3DB38C39477845F57AE79CC6E8
                                                                                                        SHA1:53DD7CAAA1A3C539364DF4A042F77F81E5AA0D6E
                                                                                                        SHA-256:FD87CF8E014780A5550CA0C37DC3410ED4DFA14A311EDCEC7D242712CFAC6D79
                                                                                                        SHA-512:1B1434A6908661E18F8386ECCFF3FE52B2324110812721A06459401D78486B74B9FE71587A864994BADDA1A1E2E6407A462E78D778F3AA2E1E6326AA3D75C4A2
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):20480
                                                                                                        Entropy (8bit):1.5889588052816723
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:98PhhuRc06WXJ8FT5yCh8lyAErCyKSq8l5fEMUXm8lQSq8lIT4B:ghh1fFTBEwChusXC+
                                                                                                        MD5:A69395B384758C610938D04CE45506F9
                                                                                                        SHA1:A534996608522495C021F8AD614711EDB2A6516B
                                                                                                        SHA-256:115C86948A449E2B95057CB25BF256F11591BA8B4FB0B8F7724BCA8C4EB64A34
                                                                                                        SHA-512:145621E5D12CBB7CE1F25B527807662DDD7F522F2471F7EE6976EBCFD5A7DF6271D19C3C5F71D2CDE90BD2DD82137ED54546C12AF1EB9851240E88A0CBC9CACF
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):364484
                                                                                                        Entropy (8bit):5.365505694915575
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauZ:zTtbmkExhMJCIpEe
                                                                                                        MD5:2F38DFEDA6E135B5793F457F8848C52A
                                                                                                        SHA1:3C6CC76E57BBEDD501CA6300F05C4D2299754BA1
                                                                                                        SHA-256:D1C3785DD96C026DD832BEEB6E79CECE6A85315E1A33F2B1C519D40E4E1C9D7A
                                                                                                        SHA-512:B8524674A2BA0D51C02622E93763C90A18B0B8BAF0B12C0934E568B7DB33FC64F088822E7F3D13F3483ADD9747587EA032CC83523C342BF77196F45D1BBBA855
                                                                                                        Malicious:false
                                                                                                        Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                        C:\Windows\Temp\~DF188BE2C19AD7342F.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):32768
                                                                                                        Entropy (8bit):1.271083905972041
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:FuZu7O+CFXJxT5EV0Ch8lyAErCyKSq8l5fEMUXm8lQSq8lIT4B:QZfJTuVJEwChusXC+
                                                                                                        MD5:1976DC3C1AC15F671BC3E5A58FB878B7
                                                                                                        SHA1:15C61AE885D14F6BAE698728DF0AC52A6E861792
                                                                                                        SHA-256:2EC3E27F527BB6C451A65F1C53B20AD602FA51B0AB35BEF9D43E894489C17E88
                                                                                                        SHA-512:A432BBAD7B6EAF9B5A67107CC38D6538E6D5E9D888725B573506943C6BA67B5DCCFA9E36AC01FD2FF918EAF893FCE189A5C6DE8374841EE3E2D41C75313374EC
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF28371ED289BAE804.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):20480
                                                                                                        Entropy (8bit):1.5889588052816723
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:98PhhuRc06WXJ8FT5yCh8lyAErCyKSq8l5fEMUXm8lQSq8lIT4B:ghh1fFTBEwChusXC+
                                                                                                        MD5:A69395B384758C610938D04CE45506F9
                                                                                                        SHA1:A534996608522495C021F8AD614711EDB2A6516B
                                                                                                        SHA-256:115C86948A449E2B95057CB25BF256F11591BA8B4FB0B8F7724BCA8C4EB64A34
                                                                                                        SHA-512:145621E5D12CBB7CE1F25B527807662DDD7F522F2471F7EE6976EBCFD5A7DF6271D19C3C5F71D2CDE90BD2DD82137ED54546C12AF1EB9851240E88A0CBC9CACF
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF39C522EAD2C8A830.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):512
                                                                                                        Entropy (8bit):0.0
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3::
                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                        Malicious:false
                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF3BA789DC5898484F.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):512
                                                                                                        Entropy (8bit):0.0
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3::
                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                        Malicious:false
