Edit tour

Windows Analysis Report
3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Overview

General Information

Sample name:	3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe renamed because original name is a hash value
Original sample name:	3_.pdf.exe
Analysis ID:	1385428
MD5:	075d6c122274cb9226521d3cd298f2f2
SHA1:	6f54d70f39fa28596ef90bfcb0c14278b016db1b
SHA256:	92192af947017c20ad861faf4459fb705e63f7083b34c77c1727891b88091573
Tags:	exeRemoteUtilitiesrurat
Infos:

Detection

RMSRemoteAdmin, Remote Utilities

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected Remote Utilities RAT

Detected unpacking (overwrites its own PE header)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sigma detected: Suspicious Double Extension File Execution

Connects to many ports of the same IP (likely port scanning)

Initial sample is a PE file and has a suspicious name

Query firmware table information (likely to detect VMs)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses an obfuscated file name to hide its real file extension (double extension)

AV process strings found (often used to terminate AV products)

Checks for available system drives (often done to infect USB drives)

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

Extensive use of GetProcAddress (often used to hide API calls)

File is packed with WinRar

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Launches processes in debugging mode, may be used to hinder debugging

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries the installation date of Windows

Queries the product ID of Windows

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Outbound SMTP Connections

Stores large binary data to the registry

Tries to load missing DLLs

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected RMS RemoteAdmin tool

Yara signature match

Classification

Process Tree

System is w10x64

3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe (PID: 7316 cmdline: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe MD5: 075D6C122274CB9226521D3CD298F2F2)

msiexec.exe (PID: 7416 cmdline: "C:\Windows\System32\msiexec.exe" /i Exel.msi /qn MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7448 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7528 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 494BECA00E3009394CA5F2713F238EA9 MD5: 9D09DC1EDA745A5F87553048E57620CF)

rfusclient.exe (PID: 7600 cmdline: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\user\AppData\Local\Temp\Exel.msi MD5: 6AAE165F3B1575DB887A0370CFC80083)

rutserv.exe (PID: 7640 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstall MD5: 652C2A693B333504A3879460D0AF7224)

rutserv.exe (PID: 7676 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewall MD5: 652C2A693B333504A3879460D0AF7224)

rutserv.exe (PID: 7772 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /start MD5: 652C2A693B333504A3879460D0AF7224)

rutserv.exe (PID: 7876 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -service MD5: 652C2A693B333504A3879460D0AF7224)

rutserv.exe (PID: 8008 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -firewall MD5: 652C2A693B333504A3879460D0AF7224)

rfusclient.exe (PID: 8048 cmdline: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe MD5: 6AAE165F3B1575DB887A0370CFC80083)

rfusclient.exe (PID: 5016 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray MD5: 6AAE165F3B1575DB887A0370CFC80083)

rfusclient.exe (PID: 8068 cmdline: "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray MD5: 6AAE165F3B1575DB887A0370CFC80083)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	JoeSecurity_RMSRemoteAdmin	Yara detected RMS RemoteAdmin tool	Joe Security
C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	MALWARE_Win_RemoteUtilitiesRAT	RemoteUtilitiesRAT RAT payload	ditekSHen	0x39d3a4:$s1: rman_message 0x405be0:$s3: rms_host_ 0x40657c:$s3: rms_host_ 0x7a410c:$s4: rman_av_capture_settings 0x3a76cc:$s7: _rms_log.txt 0x45d27c:$s8: rms_internet_id_settings
C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	JoeSecurity_RMSRemoteAdmin	Yara detected RMS RemoteAdmin tool	Joe Security
C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	MALWARE_Win_RemoteUtilitiesRAT	RemoteUtilitiesRAT RAT payload	ditekSHen	0x3a02f0:$s1: rman_message 0x431f3c:$s3: rms_host_ 0x4328e0:$s3: rms_host_ 0x7d1f30:$s4: rman_av_capture_settings 0x83a260:$s5: rman_registry_key 0x83a2ac:$s5: rman_registry_key 0x4e5a1c:$s6: rms_system_information 0x2e6274:$s7: _rms_log.txt 0x4a5efc:$s8: rms_internet_id_settings

Memory Dumps

Source	Rule	Description	Author
00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp	JoeSecurity_RMSRemoteAdmin	Yara detected RMS RemoteAdmin tool	Joe Security
00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RMSRemoteAdmin	Yara detected RMS RemoteAdmin tool	Joe Security
00000005.00000000.1747218595.0000000001739000.00000002.00000001.01000000.0000000A.sdmp	JoeSecurity_RMSRemoteAdmin	Yara detected RMS RemoteAdmin tool	Joe Security
00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp	JoeSecurity_RMSRemoteAdmin	Yara detected RMS RemoteAdmin tool	Joe Security
Process Memory Space: rfusclient.exe PID: 7600	JoeSecurity_RMSRemoteAdmin	Yara detected RMS RemoteAdmin tool	Joe Security
Process Memory Space: rutserv.exe PID: 7640	JoeSecurity_RMSRemoteAdmin	Yara detected RMS RemoteAdmin tool	Joe Security
Process Memory Space: rutserv.exe PID: 7876	JoeSecurity_RMSRemoteAdmin	Yara detected RMS RemoteAdmin tool	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
4.0.rfusclient.exe.650000.0.unpack	JoeSecurity_RMSRemoteAdmin	Yara detected RMS RemoteAdmin tool	Joe Security
4.0.rfusclient.exe.650000.0.unpack	MALWARE_Win_RemoteUtilitiesRAT	RemoteUtilitiesRAT RAT payload	ditekSHen	0x39d3a4:$s1: rman_message 0x405be0:$s3: rms_host_ 0x40657c:$s3: rms_host_ 0x7a410c:$s4: rman_av_capture_settings 0x3a76cc:$s7: _rms_log.txt 0x45d27c:$s8: rms_internet_id_settings

Sigma Signatures

System Summary

Sigma detected: Suspicious Double Extension File Execution

Source: Process started

Author: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, CommandLine: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, NewProcessName: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, OriginalFileName: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, ProcessId: 7316, ProcessName: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Sigma detected: Suspicious Outbound SMTP Connections

Source: Network Connection

Author: frack113: Data: DestinationIp: 101.99.94.54, DestinationIsIpv6: false, DestinationPort: 465, EventID: 3, Image: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, Initiated: true, ProcessId: 7876, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49736