                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF3D507C68A39BB447.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):73728
                                                                                                        Entropy (8bit):0.1466931757416107
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:FBtT28lQSq8lV8lyAErCyKSq8l5fEMUXB7:FSLwChusXB
                                                                                                        MD5:214E07BD405587DF24FFDA8434DAAB25
                                                                                                        SHA1:BFB92A67E3D6CBA01AC8EDCFE086FE9D443EE6A9
                                                                                                        SHA-256:739C352543891A03BB538EE93276C333F4F57DCCDF98B94CDDBF021252FF5B5D
                                                                                                        SHA-512:C7082F9E981D2855E945780F6A091F00B68490B88DF373741869CD478C6B4DC8698EB7126CE838B9A3DD6FBA78DEE7F879964039BD851FA81382753297176729
                                                                                                        Malicious:false
                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF3DCC94C56BEFEABD.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):20480
                                                                                                        Entropy (8bit):1.5889588052816723
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:98PhhuRc06WXJ8FT5yCh8lyAErCyKSq8l5fEMUXm8lQSq8lIT4B:ghh1fFTBEwChusXC+
                                                                                                        MD5:A69395B384758C610938D04CE45506F9
                                                                                                        SHA1:A534996608522495C021F8AD614711EDB2A6516B
                                                                                                        SHA-256:115C86948A449E2B95057CB25BF256F11591BA8B4FB0B8F7724BCA8C4EB64A34
                                                                                                        SHA-512:145621E5D12CBB7CE1F25B527807662DDD7F522F2471F7EE6976EBCFD5A7DF6271D19C3C5F71D2CDE90BD2DD82137ED54546C12AF1EB9851240E88A0CBC9CACF
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF68660F5441BC792C.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):32768
                                                                                                        Entropy (8bit):1.271083905972041
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:FuZu7O+CFXJxT5EV0Ch8lyAErCyKSq8l5fEMUXm8lQSq8lIT4B:QZfJTuVJEwChusXC+
                                                                                                        MD5:1976DC3C1AC15F671BC3E5A58FB878B7
                                                                                                        SHA1:15C61AE885D14F6BAE698728DF0AC52A6E861792
                                                                                                        SHA-256:2EC3E27F527BB6C451A65F1C53B20AD602FA51B0AB35BEF9D43E894489C17E88
                                                                                                        SHA-512:A432BBAD7B6EAF9B5A67107CC38D6538E6D5E9D888725B573506943C6BA67B5DCCFA9E36AC01FD2FF918EAF893FCE189A5C6DE8374841EE3E2D41C75313374EC
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF83FAD4D3461AD234.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):512
                                                                                                        Entropy (8bit):0.0
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3::
                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                        Malicious:false
                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DF93745358CCE435F5.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):512
                                                                                                        Entropy (8bit):0.0
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3::
                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                        Malicious:false
                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DFE62F948C5E7CAC76.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):32768
                                                                                                        Entropy (8bit):0.06926978780718487
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKORXgDeFyVky6l3X:2F0i8n0itFzDHFRQQ3X
                                                                                                        MD5:3F7FA7E062CFE5554AA719A6F5A7D7E1
                                                                                                        SHA1:D83D207862CFC4F50D633CBDAA561E92BF21AD23
                                                                                                        SHA-256:21E632A62E8EAD57DDF1B881E9330FE13785407C431792AA9EA59F7A7884088A
                                                                                                        SHA-512:A438F2A84D81C8B26E849AEE91F1B78575762D5DFE398706C0C234C78F358133BF25C8B9C31CCC5A62A42F2919C8FB703346E1660E6994152EF274DBEC4F15D7
                                                                                                        Malicious:false
                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DFE76A1A503A676564.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):512
                                                                                                        Entropy (8bit):0.0
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3::
                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                        Malicious:false
                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Windows\Temp\~DFF783C23C1CE22390.TMP