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Virustotal: Detection: 28%

Perma Link

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002690 CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11017100 DES_ecb_encrypt,DES_encrypt1,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002120 CRYPTO_set_mem_ex_functions,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1103A120 BN_BLINDING_create_param,CRYPTO_malloc,ERR_put_error,_memset,BN_dup,CRYPTO_THREADID_current,BN_new,BN_new,BN_free,BN_dup,BN_rand_range,BN_mod_inverse,ERR_peek_last_error,ERR_clear_error,BN_rand_range,ERR_put_error,BN_mod_exp,BN_BLINDING_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104C120 DSA_SIG_new,CRYPTO_malloc,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108C120 ASN1_PCTX_new,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11046130 RSA_padding_add_PKCS1_OAEP_mgf1,EVP_sha1,EVP_MD_size,ERR_put_error,EVP_Digest,_memset,RAND_bytes,CRYPTO_malloc,PKCS1_MGF1,PKCS1_MGF1,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108E130 a2i_ASN1_ENUMERATED,BIO_gets,CRYPTO_malloc,CRYPTO_realloc,BIO_gets,ERR_put_error,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11019150 DES_ofb_encrypt,DES_encrypt1,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11047150 RSA_padding_add_PKCS1_PSS_mgf1,EVP_MD_size,BN_num_bits,RSA_size,ERR_put_error,CRYPTO_malloc,ERR_put_error,ERR_put_error,RAND_bytes,EVP_MD_CTX_init,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_cleanup,PKCS1_MGF1,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104C150 DSA_SIG_free,BN_free,BN_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106E150 ERR_load_ERR_strings,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11068160 BIO_get_accept_socket,BIO_sock_init,BUF_strdup,DSO_global_lookup,DSO_global_lookup,BIO_get_port,htons,BIO_get_host_ip,htonl,socket,setsockopt,bind,WSAGetLastError,htonl,socket,connect,closesocket,closesocket,socket,WSAGetLastError,ERR_put_error,ERR_add_error_data,ERR_put_error,ERR_put_error,ERR_add_error_data,ERR_put_error,listen,WSAGetLastError,ERR_put_error,ERR_add_error_data,ERR_put_error,CRYPTO_free,closesocket,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110C2160 ENGINE_add,ERR_put_error,CRYPTO_lock,ERR_put_error,CRYPTO_lock,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101F170 idea_cbc_encrypt,idea_encrypt,idea_encrypt,idea_encrypt,idea_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002180 CRYPTO_set_locked_mem_functions,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104E180 DSO_new_method,DSO_METHOD_openssl,CRYPTO_malloc,ERR_put_error,sk_new_null,ERR_put_error,CRYPTO_free,sk_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11072180 EVP_EncryptUpdate,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107D180 EVP_PKEY_encrypt_init,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11053190 EC_POINT_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110311A0 CRYPTO_gcm128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106F1A0 ERR_peek_last_error_line_data,ERR_get_state,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110811A0 ASN1_item_i2d_bio,ASN1_item_i2d,ERR_put_error,BIO_write,BIO_write,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110171B0 DES_cbc_encrypt,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1105B1B0 EC_KEY_get_key_method_data,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110021C0 CRYPTO_set_locked_mem_ex_functions,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110511C0 BN_dup,BN_free,BN_dup,BN_free,CRYPTO_free,BUF_memdup,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110531C0 EC_POINT_clear_free,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110031D0 CRYPTO_dbg_realloc,CRYPTO_dbg_malloc,CRYPTO_is_mem_check_on,CRYPTO_mem_ctrl,lh_delete,lh_insert,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110721D0 EVP_EncryptFinal_ex,ERR_put_error,OpenSSLDie,ERR_put_error,_memset,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107F1D0 ASN1_UTCTIME_adj,ASN1_STRING_type_new,OPENSSL_gmtime,OPENSSL_gmtime_adj,CRYPTO_malloc,ERR_put_error,ASN1_STRING_free,CRYPTO_free,BIO_snprintf,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110801D0 BN_to_ASN1_INTEGER,ASN1_STRING_type_new,BN_num_bits,CRYPTO_realloc,ERR_put_error,ASN1_STRING_free,BN_bn2bin,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108F1D0 BIO_new_NDEF,CRYPTO_malloc,BIO_f_asn1,BIO_new,BIO_push,BIO_asn1_set_prefix,BIO_asn1_set_suffix,BIO_ctrl,BIO_free,CRYPTO_free,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110041E0 CRYPTO_lock,sk_num,sk_num,CRYPTO_get_ex_data,CRYPTO_set_ex_data,CRYPTO_malloc,sk_value,CRYPTO_lock,ERR_put_error,sk_num,sk_value,CRYPTO_set_ex_data,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110501F0 DH_free,CRYPTO_add_lock,ENGINE_finish,CRYPTO_free_ex_data,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,CRYPTO_free,BN_clear_free,BN_clear_free,BN_clear_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107D1F0 EVP_PKEY_encrypt,ERR_put_error,EVP_PKEY_size,ERR_put_error,ERR_put_error,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11020000 BF_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11053000 CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11082000 ASN1_item_digest,ASN1_item_i2d,EVP_Digest,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11086030 X509_CRL_METHOD_new,CRYPTO_malloc,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11068040 BIO_get_host_ip,ERR_put_error,BIO_sock_init,CRYPTO_lock,gethostbyname,ERR_put_error,ERR_put_error,CRYPTO_lock,ERR_add_error_data,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11070040 OBJ_add_object,lh_new,OBJ_dup,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,ERR_put_error,CRYPTO_free,ASN1_OBJECT_free,lh_insert,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11083050 i2d_ASN1_TYPE,CRYPTO_malloc,i2d_ASN1_TYPE,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101E060 RC2_cfb64_encrypt,RC2_encrypt,RC2_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11053060 CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11004070 CRYPTO_get_ex_data,sk_num,sk_value,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11030070 CRYPTO_nistcts128_decrypt_block,CRYPTO_cbc128_decrypt,CRYPTO_cbc128_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11023080 CAST_ofb64_encrypt,CAST_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11050080 DH_new_method,CRYPTO_malloc,ERR_put_error,DH_OpenSSL,ENGINE_init,ERR_put_error,CRYPTO_free,ENGINE_get_default_DH,X509_PURPOSE_get0_name,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_new_ex_data,ENGINE_finish,CRYPTO_free_ex_data,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11080080 ASN1_INTEGER_set,CRYPTO_free,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11082080 ASN1_verify,EVP_MD_CTX_init,OBJ_obj2nid,OBJ_nid2sn,EVP_get_digestbyname,ERR_put_error,EVP_MD_CTX_cleanup,ERR_put_error,EVP_MD_CTX_cleanup,CRYPTO_malloc,ERR_put_error,EVP_DigestInit_ex,EVP_DigestUpdate,OPENSSL_cleanse,CRYPTO_free,EVP_VerifyFinal,EVP_MD_CTX_cleanup,ERR_put_error,EVP_MD_CTX_cleanup,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110020A0 CRYPTO_set_mem_functions,OPENSSL_init,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110040A0 CRYPTO_lock,sk_num,CRYPTO_malloc,sk_value,CRYPTO_lock,ERR_put_error,sk_num,sk_value,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110530A0 CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110310B0 CRYPTO_gcm128_aad,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108D0B0 EVP_PKEY_asn1_add_alias,CRYPTO_malloc,_memset,EVP_PKEY_asn1_add0,EVP_PKEY_asn1_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1103F0C0 BN_MONT_CTX_free,BN_clear_free,BN_clear_free,BN_clear_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110810C0 ASN1_i2d_bio,CRYPTO_malloc,ERR_put_error,BIO_write,BIO_write,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110840D0 X509_PUBKEY_set0_param,X509_ALGOR_set0,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110030E0 CRYPTO_dbg_free,CRYPTO_is_mem_check_on,CRYPTO_mem_ctrl,lh_delete,CRYPTO_free,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110530E0 EC_POINT_new,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002300 CRYPTO_get_locked_mem_functions,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11022300 CAST_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11067300 BIO_vprintf,CRYPTO_push_info_,CRYPTO_free,BIO_write,CRYPTO_free,BIO_write,CRYPTO_pop_info,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11086300 X509_INFO_free,CRYPTO_add_lock,X509_free,X509_CRL_free,X509_PKEY_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11023310 AES_cfb1_encrypt,AES_encrypt,CRYPTO_cfb128_1_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11050310 DH_get_ex_new_index,CRYPTO_get_ex_new_index,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1105F310 ECPKParameters_print,BN_CTX_new,EC_GROUP_get_asn1_flag,BIO_indent,ENGINE_get_pkey_asn1_meths,OBJ_nid2sn,BIO_printf,BIO_printf,EC_curve_nid2nist,BIO_indent,BIO_printf,pqueue_peek,X509_TRUST_get_flags,BN_new,BN_new,BN_new,BN_new,BN_new,EC_GROUP_get_curve_GF2m,EC_GROUP_get_curve_GFp,X509_TRUST_get_flags,EC_GROUP_get_order,EC_GROUP_get_cofactor,ENGINE_get_init_function,EC_POINT_point2bn,BN_num_bits,BN_num_bits,BN_num_bits,BN_num_bits,BN_num_bits,BN_num_bits,ENGINE_get_finish_function,EVP_MD_block_size,CRYPTO_malloc,BIO_indent,OBJ_nid2sn,BIO_printf,EC_GROUP_get_basis_type,BIO_indent,OBJ_nid2sn,BIO_printf,ASN1_bn_print,ASN1_bn_print,ASN1_bn_print,ASN1_bn_print,ASN1_bn_print,ASN1_bn_print,ERR_put_error,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_CTX_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11039320 