                                                                                                        Download File
                                                                                                        Process:C:\Windows\System32\msiexec.exe
                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                        Category:dropped
                                                                                                        Size (bytes):32768
                                                                                                        Entropy (8bit):1.271083905972041
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:FuZu7O+CFXJxT5EV0Ch8lyAErCyKSq8l5fEMUXm8lQSq8lIT4B:QZfJTuVJEwChusXC+
                                                                                                        MD5:1976DC3C1AC15F671BC3E5A58FB878B7
                                                                                                        SHA1:15C61AE885D14F6BAE698728DF0AC52A6E861792
                                                                                                        SHA-256:2EC3E27F527BB6C451A65F1C53B20AD602FA51B0AB35BEF9D43E894489C17E88
                                                                                                        SHA-512:A432BBAD7B6EAF9B5A67107CC38D6538E6D5E9D888725B573506943C6BA67B5DCCFA9E36AC01FD2FF918EAF893FCE189A5C6DE8374841EE3E2D41C75313374EC
                                                                                                        Malicious:false
                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        \Device\ConDrv

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe
                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):638
                                                                                                        Entropy (8bit):4.751962275036146
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:ku/L92WF4gx9l+jsPczo/CdaD0gwiSrlEX6OPkRVdoaQLeU4wv:ku/h5F4Bs0oCdalwisCkRVKVeU4wv
                                                                                                        MD5:15CA959638E74EEC47E0830B90D0696E
                                                                                                        SHA1:E836936738DCB6C551B6B76054F834CFB8CC53E5
                                                                                                        SHA-256:57F2C730C98D62D6C84B693294F6191FD2BEC7D7563AD9963A96AE87ABEBF9EE
                                                                                                        SHA-512:101390C5D2FA93162804B589376CF1E4A1A3DD4BDF4B6FE26D807AFC3FF80DA26EE3BAEB731D297A482165DE7CA48508D6EAA69A5509168E9CEF20B4A88A49FD
                                                                                                        Malicious:false
                                                                                                        Preview:[createdump] createdump [options] pid..-f, --name - dump path and file name. The default is '%TEMP%\dump.%p.dmp'. These specifiers are substituted with following values:.. %p PID of dumped process... %e The process executable filename... %h Hostname return by gethostname()... %t Time of dump, expressed as seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC)...-n, --normal - create minidump...-h, --withheap - create minidump with heap (default)...-t, --triage - create triage minidump...-u, --full - create full core dump...-d, --diag - enable diagnostic messages...-v, --verbose - enable verbose diagnostic messages...

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {C1CE6CFA-C174-4027-92C4-1BDA03096B6B}, Number of Words: 10, Subject: Strave App, Author: Triaox Completely Solutions, Name of Creating Application: Strave App, Template: x64;2057, Comments: This installer database contains the logic and data required to install Strave App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sat Dec 28 14:18:55 2024, Last Saved Time/Date: Sat Dec 28 14:18:55 2024, Last Printed: Sat Dec 28 14:18:55 2024, Number of Pages: 450
                                                                                                        Entropy (8bit):7.21483546972935
                                                                                                        TrID:
                                                                                                        • Windows SDK Setup Transform Script (63028/2) 88.73%
                                                                                                        • Generic OLE2 / Multistream Compound File (8008/1) 11.27%
                                                                                                        File name:setup.msi
                                                                                                        File size:60'720'930 bytes
                                                                                                        MD5:314486685f91f6b02313d1ad18919b2e
                                                                                                        SHA1:0e5445e6a68cb5349dfe731c2647764b0224d20d
                                                                                                        SHA256:1c041d279cadcc4ec2ab42e16d52ed0d67a49e78b9f2006361fbb49fd405ef2e
                                                                                                        SHA512:83f58806b034d35a2d32a13ed0e8c8ac2f0bcc39d5a69d221316b23662eef796184e8eb062af5a479dab62a836011a4ee72f317ffee9b2a55674da7cabde96de
                                                                                                        SSDEEP:786432:ZrBnuVmrjV7eIAtenOTZboh7Da0HZRfibtgjqp82/3lO:ZrgVmrjV7eIvnOTZbca0qbtgjqX/3lO
                                                                                                        TLSH:F5D76C01B3FA4148F2F75EB17EBA85A5947ABD521B30C0EF1244A60E1B71BC25BB1763
                                                                                                        File Content Preview:........................>............................................2..................................................................x......................................................................................................................