BN_set_word,CRYPTO_malloc,ERR_put_error,__time64,RAND_add,RAND_bytes,RAND_pseudo_bytes,BN_bin2bn,OPENSSL_cleanse,CRYPTO_free,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104A320 RSA_public_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11057320 ERR_put_error,EC_POINT_set_to_infinity,BN_CTX_new,X509_TRUST_get_flags,ERR_put_error,EC_POINT_cmp,BN_num_bits,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,BN_num_bits,CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_put_error,CRYPTO_free,ERR_put_error,CRYPTO_free,EC_POINT_new,EC_POINT_new,EC_POINT_copy,EC_POINT_dbl,EC_POINT_add,EC_POINTs_make_affine,EC_POINT_dbl,EC_POINT_invert,EC_POINT_copy,EC_POINT_add,EC_POINT_set_to_infinity,EC_POINT_invert,ERR_put_error,BN_CTX_free,EC_POINT_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EC_POINT_clear_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104A330 RSA_private_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11081330 ASN1_ENUMERATED_set,CRYPTO_free,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11085330 X509_get_ex_new_index,CRYPTO_get_ex_new_index,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002340 CRYPTO_get_locked_mem_ex_functions,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104A340 RSA_private_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11046340 RSA_padding_check_PKCS1_OAEP_mgf1,EVP_sha1,EVP_MD_size,CRYPTO_malloc,ERR_put_error,CRYPTO_malloc,PKCS1_MGF1,PKCS1_MGF1,EVP_Digest,CRYPTO_memcmp,ERR_put_error,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11093340 ASN1_STRING_TABLE_add,sk_new,ERR_put_error,ASN1_STRING_TABLE_get,CRYPTO_malloc,ERR_put_error,sk_push,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11023350 AES_cfb8_encrypt,AES_encrypt,CRYPTO_cfb128_8_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11037350 CRYPTO_malloc,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104E350 DSO_up_ref,ERR_put_error,CRYPTO_add_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11045350 RSA_verify_ASN1_OCTET_STRING,RSA_size,ERR_put_error,CRYPTO_malloc,ERR_put_error,RSA_public_decrypt,d2i_ASN1_OCTET_STRING,ERR_put_error,ASN1_STRING_free,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104A350 RSA_public_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110C2350 ENGINE_finish,ERR_put_error,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,ERR_put_error,CRYPTO_lock,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106E360 ERR_clear_error,ERR_get_state,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107E360 a2d_ASN1_OBJECT,ERR_put_error,BN_new,BN_set_word,BN_mul_word,BN_add_word,BN_add_word,BN_num_bits,CRYPTO_free,CRYPTO_malloc,BN_div_word,CRYPTO_free,BN_free,ERR_put_error,CRYPTO_free,BN_free,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107D360 EVP_PKEY_decrypt,ERR_put_error,EVP_PKEY_size,ERR_put_error,ERR_put_error,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002370 CRYPTO_get_mem_debug_functions,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11004380 CRYPTO_lock,sk_num,CRYPTO_malloc,sk_value,CRYPTO_lock,CRYPTO_lock,sk_value,CRYPTO_lock,sk_num,sk_value,CRYPTO_free,sk_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107C380 EVP_PKEY_meth_new,CRYPTO_malloc,_memset,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11023390 AES_ofb128_encrypt,AES_encrypt,CRYPTO_ofb128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106F3A0 ERR_load_crypto_strings,ERR_load_BN_strings,ERR_load_RSA_strings,ERR_load_DH_strings,ERR_load_EVP_strings,ERR_load_BUF_strings,ERR_load_OBJ_strings,ERR_load_PEM_strings,ERR_load_DSA_strings,ERR_load_X509_strings,ERR_load_ASN1_strings,ERR_load_CONF_strings,ERR_load_CRYPTO_strings,ERR_load_COMP_strings,ERR_load_EC_strings,ERR_load_ECDSA_strings,ERR_load_ECDH_strings,ERR_load_BIO_strings,ERR_load_PKCS7_strings,ERR_load_X509V3_strings,ERR_load_PKCS12_strings,ERR_load_RAND_strings,ERR_load_DSO_strings,ERR_load_TS_strings,ERR_load_ENGINE_strings,ERR_load_OCSP_strings,ERR_load_UI_strings,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108E3A0 X509_PKEY_free,d2i_NETSCAPE_SPKAC,d2i_NETSCAPE_SPKAC,CRYPTO_add_lock,X509_ALGOR_free,ASN1_STRING_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110633B0 BIO_get_ex_new_index,CRYPTO_get_ex_new_index,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108F3B0 sk_num,BIO_write,sk_value,OBJ_obj2nid,OBJ_nid2sn,EVP_get_digestbyname,BIO_puts,CRYPTO_free,BIO_puts,BIO_puts,sk_num,BIO_puts,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110233C0 AES_ctr128_encrypt,AES_encrypt,CRYPTO_ctr128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102F3C0 SEED_ecb_encrypt,SEED_encrypt,SEED_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106A3C0 sk_new,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110023D0 CRYPTO_malloc_locked,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110303E0 CRYPTO_nistcts128_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110373E0 BN_clear_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110413E0 BN_GF2m_mod_solve_quad,BN_num_bits,CRYPTO_malloc,BN_GF2m_poly2arr,BN_GF2m_mod_solve_quad_arr,CRYPTO_free,ERR_put_error,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110B23EE sk_value,CMS_RecipientEncryptedKey_cert_cmp,sk_num,CMS_RecipientInfo_kari_set0_pkey,CMS_RecipientInfo_kari_decrypt,CMS_RecipientInfo_kari_set0_pkey,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106E3E0 ERR_get_state,CRYPTO_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102F3F0 SEED_cbc_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002200 CRYPTO_set_mem_debug_functions,OPENSSL_init,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11018200 DES_cfb_encrypt,DES_encrypt1,DES_encrypt1,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11025200 AES_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1105B200 EC_KEY_insert_key_method_data,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110CA200 UI_new,CRYPTO_malloc,ERR_put_error,UI_OpenSSL,CRYPTO_new_ex_data,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110C9200 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11032210 CRYPTO_ccm128_encrypt_ccm64,_memset,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11035210 BN_mod_exp_mont_consttime,BN_set_word,BN_set_word,BN_CTX_start,BN_MONT_CTX_new,BN_MONT_CTX_set,CRYPTO_malloc,_memset,BN_value_one,BN_ucmp,BN_div,BN_is_bit_set,BN_is_bit_set,BN_from_montgomery,BN_MONT_CTX_free,OPENSSL_cleanse,CRYPTO_free,BN_CTX_end,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11022230 CAST_ecb_encrypt,CAST_encrypt,CAST_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11082230 ASN1_item_verify,ERR_put_error,ERR_put_error,EVP_MD_CTX_init,OBJ_obj2nid,OBJ_find_sigid_algs,ERR_put_error,ERR_put_error,OBJ_nid2sn,EVP_get_digestbyname,ERR_put_error,EVP_PKEY_type,ERR_put_error,EVP_DigestVerifyInit,ASN1_item_i2d,ERR_put_error,EVP_DigestUpdate,OPENSSL_cleanse,CRYPTO_free,EVP_DigestVerifyFinal,ERR_put_error,EVP_MD_CTX_cleanup,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110C2240 CRYPTO_lock,CRYPTO_lock,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002250 CRYPTO_get_mem_functions,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101E250 RC2_ofb64_encrypt,RC2_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11027250 private_AES_set_encrypt_key,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11045250 RSA_sign_ASN1_OCTET_STRING,i2d_ASN1_OCTET_STRING,RSA_size,ERR_put_error,CRYPTO_malloc,ERR_put_error,i2d_ASN1_OCTET_STRING,RSA_private_encrypt,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104E250 DSO_free,ERR_put_error,CRYPTO_add_lock,ERR_put_error,ERR_put_error,sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110C9250 UI_free,sk_pop_free,CRYPTO_free_ex_data,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11027260 private_AES_set_decrypt_key,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108D260 a2i_ASN1_INTEGER,BIO_gets,CRYPTO_malloc,CRYPTO_realloc_clean,BIO_gets,ERR_put_error,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11053270 EC_POINT_dup,EC_POINT_new,EC_POINT_copy,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106E270 ERR_put_error,ERR_get_state,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108C280 i2s_ASN1_INTEGER,BIO_puts,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110C9280 ERR_put_error,ERR_put_error,CRYPTO_malloc,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107E290 i2d_ASN1_OBJECT,ASN1_object_size,CRYPTO_malloc,ERR_put_error,ASN1_put_object,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110232A0 AES_ecb_encrypt,AES_encrypt,AES_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110712A0 OBJ_add_sigid,sk_new,sk_new,CRYPTO_malloc,sk_push,CRYPTO_free,sk_push,sk_sort,sk_sort,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110022B0 CRYPTO_get_mem_ex_functions,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110862B0 X509_INFO_new,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110592C0 BN_new,BN_new,pqueue_peek,X509_TRUST_get_flags,EC_GROUP_get_curve_GFp,ERR_put_error,EC_GROUP_get_curve_GF2m,BN_num_bits,BN_num_bits,CRYPTO_malloc,BN_bn2bin,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,ASN1_STRING_set,ASN1_STRING_set,ASN1_BIT_STRING_new,CRYPTO_malloc,BN_bn2bin,ASN1_OCTET_STRING_set,ASN1_BIT_STRING_free,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110232D0 