                                                                                                        File Icon

                                                                                                        Icon Hash:2d2e3797b32b2b99

                                                                                                        Network Behavior

                                                                                                        Suricata IDS Alerts

                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                        2024-12-31T12:47:58.006424+01002822521ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner)145.77.249.79443192.168.2.549704TCP
                                                                                                        2024-12-31T12:47:58.010727+01002829202ETPRO MALWARE MSIL/Zbrain PUP/Stealer Installer UA1192.168.2.54970445.77.249.79443TCP

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Dec 31, 2024 12:47:56.658394098 CET49704443192.168.2.545.77.249.79
                                                                                                        Dec 31, 2024 12:47:56.658431053 CET4434970445.77.249.79192.168.2.5
                                                                                                        Dec 31, 2024 12:47:56.658519030 CET49704443192.168.2.545.77.249.79
                                                                                                        Dec 31, 2024 12:47:56.660856009 CET49704443192.168.2.545.77.249.79
                                                                                                        Dec 31, 2024 12:47:56.660870075 CET4434970445.77.249.79192.168.2.5
                                                                                                        Dec 31, 2024 12:47:57.905631065 CET4434970445.77.249.79192.168.2.5
                                                                                                        Dec 31, 2024 12:47:57.905731916 CET49704443192.168.2.545.77.249.79
                                                                                                        Dec 31, 2024 12:47:58.006409883 CET49704443192.168.2.545.77.249.79
                                                                                                        Dec 31, 2024 12:47:58.006423950 CET4434970445.77.249.79192.168.2.5
                                                                                                        Dec 31, 2024 12:47:58.006804943 CET4434970445.77.249.79192.168.2.5
                                                                                                        Dec 31, 2024 12:47:58.006890059 CET49704443192.168.2.545.77.249.79
                                                                                                        Dec 31, 2024 12:47:58.010277987 CET49704443192.168.2.545.77.249.79
                                                                                                        Dec 31, 2024 12:47:58.010679960 CET49704443192.168.2.545.77.249.79
                                                                                                        Dec 31, 2024 12:47:58.010710955 CET4434970445.77.249.79192.168.2.5
                                                                                                        Dec 31, 2024 12:47:58.647129059 CET4434970445.77.249.79192.168.2.5
                                                                                                        Dec 31, 2024 12:47:58.647207975 CET4434970445.77.249.79192.168.2.5
                                                                                                        Dec 31, 2024 12:47:58.647228956 CET49704443192.168.2.545.77.249.79
                                                                                                        Dec 31, 2024 12:47:58.647263050 CET49704443192.168.2.545.77.249.79
                                                                                                        Dec 31, 2024 12:47:58.647386074 CET49704443192.168.2.545.77.249.79
                                                                                                        Dec 31, 2024 12:47:58.647386074 CET49704443192.168.2.545.77.249.79
                                                                                                        Dec 31, 2024 12:47:58.647403002 CET4434970445.77.249.79192.168.2.5
                                                                                                        Dec 31, 2024 12:47:58.647449017 CET49704443192.168.2.545.77.249.79

                                                                                                        UDP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Dec 31, 2024 12:47:55.983679056 CET5156353192.168.2.51.1.1.1
                                                                                                        Dec 31, 2024 12:47:56.652419090 CET53515631.1.1.1192.168.2.5

                                                                                                        DNS Queries

                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                        Dec 31, 2024 12:47:55.983679056 CET192.168.2.51.1.1.10x8901Standard query (0)kikoschmidt.comA (IP address)IN (0x0001)false

                                                                                                        DNS Answers

                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                        Dec 31, 2024 12:47:56.652419090 CET1.1.1.1192.168.2.50x8901No error (0)kikoschmidt.com45.77.249.79A (IP address)IN (0x0001)false
                                                                                                        Dec 31, 2024 12:47:56.652419090 CET1.1.1.1192.168.2.50x8901No error (0)kikoschmidt.com178.62.201.34A (IP address)IN (0x0001)false
                                                                                                        Dec 31, 2024 12:47:56.652419090 CET1.1.1.1192.168.2.50x8901No error (0)kikoschmidt.com104.131.68.180A (IP address)IN (0x0001)false