AES_cfb128_encrypt,AES_encrypt,CRYPTO_cfb128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110302D0 CRYPTO_cts128_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110372D0 bn_dup_expand,BN_new,CRYPTO_free,BN_new,BN_copy,BN_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110C22D0 ENGINE_init,ERR_put_error,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110032E0 __localtime64,BIO_snprintf,BIO_snprintf,X509_TRUST_get_flags,BIO_snprintf,BIO_snprintf,BIO_puts,CRYPTO_THREADID_cpy,_memset,X509_TRUST_get_flags,BIO_snprintf,BUF_strlcpy,BIO_snprintf,BIO_puts,CRYPTO_THREADID_cmp,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110502E0 DH_up_ref,CRYPTO_add_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110722E0 EVP_DecryptUpdate,ERR_put_error,OpenSSLDie,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107D2F0 EVP_PKEY_decrypt_init,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11094500 _strrchr,OBJ_create,CRYPTO_malloc,OBJ_nid2obj,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11004510 ERR_load_CRYPTO_strings,ERR_func_error_string,ERR_load_strings,ERR_load_strings,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002510 CRYPTO_strdup,CRYPTO_malloc,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11030510 CRYPTO_cfb128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1105A520 i2d_ECPrivateKey,ASN1_item_new,ERR_put_error,BN_num_bits,EC_GROUP_get_degree,ERR_put_error,CRYPTO_malloc,BN_bn2bin,_memset,ASN1_STRING_set,ERR_put_error,CRYPTO_free,ASN1_item_free,ASN1_STRING_type_new,EC_POINT_point2oct,CRYPTO_realloc,EC_POINT_point2oct,ASN1_STRING_set,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11061520 CRYPTO_malloc,ERR_put_error,ECDSA_OpenSSL,ENGINE_get_default_ECDSA,EVP_PKEY_CTX_get_app_data,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_new_ex_data,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11092530 ASN1_STRING_set,CRYPTO_malloc,CRYPTO_realloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11003540 CRYPTO_mem_leaks,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,lh_doall_arg,BIO_printf,CRYPTO_lock,lh_free,lh_num_items,lh_free,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11091540 CONF_parse_list,i2d_ASN1_TYPE,ASN1_TYPE_free,ASN1_get_object,ASN1_object_size,ASN1_object_size,CRYPTO_malloc,ASN1_put_object,ASN1_put_object,d2i_ASN1_TYPE,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110B7540 X509_STORE_CTX_get0_policy_tree,EVP_PKEY_derive,EVP_CipherInit_ex,EVP_CipherUpdate,CRYPTO_malloc,EVP_CipherUpdate,OPENSSL_cleanse,CRYPTO_free,EVP_CIPHER_CTX_cleanup,EVP_PKEY_CTX_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1103F550 BN_MONT_CTX_new,CRYPTO_malloc,BN_init,BN_init,BN_init,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002560 CRYPTO_realloc,CRYPTO_malloc,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001580 CRYPTO_num_locks,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001590 CRYPTO_destroy_dynlockid,CRYPTO_lock,sk_num,sk_value,sk_set,CRYPTO_lock,CRYPTO_free,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11037590 BN_CTX_new,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107B590 EVP_PBE_alg_add_type,sk_new,CRYPTO_malloc,ERR_put_error,sk_push,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104E5A0 DSO_set_filename,ERR_put_error,CRYPTO_malloc,ERR_put_error,BUF_strlcpy,CRYPTO_free,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106D5A0 CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,_strerror,_strncpy,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1103F5B0 BN_MONT_CTX_set_locked,CRYPTO_lock,CRYPTO_lock,BN_MONT_CTX_new,BN_MONT_CTX_set,BN_MONT_CTX_free,CRYPTO_lock,BN_MONT_CTX_free,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110775B0 EVP_OpenInit,EVP_CIPHER_CTX_init,EVP_DecryptInit_ex,ERR_put_error,CRYPTO_free,RSA_size,CRYPTO_malloc,ERR_put_error,EVP_PKEY_decrypt_old,EVP_CIPHER_CTX_set_key_length,EVP_DecryptInit_ex,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110325C0 CRYPTO_ccm128_tag,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110725C0 EVP_CIPHER_CTX_cleanup,OPENSSL_cleanse,CRYPTO_free,ENGINE_finish,_memset,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108D5C0 a2i_ASN1_STRING,BIO_gets,CRYPTO_malloc,CRYPTO_realloc,BIO_gets,ERR_put_error,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108F5C0 BUF_strdup,BUF_strdup,CRYPTO_malloc,sk_push,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110B95D0 CRYPTO_malloc,BUF_strdup,BUF_strdup,sk_new_null,sk_push,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110025E0 CRYPTO_realloc_clean,CRYPTO_malloc,OPENSSL_cleanse,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110595E0 BN_new,ERR_put_error,ASN1_item_new,X509_TRUST_get_flags,ENGINE_get_init_function,EC_POINT_point2oct,CRYPTO_malloc,EC_POINT_point2oct,ASN1_OCTET_STRING_new,ASN1_OCTET_STRING_set,EC_GROUP_get_order,BN_to_ASN1_INTEGER,EC_GROUP_get_cofactor,BN_to_ASN1_INTEGER,ERR_put_error,ASN1_item_free,BN_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110175F0 DES_ecb3_encrypt,DES_encrypt3,DES_decrypt3,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110375F0 BN_CTX_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110925F0 ASN1_STRING_set0,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11023400 AES_ige_encrypt,OpenSSLDie,OpenSSLDie,OpenSSLDie,AES_encrypt,AES_encrypt,AES_decrypt,AES_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031410 CRYPTO_gcm128_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11032410 CRYPTO_ccm128_decrypt_ccm64,_memset,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11078410 EVP_PKEY_free,CRYPTO_add_lock,ENGINE_finish,X509_ATTRIBUTE_free,sk_pop_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108B410 asn1_do_lock,CRYPTO_add_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11020420 BF_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102F420 SEED_cfb128_encrypt,SEED_encrypt,CRYPTO_cfb128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11063420 BIO_new,CRYPTO_malloc,ERR_put_error,BIO_set,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108E420 X509_PKEY_new,CRYPTO_malloc,X509_ALGOR_new,ASN1_STRING_type_new,X509_PKEY_free,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106F430 ERR_print_errors_cb,CRYPTO_THREADID_current,X509_TRUST_get_flags,ERR_get_error_line_data,ERR_error_string_n,BIO_snprintf,ERR_get_error_line_data,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101C440 DES_fcrypt,_memset,DES_set_key_unchecked,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11066440 CRYPTO_malloc,CRYPTO_realloc,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106A440 sk_insert,CRYPTO_realloc,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11072440 EVP_DecryptFinal_ex,ERR_put_error,ERR_put_error,OpenSSLDie,ERR_put_error,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002450 CRYPTO_free_locked,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102F460 SEED_ofb128_encrypt,SEED_encrypt,CRYPTO_ofb128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11081470 BN_to_ASN1_ENUMERATED,ASN1_STRING_type_new,BN_num_bits,CRYPTO_realloc,ERR_put_error,ASN1_STRING_free,BN_bn2bin,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11037480 CRYPTO_malloc,BN_init,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104A480 RSA_setup_blinding,BN_CTX_new,BN_CTX_start,BN_CTX_get,ERR_put_error,ERR_put_error,RAND_status,RAND_add,BN_BLINDING_create_param,ERR_put_error,BN_BLINDING_thread_id,CRYPTO_THREADID_current,BN_CTX_end,BN_CTX_free,BN_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110B7480 CMS_RecipientEncryptedKey_cert_cmp,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002490 CRYPTO_malloc,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102F490 CRYPTO_cbc128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11038490 bn_expand2,CRYPTO_malloc,bn_sub_words,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11078490 EVP_PKEY_encrypt_old,ERR_put_error,RSA_public_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108B4A0 asn1_enc_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110854A0 i2d_X509_AUX,ASN1_item_i2d,i2d_X509_CERT_AUX,CRYPTO_malloc,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110B94B0 sk_new_null,CRYPTO_malloc,BUF_strdup,sk_push,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108A4C0 ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,BUF_MEM_grow_clean,ERR_put_error,ERR_put_error,ERR_put_error,asn1_ex_c2i,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110704D0 OBJ_create,a2d_ASN1_OBJECT,CRYPTO_malloc,ERR_put_error,a2d_ASN1_OBJECT,ASN1_OBJECT_create,OBJ_add_object,ASN1_OBJECT_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107D4D0 EVP_PKEY_derive_set_peer,ERR_put_error,EVP_PKEY_missing_parameters,EVP_PKEY_cmp_parameters,ERR_put_error,EVP_PKEY_free,CRYPTO_add_lock,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110014E0 CRYPTO_get_new_lockid,sk_new_null,ERR_put_error,BUF_strdup,sk_push,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106C4E0 GetVersion,OPENSSL_isservice,GetDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleBitmap,GetObjectA,CRYPTO_malloc,GetDIBits,EVP_sha1,EVP_Digest,RAND_add,CRYPTO_free,DeleteObject,ReleaseDC,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110784E0 EVP_PKEY_decrypt_old,ERR_put_error,RSA_private_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110634F0 BIO_dup_chain,CRYPTO_malloc,BIO_set,BIO_ctrl,CRYPTO_dup_ex_data,BIO_push,CRYPTO_free,ERR_put_error,BIO_free,BIO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107C4F0 EVP_PKEY_CTX_free,EVP_PKEY_free,EVP_PKEY_free,ENGINE_finish,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108B4F0 asn1_enc_save,CRYPTO_free,CRYPTO_malloc,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001700 CRYPTO_get_dynlock_destroy_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106A700 sk_dup,sk_new,CRYPTO_realloc,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11077700 EVP_SealInit,EVP_CIPHER_CTX_init,EVP_EncryptInit_ex,EVP_CIPHER_CTX_rand_key,X509_get_issuer_name,X509_get_issuer_name,RAND_bytes,EVP_EncryptInit_ex,X509_STORE_CTX_get0_policy_tree,EVP_PKEY_encrypt_old,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110B9700 CONF_get1_default_config_file,ossl_safe_getenv,BUF_strdup,X509_get_default_cert_area,CRYPTO_malloc,X509_get_default_cert_area,BUF_strlcpy,BUF_strlcat,BUF_strlcat,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001710 CRYPTO_set_dynlock_create_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101D710 RC2_ecb_encrypt,RC2_encrypt,RC2_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11094710 PEM_SignFinal,EVP_PKEY_size,CRYPTO_malloc,ERR_put_error,EVP_SignFinal,EVP_EncodeBlock,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110C4710 ENGINE_pkey_asn1_find_str,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002720 CRYPTO_set_mem_debug_options,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001720 CRYPTO_set_dynlock_lock_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102A720 Camellia_ctr128_encrypt,Camellia_encrypt,CRYPTO_ctr128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11036720 ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11045720 RSA_padding_check_PKCS1_type_2,CRYPTO_malloc,ERR_put_error,OPENSSL_cleanse,CRYPTO_free,ERR_put_error,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002730 CRYPTO_get_mem_debug_options,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001730 CRYPTO_set_dynlock_destroy_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11044730 RSA_new_method,CRYPTO_malloc,ERR_put_error,_memset,RSA_PKCS1_SSLeay,ENGINE_init,ERR_put_error,CRYPTO_free,ENGINE_get_default_RSA,UI_get0_user_data,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_new_ex_data,ENGINE_finish,CRYPTO_free,ENGINE_finish,CRYPTO_free_ex_data,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11052730 CMS_SharedInfo_encode,CRYPTO_memcmp,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11072730 EVP_CIPHER_CTX_copy,ENGINE_init,ERR_put_error,EVP_CIPHER_CTX_cleanup,CRYPTO_malloc,ERR_put_error,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11082730 ASN1_mbstring_ncopy,UTF8_getc,ERR_put_error,BIO_snprintf,ERR_add_error_data,ERR_put_error,BIO_snprintf,ERR_add_error_data,CRYPTO_free,ASN1_STRING_type_new,ASN1_STRING_set,CRYPTO_malloc,ASN1_STRING_free,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002740 CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001740 CRYPTO_get_locking_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001750 CRYPTO_get_add_lock_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11088750 ASN1_template_new,ASN1_primitive_new,CRYPTO_malloc,_memset,asn1_set_choice_selector,CRYPTO_malloc,_memset,asn1_do_lock,asn1_enc_init,asn1_get_field_ptr,ASN1_template_new,ERR_put_error,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110C1750 ERR_put_error,CRYPTO_add_lock,CRYPTO_free_ex_data,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11003760 CRYPTO_mem_leaks_fp,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,BIO_s_file,BIO_new,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,BIO_ctrl,CRYPTO_mem_leaks,BIO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001760 CRYPTO_set_locking_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106D760 ERR_free_strings,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107E760 i2a_ASN1_OBJECT,OBJ_obj2txt,CRYPTO_malloc,OBJ_obj2txt,BIO_write,BIO_write,CRYPTO_free,BIO_write,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110A6760 string_to_hex,ERR_put_error,CRYPTO_malloc,ERR_put_error,ERR_put_error,CRYPTO_free,CRYPTO_free,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002770 CRYPTO_mem_ctrl,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001770 CRYPTO_set_add_lock_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11040770 BN_GF2m_mod_mul,BN_num_bits,CRYPTO_malloc,BN_GF2m_poly2arr,BN_GF2m_mod_mul_arr,CRYPTO_free,ERR_put_error,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001780 CRYPTO_THREADID_set_numeric,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11062780 BUF_MEM_new,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001790 CRYPTO_THREADID_set_pointer,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11061790 ECDSA_get_ex_new_index,CRYPTO_get_ex_new_index,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106A790 sk_deep_copy,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106F790 OBJ_NAME_remove,lh_delete,sk_num,sk_value,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110017A0 CRYPTO_THREADID_set_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110227B0 CAST_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110947B0 PEM_SealInit,RSA_size,CRYPTO_malloc,ERR_put_error,ERR_put_error,EVP_EncodeInit,EVP_MD_CTX_init,EVP_DigestInit,EVP_CIPHER_CTX_init,EVP_SealInit,RSA_size,EVP_EncodeBlock,CRYPTO_free,OPENSSL_cleanse,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110017C0 CRYPTO_THREADID_get_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110627C0 BUF_MEM_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106D7C0 ERR_get_string_table,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110017D0 CRYPTO_THREADID_current,GetCurrentThreadId,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110897E0 sk_num,sk_num,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,sk_num,sk_value,ASN1_item_ex_i2d,sk_num,sk_num,sk_value,ASN1_item_ex_i2d,sk_num,sk_num,sk_num,sk_num,sk_num,sk_set,sk_num,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110707F0 OBJ_obj2txt,OBJ_obj2nid,OBJ_nid2ln,OBJ_nid2sn,BUF_strlcpy,BN_add_word,BN_new,BN_set_word,BN_lshift,BN_sub_word,BN_bn2dec,BUF_strlcpy,CRYPTO_free,BIO_snprintf,BUF_strlcpy,BN_free,BN_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102A600 Camellia_ecb_encrypt,Camellia_encrypt,Camellia_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102E600 SEED_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11032600 CRYPTO_xts128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11061600 ENGINE_finish,CRYPTO_free_ex_data,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106F600 OBJ_NAME_new_index,CRYPTO_mem_ctrl,sk_new_null,CRYPTO_mem_ctrl,sk_num,CRYPTO_mem_ctrl,CRYPTO_malloc,CRYPTO_mem_ctrl,CRYPTO_mem_ctrl,sk_push,CRYPTO_mem_ctrl,sk_value,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101C610 DES_crypt,DES_fcrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11036610 BN_clear_free,OPENSSL_cleanse,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106A610 sk_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11088610 ASN1_primitive_new,OBJ_nid2obj,CRYPTO_malloc,ASN1_STRING_type_new,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11095620 PEM_do_header,PEM_def_callback,ERR_put_error,d2i_X509,EVP_md5,EVP_BytesToKey,EVP_CIPHER_CTX_init,EVP_DecryptInit_ex,EVP_DecryptUpdate,EVP_DecryptFinal_ex,EVP_CIPHER_CTX_cleanup,OPENSSL_cleanse,OPENSSL_cleanse,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101C630 DES_xcbc_encrypt,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102A630 Camellia_ofb128_encrypt,Camellia_encrypt,CRYPTO_ofb128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102F630 CRYPTO_cbc128_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11062630 ECDSA_verify,ECDSA_SIG_new,d2i_ECDSA_SIG,i2d_ECDSA_SIG,OPENSSL_cleanse,CRYPTO_free,ECDSA_SIG_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11092630 ASN1_STRING_type_new,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1109B650 X509_NAME_oneline,BUF_MEM_new,BUF_MEM_grow,CRYPTO_free,_strncpy,sk_num,CRYPTO_free,sk_value,OBJ_obj2nid,OBJ_nid2sn,i2t_ASN1_OBJECT,BUF_MEM_grow,sk_num,ERR_put_error,BUF_MEM_free,ERR_put_error,BUF_MEM_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001660 CRYPTO_get_dynlock_value,CRYPTO_lock,sk_num,sk_value,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101F660 idea_cfb64_encrypt,idea_encrypt,idea_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102A660 Camellia_cfb128_encrypt,Camellia_encrypt,CRYPTO_cfb128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11036670 BN_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031670 CRYPTO_gcm128_encrypt_ctr32,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11092680 ASN1_STRING_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107F690 ASN1_GENERALIZEDTIME_adj,ASN1_STRING_type_new,OPENSSL_gmtime,OPENSSL_gmtime_adj,CRYPTO_malloc,ERR_put_error,CRYPTO_free,BIO_snprintf,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110B7690 CMS_RecipientInfo_kari_decrypt,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110196A0 DES_pcbc_encrypt,DES_encrypt1,DES_encrypt1,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102A6A0 Camellia_cfb1_encrypt,Camellia_encrypt,CRYPTO_cfb128_1_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110586A0 