                                                                                                        HTTP Request Dependency Graph

                                                                                                        • kikoschmidt.com

                                                                                                        HTTPS Proxied Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        0192.168.2.54970445.77.249.794432452C:\Windows\SysWOW64\msiexec.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-12-31 11:47:58 UTC193OUTPOST /updater.php HTTP/1.1
                                                                                                        Content-Type: application/x-www-form-urlencoded; charset=utf-8
                                                                                                        User-Agent: AdvancedInstaller
                                                                                                        Host: kikoschmidt.com
                                                                                                        Content-Length: 71
                                                                                                        Cache-Control: no-cache
                                                                                                        2024-12-31 11:47:58 UTC71OUTData Raw: 44 61 74 65 3d 33 31 25 32 46 31 32 25 32 46 32 30 32 34 26 54 69 6d 65 3d 30 36 25 33 41 34 37 25 33 41 35 34 26 42 75 69 6c 64 56 65 72 73 69 6f 6e 3d 38 2e 39 2e 39 26 53 6f 72 6f 71 56 69 6e 73 3d 54 72 75 65
                                                                                                        Data Ascii: Date=31%2F12%2F2024&Time=06%3A47%3A54&BuildVersion=8.9.9&SoroqVins=True
                                                                                                        2024-12-31 11:47:58 UTC94INHTTP/1.1 200 OK
                                                                                                        Date: Tue, 31 Dec 2024 11:47:58 GMT
                                                                                                        Content-Length: 0
                                                                                                        Connection: close


                                                                                                        Statistics

                                                                                                        CPU Usage

                                                                                                        Click to jump to process

                                                                                                        Memory Usage

                                                                                                        Click to jump to process

                                                                                                        High Level Behavior Distribution

                                                                                                        Click to dive into process behavior distribution

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        General

                                                                                                        Target ID:0
                                                                                                        Start time:06:47:44
                                                                                                        Start date:31/12/2024
                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
                                                                                                        Imagebase:0x7ff65d8d0000
                                                                                                        File size:69'632 bytes
                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:1
                                                                                                        Start time:06:47:44
                                                                                                        Start date:31/12/2024
                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                        Imagebase:0x7ff65d8d0000
                                                                                                        File size:69'632 bytes
                                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:3
                                                                                                        Start time:06:47:47
                                                                                                        Start date:31/12/2024
                                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding E7FCD295C1DCFE14718D81B356B76280
                                                                                                        Imagebase:0x260000
                                                                                                        File size:59'904 bytes
                                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:4
                                                                                                        Start time:06:47:57
                                                                                                        Start date:31/12/2024
                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssE011.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiE00E.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scrE00F.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrE010.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                                                                                                        Imagebase:0xe0000
                                                                                                        File size:433'152 bytes
                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:5
                                                                                                        Start time:06:47:57
                                                                                                        Start date:31/12/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                        File size:862'208 bytes
                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:7
                                                                                                        Start time:06:48:05
                                                                                                        Start date:31/12/2024
                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\suriqk.bat" "C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe""
                                                                                                        Imagebase:0x7ff6e9ce0000
                                                                                                        File size:289'792 bytes
                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:8
                                                                                                        Start time:06:48:05
                                                                                                        Start date:31/12/2024
                                                                                                        Path:C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\createdump.exe"
                                                                                                        Imagebase:0x7ff66d580000
                                                                                                        File size:57'488 bytes
                                                                                                        MD5 hash:71F796B486C7FAF25B9B16233A7CE0CD
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Antivirus matches:
                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                        Reputation:moderate
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:9
                                                                                                        Start time:06:48:05
                                                                                                        Start date:31/12/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                        File size:862'208 bytes
                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:10
                                                                                                        Start time:06:48:05
                                                                                                        Start date:31/12/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                        File size:862'208 bytes
                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:11
                                                                                                        Start time:06:48:05
                                                                                                        Start date:31/12/2024
                                                                                                        Path:C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\Triaox Completely Solutions\Strave App\obs-ffmpeg-mux.exe"
                                                                                                        Imagebase:0x7ff799a00000
                                                                                                        File size:35'656 bytes
                                                                                                        MD5 hash:D3CAC4D7B35BACAE314F48C374452D71
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Antivirus matches:
                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:12
                                                                                                        Start time:06:48:05
                                                                                                        Start date:31/12/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                        File size:862'208 bytes
                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Has exited:true

                                                                                                        Disassembly

                                                                                                        No disassembly