pqueue_peek,ENGINE_get_pkey_asn1_meths,X509_TRUST_get_flags,EVP_MD_block_size,ENGINE_get_finish_function,BN_CTX_start,BN_num_bits,BN_num_bits,CRYPTO_malloc,BN_CTX_get,X509_TRUST_get_flags,EC_GROUP_get_order,CRYPTO_free,BN_CTX_end,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106D6A0 CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108E6A0 i2d_ASN1_BOOLEAN,ASN1_object_size,CRYPTO_malloc,ERR_put_error,ASN1_put_object,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110806B0 i2d_ASN1_SET,sk_num,sk_value,sk_value,ASN1_object_size,ASN1_put_object,sk_num,sk_num,CRYPTO_malloc,sk_num,sk_value,sk_num,sk_num,CRYPTO_malloc,ERR_put_error,sk_num,sk_num,CRYPTO_free,CRYPTO_free,sk_num,sk_value,sk_num,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110876B0 X509_NAME_print,X509_NAME_oneline,CRYPTO_free,BIO_write,BIO_write,ERR_put_error,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110926B0 ASN1_STRING_clear_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110C16B0 ENGINE_new,CRYPTO_malloc,ERR_put_error,_memset,CRYPTO_new_ex_data,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110026D0 CRYPTO_remalloc,CRYPTO_malloc,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110176D0 DES_cfb64_encrypt,DES_encrypt1,DES_encrypt1,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110366D0 BN_new,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110776D0 EVP_OpenFinal,EVP_DecryptFinal_ex,EVP_DecryptInit_ex,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110016E0 CRYPTO_get_dynlock_create_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102A6E0 Camellia_cfb8_encrypt,Camellia_encrypt,CRYPTO_cfb128_8_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110966E0 PEM_ASN1_write_bio,pqueue_peek,OBJ_nid2sn,X509_TRUST_get0_name,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,PEM_def_callback,ERR_put_error,RAND_add,OpenSSLDie,RAND_bytes,EVP_md5,EVP_BytesToKey,OPENSSL_cleanse,OpenSSLDie,PEM_proc_type,PEM_dek_info,EVP_CIPHER_CTX_init,EVP_EncryptInit_ex,EVP_EncryptUpdate,EVP_EncryptFinal_ex,EVP_CIPHER_CTX_cleanup,PEM_write_bio,OPENSSL_cleanse,OPENSSL_cleanse,OPENSSL_cleanse,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110016F0 CRYPTO_get_dynlock_lock_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104E6F0 DSO_convert_filename,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,BUF_strlcpy,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11003900 CRYPTO_mem_leaks_cb,CRYPTO_lock,lh_doall_arg,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102F900 CRYPTO_ctr128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11067900 BIO_get_port,ERR_put_error,CRYPTO_lock,getservbyname,htons,CRYPTO_lock,WSAGetLastError,ERR_put_error,ERR_add_error_data,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101E910 idea_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11030910 CRYPTO_cfb128_1_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11053910 EC_GROUP_precompute_mult,X509_TRUST_get_flags,BN_CTX_new,BN_CTX_start,BN_CTX_get,EC_GROUP_get_order,BN_num_bits,CRYPTO_malloc,EC_POINT_new,EC_POINT_new,EC_POINT_new,EC_POINT_copy,EC_POINT_dbl,EC_POINT_copy,EC_POINT_add,EC_POINT_dbl,EC_POINT_dbl,EC_POINTs_make_affine,ERR_put_error,BN_CTX_end,BN_CTX_free,EC_POINT_free,CRYPTO_free,EC_POINT_free,EC_POINT_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11059920 BN_bin2bn,ERR_put_error,BN_bin2bn,OBJ_obj2nid,ERR_put_error,BN_new,ERR_put_error,OBJ_obj2nid,ERR_put_error,ASN1_INTEGER_get,BN_set_bit,ERR_put_error,ERR_put_error,BN_set_bit,BN_set_bit,BN_set_bit,BN_set_bit,BN_set_bit,EC_GROUP_new_curve_GF2m,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,ASN1_INTEGER_to_BN,ERR_put_error,BN_num_bits,ERR_put_error,EC_GROUP_new_curve_GFp,ERR_put_error,CRYPTO_free,CRYPTO_malloc,EC_POINT_new,EC_GROUP_set_point_conversion_form,EC_POINT_oct2point,ASN1_INTEGER_to_BN,BN_num_bits,ERR_put_error,EC_GROUP_free,EC_GROUP_free,BN_free,BN_free,BN_free,EC_POINT_free,BN_CTX_free,BN_free,EC_GROUP_set_generator,ASN1_INTEGER_to_BN,BN_CTX_new,EC_GROUP_dup,EC_GROUP_set_seed,EC_GROUP_set_generator,EC_GROUP_new_by_curve_name,EC_GROUP_free,EC_GROUP_set_asn1_flag,EC_GROUP_set_seed,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11014940 CMAC_CTX_new,CRYPTO_malloc,EVP_CIPHER_CTX_init,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002950 CRYPTO_dbg_set_options,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002960 CRYPTO_dbg_get_options,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106D960 ERR_func_error_string,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107E980 c2i_ASN1_OBJECT,ASN1_OBJECT_new,ERR_put_error,CRYPTO_free,CRYPTO_malloc,ERR_put_error,ASN1_OBJECT_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11094980 PEM_SealUpdate,EVP_DigestUpdate,EVP_EncryptUpdate,EVP_EncodeUpdate,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110039A0 CRYPTO_get_ex_data_implementation,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110309B0 CRYPTO_cfb128_8_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110329B0 CRYPTO_128_wrap,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101A9C0 DES_encrypt1,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104B9C0 DSA_new_method,CRYPTO_malloc,ERR_put_error,DSA_OpenSSL,ENGINE_init,ERR_put_error,CRYPTO_free,ENGINE_get_default_DSA,X509_TRUST_get0_name,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_new_ex_data,ENGINE_finish,CRYPTO_free_ex_data,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107C9C0 EVP_PKEY_meth_get_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110369D0 BN_set_word,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106A9D0 sk_pop_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110719D0 EVP_MD_CTX_create,CRYPTO_malloc,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110939D0 ASN1_pack_string,ASN1_STRING_new,ERR_put_error,CRYPTO_malloc,ERR_put_error,ASN1_STRING_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110149E0 CMAC_CTX_free,CMAC_CTX_cleanup,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107C9E0 EVP_PKEY_meth_get_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110899E0 ASN1_item_ex_i2d,CRYPTO_malloc,ASN1_item_ex_i2d,ASN1_item_ex_i2d,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110029F0 CRYPTO_THREADID_current,lh_delete,lh_insert,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110039F0 CRYPTO_set_ex_data_implementation,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110449F0 RSA_up_ref,CRYPTO_add_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106D9F0 ERR_reason_error_string,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110819F0 ASN1_sign,EVP_MD_CTX_init,ASN1_TYPE_free,ASN1_TYPE_free,ASN1_TYPE_new,ASN1_OBJECT_free,OBJ_nid2obj,CRYPTO_malloc,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_SignFinal,CRYPTO_free,ERR_put_error,EVP_MD_CTX_cleanup,OPENSSL_cleanse,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11061800 ECDSA_METHOD_new,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11062800 BUF_MEM_grow,_memset,ERR_put_error,CRYPTO_malloc,CRYPTO_realloc,ERR_put_error,_memset,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11091800 sk_new_null,X509V3_get_section,sk_num,sk_value,sk_push,sk_num,i2d_ASN1_SET_ANY,i2d_ASN1_SEQUENCE_ANY,ASN1_TYPE_new,ASN1_STRING_type_new,CRYPTO_free,ASN1_TYPE_free,sk_pop_free,X509V3_section_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001810 CRYPTO_THREADID_cmp,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102A820 Camellia_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11036820 bn_expand2,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11040820 BN_GF2m_mod_sqr,BN_num_bits,CRYPTO_malloc,BN_GF2m_poly2arr,BN_GF2m_mod_sqr_arr,CRYPTO_free,ERR_put_error,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106D820 ERR_get_err_state_table,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107C830 EVP_PKEY_meth_set_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11018840 DES_ede3_ofb64_encrypt,DES_encrypt3,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11020840 BF_cbc_encrypt,BF_encrypt,BF_decrypt,BF_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11026840 AES_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102D840 SEED_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110C1840 sk_new_null,CRYPTO_malloc,sk_push,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11052850 DH_KDF_X9_42,EVP_MD_size,EVP_MD_CTX_init,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestFinal,OPENSSL_cleanse,CRYPTO_free,EVP_MD_CTX_cleanup,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11072850 EVP_CipherInit_ex,EVP_CIPHER_CTX_cleanup,ENGINE_init,ERR_put_error,ENGINE_get_cipher_engine,ENGINE_get_cipher,CRYPTO_malloc,ERR_put_error,EVP_CIPHER_CTX_ctrl,ERR_put_error,OpenSSLDie,EVP_CIPHER_CTX_flags,ERR_put_error,EVP_CIPHER_CTX_flags,EVP_CIPHER_CTX_flags,X509_get_issuer_name,OpenSSLDie,X509_get_issuer_name,X509_get_issuer_name,X509_get_issuer_name,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107C850 EVP_PKEY_meth_set_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101F860 idea_ofb64_encrypt,idea_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001870 CRYPTO_THREADID_cpy,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031870 CRYPTO_gcm128_decrypt_ctr32,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104F870 d2i_DHxparams,DH_new,ASN1_item_d2i,DH_free,DH_free,ASN1_BIT_STRING_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107E870 ASN1_OBJECT_new,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11077870 EVP_SealFinal,EVP_EncryptFinal_ex,EVP_EncryptInit_ex,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106D880 ERR_release_err_state_table,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001890 CRYPTO_get_id_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110018A0 CRYPTO_set_id_callback,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110238A0 AES_bi_ige_encrypt,OpenSSLDie,OpenSSLDie,OpenSSLDie,AES_encrypt,AES_encrypt,AES_decrypt,AES_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110018B0 CRYPTO_thread_id,GetCurrentThreadId,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106E8B0 ERR_peek_error,ERR_get_state,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108D8B0 i2d_RSA_NET,EVP_CIPHER_CTX_init,ASN1_item_new,ASN1_item_new,OBJ_nid2obj,ASN1_TYPE_new,i2d_RSAPrivateKey,ASN1_item_i2d,OBJ_nid2obj,ASN1_TYPE_new,CRYPTO_malloc,ERR_put_error,i2d_RSAPrivateKey,CRYPTO_malloc,ASN1_STRING_set,OPENSSL_cleanse,ERR_put_error,EVP_md5,EVP_Digest,EVP_md5,EVP_rc4,EVP_BytesToKey,OPENSSL_cleanse,EVP_rc4,EVP_EncryptInit_ex,EVP_EncryptUpdate,EVP_EncryptFinal_ex,EVP_CIPHER_CTX_cleanup,ASN1_item_free,ASN1_item_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110178C0 DES_ede3_cfb64_encrypt,DES_encrypt3,DES_encrypt3,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107E8C0 ASN1_OBJECT_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110028D0 CRYPTO_is_mem_check_on,CRYPTO_THREADID_current,CRYPTO_lock,CRYPTO_THREADID_cmp,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110018D0 CRYPTO_get_lock_name,sk_num,sk_value,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110448D0 RSA_free,CRYPTO_add_lock,ENGINE_finish,CRYPTO_free_ex_data,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_BLINDING_free,BN_BLINDING_free,CRYPTO_free_locked,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110938D0 ASN1_seq_pack,i2d_ASN1_SET,ERR_put_error,CRYPTO_malloc,ERR_put_error,i2d_ASN1_SET,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110958D0 PEM_write_bio,EVP_EncodeInit,BIO_write,BIO_write,BIO_write,BIO_write,BIO_write,CRYPTO_malloc,OPENSSL_cleanse,CRYPTO_free,ERR_put_error,EVP_EncodeUpdate,BIO_write,EVP_EncodeFinal,BIO_write,OPENSSL_cleanse,CRYPTO_free,BIO_write,BIO_write,BIO_write,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101D8E0 RC2_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106D8E0 ERR_lib_error_string,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110628E0 BUF_MEM_grow_clean,_memset,_memset,ERR_put_error,CRYPTO_malloc,CRYPTO_realloc_clean,ERR_put_error,_memset,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110268F0 AES_cbc_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106F8F0 OBJ_NAME_do_all_sorted,lh_num_items,CRYPTO_malloc,lh_doall_arg,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1103EB00 BN_RECP_CTX_free,BN_free,BN_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11013B10 DES_set_odd_parity,DES_set_key_unchecked,DES_encrypt1,DES_set_odd_parity,DES_set_key_unchecked,DES_encrypt1,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101FB10 idea_set_encrypt_key,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1105AB10 EC_KEY_new,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1108FB10 BUF_strdup,BUF_strdup,CRYPTO_malloc,sk_new,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101AB20 DES_encrypt3,DES_encrypt2,DES_encrypt2,DES_encrypt2,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104BB20 DSA_free,CRYPTO_add_lock,ENGINE_finish,CRYPTO_free_ex_data,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,BN_clear_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11053B30 EC_GROUP_clear_free,BN_MONT_CTX_free,EC_POINT_clear_free,BN_clear_free,BN_clear_free,OPENSSL_cleanse,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106DB30 ERR_remove_state,CRYPTO_THREADID_current,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11072B30 EVP_CipherUpdate,EVP_DecryptUpdate,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11088B30 ASN1_primitive_free,ASN1_OBJECT_free,ASN1_primitive_free,CRYPTO_free,ASN1_STRING_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11038B40 BN_bn2hex,CRYPTO_strdup,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031B40 CRYPTO_gcm128_tag,CRYPTO_gcm128_finish,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106AB40 CRYPTO_realloc,_memset,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11095B40 PEM_read_bio,BUF_MEM_new,BUF_MEM_new,BUF_MEM_new,BIO_gets,_strncmp,_strncmp,BIO_gets,BUF_MEM_grow,BUF_MEM_grow,BIO_gets,BUF_MEM_grow,_strncmp,BIO_gets,BUF_MEM_grow,BIO_gets,_strncmp,BUF_MEM_grow_clean,BIO_gets,BIO_gets,_strncmp,_strncmp,_strncmp,EVP_DecodeInit,EVP_DecodeUpdate,EVP_DecodeFinal,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_put_error,BUF_MEM_free,BUF_MEM_free,BUF_MEM_free,BUF_MEM_free,BUF_MEM_free,BUF_MEM_free,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11080B50 ASN1_dup,CRYPTO_malloc,ERR_put_error,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11058B60 EC_POINT_point2bn,EC_POINT_point2oct,CRYPTO_malloc,EC_POINT_point2oct,CRYPTO_free,BN_bin2bn,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1105AB70 EC_KEY_free,CRYPTO_add_lock,EC_GROUP_free,EC_POINT_free,BN_clear_free,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101DB80 RC2_cbc_encrypt,RC2_encrypt,RC2_encrypt,RC2_decrypt,RC2_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031B80 CRYPTO_gcm128_new,CRYPTO_malloc,CRYPTO_gcm128_init,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11072B80 EVP_EncryptInit_ex,EVP_CipherInit_ex,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102FB90 CRYPTO_cts128_encrypt_block,CRYPTO_cbc128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107CB90 EVP_PKEY_CTX_new,ENGINE_init,ERR_put_error,ENGINE_get_pkey_meth_engine,ENGINE_get_pkey_meth,EVP_PKEY_meth_find,CRYPTO_malloc,ENGINE_finish,ERR_put_error,CRYPTO_add_lock,EVP_PKEY_CTX_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11092BA0 d2i_ASN1_type_bytes,ASN1_get_object,ASN1_tag2bit,d2i_ASN1_BIT_STRING,ASN1_STRING_new,CRYPTO_malloc,ERR_put_error,ASN1_STRING_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106DBB0 ERR_get_state,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cpy,CRYPTO_malloc,CRYPTO_THREADID_cpy,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11072BB0 EVP_DecryptInit_ex,EVP_CipherInit_ex,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11094BB0 PEM_X509_INFO_read_bio,sk_new_null,ERR_put_error,X509_INFO_new,PEM_read_bio,sk_push,X509_INFO_new,X509_PKEY_new,X509_PKEY_new,X509_PKEY_new,PEM_get_EVP_CIPHER_INFO,PEM_do_header,d2i_PrivateKey,d2i_X509,ERR_put_error,X509_INFO_free,sk_num,sk_value,X509_INFO_free,sk_num,sk_free,PEM_get_EVP_CIPHER_INFO,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_peek_last_error,ERR_clear_error,sk_push,CRYPTO_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11003BC0 CRYPTO_malloc,ERR_put_error,CRYPTO_lock,sk_num,sk_push,sk_num,sk_set,CRYPTO_lock,ERR_put_error,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031BC0 CRYPTO_gcm128_release,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11044BC0 RSA_sign,ERR_put_error,OBJ_nid2obj,ERR_put_error,ERR_put_error,i2d_X509_SIG,RSA_size,ERR_put_error,CRYPTO_malloc,ERR_put_error,i2d_X509_SIG,RSA_private_encrypt,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031BE0 CRYPTO_ccm128_init,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11053BE0 EC_GROUP_copy,ERR_put_error,ERR_put_error,BN_MONT_CTX_new,BN_MONT_CTX_copy,BN_MONT_CTX_free,EC_POINT_new,EC_POINT_copy,EC_POINT_clear_free,BN_copy,BN_copy,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106FBE0 OBJ_NAME_add,CRYPTO_mem_ctrl,lh_new,CRYPTO_mem_ctrl,CRYPTO_malloc,lh_insert,sk_num,sk_value,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11080BE0 ASN1_item_dup,ASN1_item_i2d,ERR_put_error,ASN1_item_d2i,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11083BE0 X509_PUBKEY_get,CRYPTO_add_lock,EVP_PKEY_new,OBJ_obj2nid,EVP_PKEY_set_type,CRYPTO_lock,CRYPTO_lock,EVP_PKEY_free,CRYPTO_lock,CRYPTO_add_lock,ERR_put_error,EVP_PKEY_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101CBF0 DES_cbc_cksum,DES_encrypt1,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11056BF0 CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11058BF0 EC_POINT_bn2point,BN_num_bits,CRYPTO_malloc,BN_bn2bin,CRYPTO_free,EC_POINT_new,EC_POINT_oct2point,EC_POINT_clear_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102CA00 Camellia_cbc_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11030A00 CRYPTO_ofb128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1105AA00 i2o_ECPublicKey,ERR_put_error,EC_POINT_point2oct,CRYPTO_malloc,ERR_put_error,EC_POINT_point2oct,ERR_put_error,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11071A00 EVP_DigestInit_ex,EVP_MD_CTX_clear_flags,ENGINE_finish,ENGINE_init,ERR_put_error,ENGINE_get_digest_engine,ENGINE_get_digest,ERR_put_error,ENGINE_finish,CRYPTO_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101DA20 RC2_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11044A20 RSA_get_ex_new_index,CRYPTO_get_ex_new_index,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106AA20 lh_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11003A40 CRYPTO_lock,pqueue_peek,lh_new,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107CA40 ENGINE_init,ERR_put_error,ENGINE_get_pkey_meth_engine,ENGINE_get_pkey_meth,EVP_PKEY_meth_find,CRYPTO_malloc,ENGINE_finish,ERR_put_error,CRYPTO_add_lock,EVP_PKEY_CTX_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102FA50 CRYPTO_ctr128_encrypt_ctr32,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11052A50 EC_GROUP_new,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,BN_init,BN_init,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106EA50 ERR_peek_error_line,ERR_get_state,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101FA60 idea_ecb_encrypt,idea_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11062A60 BUF_strndup,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11094A60 PEM_SealFinal,ERR_put_error,RSA_size,CRYPTO_malloc,ERR_put_error,EVP_EncryptFinal_ex,EVP_EncodeUpdate,EVP_EncodeFinal,EVP_SignFinal,EVP_EncodeBlock,EVP_MD_CTX_cleanup,EVP_CIPHER_CTX_cleanup,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002A70 CRYPTO_push_info_,CRYPTO_is_mem_check_on,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,CRYPTO_malloc,lh_new,CRYPTO_free,CRYPTO_THREADID_current,lh_insert,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11018A70 DES_enc_read,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_malloc,__read,__read,DES_pcbc_encrypt,DES_cbc_encrypt,DES_pcbc_encrypt,DES_cbc_encrypt,DES_pcbc_encrypt,DES_cbc_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031A70 CRYPTO_gcm128_finish,CRYPTO_memcmp,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11044A70 RSA_memory_lock,CRYPTO_malloc_locked,ERR_put_error,BN_clear_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11020A80 BF_cfb64_encrypt,BF_encrypt,BF_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11053A90 EC_GROUP_free,BN_MONT_CTX_free,CRYPTO_free,BN_free,BN_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11003AA0 ASN1_PCTX_free,sk_pop_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11014AA0 CMAC_Init,EVP_EncryptInit_ex,X509_get_serialNumber,_memset,EVP_EncryptInit_ex,pqueue_peek,EVP_CIPHER_CTX_set_key_length,EVP_EncryptInit_ex,X509_get_serialNumber,EVP_Cipher,OPENSSL_cleanse,EVP_EncryptInit_ex,_memset,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106DAA0 ERR_remove_thread_state,CRYPTO_THREADID_cpy,CRYPTO_THREADID_current,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11093AA0 ASN1_item_pack,ASN1_STRING_new,ERR_put_error,CRYPTO_free,ASN1_item_i2d,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1103EAB0 BN_RECP_CTX_new,CRYPTO_malloc,BN_init,BN_init,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11003AC0 CRYPTO_lock,lh_retrieve,CRYPTO_malloc,sk_new_null,CRYPTO_free,lh_insert,lh_retrieve,sk_free,CRYPTO_free,CRYPTO_lock,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101AAC0 DES_encrypt2,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11092AD0 ASN1_STRING_new,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110D3AD0 CRYPTO_malloc,BUF_strdup,BN_bin2bn,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11017AE0 DES_ede3_cfb_encrypt,DES_encrypt3,DES_encrypt3,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11062AE0 BUF_memdup,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11089AE0 asn1_ex_c2i,ASN1_TYPE_new,ASN1_TYPE_set,c2i_ASN1_OBJECT,ERR_put_error,ASN1_TYPE_free,c2i_ASN1_BIT_STRING,c2i_ASN1_INTEGER,ASN1_STRING_type_new,CRYPTO_free,ASN1_STRING_set,ERR_put_error,ASN1_STRING_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11032AF0 CRYPTO_128_unwrap,OPENSSL_cleanse,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11045AF0 RSA_padding_check_SSLv23,CRYPTO_malloc,ERR_put_error,OPENSSL_cleanse,CRYPTO_free,ERR_put_error,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106FAF0 OBJ_NAME_init,CRYPTO_mem_ctrl,lh_new,CRYPTO_mem_ctrl,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11072D20 EVP_DecryptInit,_memset,EVP_CipherInit_ex,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11070D30 OBJ_txt2obj,OBJ_sn2nid,OBJ_ln2nid,OBJ_nid2obj,a2d_ASN1_OBJECT,ASN1_object_size,CRYPTO_malloc,ASN1_put_object,a2d_ASN1_OBJECT,d2i_ASN1_OBJECT,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11052D40 EC_GROUP_set_seed,CRYPTO_free,CRYPTO_malloc,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106DD40 ERR_set_error_data,ERR_get_state,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11077D40 EVP_PKEY_new,CRYPTO_malloc,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11071D50 EVP_MD_CTX_copy_ex,ENGINE_init,ERR_put_error,EVP_MD_CTX_set_flags,EVP_MD_CTX_cleanup,EVP_PKEY_CTX_dup,EVP_MD_CTX_cleanup,CRYPTO_malloc,ERR_put_error,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11018D60 DES_enc_write,CRYPTO_malloc,DES_enc_write,RAND_bytes,_shadow_DES_rw_mode,DES_pcbc_encrypt,DES_cbc_encrypt,__locking,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031D60 CRYPTO_ccm128_encrypt,_memset,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11056D60 CRYPTO_malloc,BN_num_bits,CRYPTO_malloc,BN_is_bit_set,ERR_put_error,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1105AD70 EC_KEY_up_ref,CRYPTO_add_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11084D70 CRYPTO_free,sk_num,sk_new_null,sk_num,sk_value,sk_new_null,sk_push,ASN1_item_new,OBJ_dup,sk_push,sk_num,CRYPTO_malloc,sk_free,ASN1_item_free,sk_pop_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11096D70 PEM_bytes_read_bio,PEM_read_bio,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_peek_error,ERR_add_error_data,PEM_get_EVP_CIPHER_INFO,PEM_do_header,CRYPTO_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101AD80 DES_ncbc_encrypt,DES_encrypt1,DES_encrypt1,DES_encrypt1,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101FD80 BF_set_key,BF_encrypt,BF_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11023D80 AES_wrap_key,AES_encrypt,CRYPTO_128_wrap,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107ED80 ASN1_BIT_STRING_set_bit,CRYPTO_malloc,CRYPTO_realloc_clean,ERR_put_error,_memset,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001D90 CRYPTO_memcmp,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002D90 CRYPTO_remove_all_info,CRYPTO_is_mem_check_on,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11003D90 CRYPTO_ex_data_new_class,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106AD90 lh_new,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11067D90 BIO_accept,accept,BIO_sock_should_retry,WSAGetLastError,ERR_put_error,ERR_put_error,DSO_global_lookup,htonl,htons,CRYPTO_malloc,ERR_put_error,BIO_snprintf,CRYPTO_realloc,CRYPTO_malloc,BIO_snprintf,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102FDA0 CRYPTO_nistcts128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11046DA0 RSA_verify_PKCS1_PSS_mgf1,EVP_MD_CTX_init,EVP_MD_size,BN_num_bits,RSA_size,ERR_put_error,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_malloc,ERR_put_error,PKCS1_MGF1,ERR_put_error,ERR_put_error,EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,ERR_put_error,CRYPTO_free,EVP_MD_CTX_cleanup,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106DDA0 ERR_add_error_vdata,CRYPTO_malloc,CRYPTO_realloc,BUF_strlcat,ERR_get_state,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11023DB0 AES_unwrap_key,AES_decrypt,CRYPTO_128_unwrap,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11060DB0 ENGINE_finish,CRYPTO_free_ex_data,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107FDB0 c2i_ASN1_INTEGER,ASN1_STRING_type_new,CRYPTO_malloc,ERR_put_error,ASN1_STRING_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11001DC0 CRYPTO_lock,CRYPTO_get_dynlock_value,CRYPTO_destroy_dynlockid,OpenSSLDie,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101CDC0 DES_ede3_cbcm_encrypt,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,DES_encrypt1,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11014DC0 CMAC_resume,EVP_EncryptInit_ex,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11092DC0 ASN1_STRING_new,ASN1_get_object,CRYPTO_malloc,ASN1_STRING_free,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11044DD0 i2d_X509_SIG,OPENSSL_cleanse,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11003DF0 CRYPTO_cleanup_all_ex_data,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104BC00 DSA_up_ref,CRYPTO_add_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11072C00 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_cleanup,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11088C10 ASN1_template_free,ASN1_primitive_free,asn1_get_choice_selector,asn1_get_field_ptr,ASN1_template_free,asn1_do_lock,asn1_enc_free,asn1_do_adb,asn1_get_field_ptr,ASN1_template_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11038C20 BN_bn2dec,BN_num_bits,CRYPTO_malloc,CRYPTO_malloc,BN_dup,BN_div_word,BIO_snprintf,BIO_snprintf,CRYPTO_free,BN_free,CRYPTO_free,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110A0C2E sk_value,sk_num,CRYPTO_malloc,sk_push,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106AC20 CRYPTO_realloc,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110A5C20 X509V3_EXT_print,X509V3_EXT_get,ASN1_item_d2i,BIO_printf,X509V3_EXT_val_prn,X509V3_conf_free,sk_pop_free,CRYPTO_free,ASN1_item_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102FC30 CRYPTO_nistcts128_encrypt_block,CRYPTO_cbc128_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031C30 CRYPTO_ccm128_setiv,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110D3C3E sk_value,sk_num,sk_insert,CRYPTO_free,BN_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1106EC30 ERR_peek_error_line_data,ERR_get_state,CRYPTO_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11002C40 CRYPTO_pop_info,CRYPTO_is_mem_check_on,CRYPTO_lock,CRYPTO_THREADID_current,CRYPTO_THREADID_cmp,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_THREADID_cpy,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,CRYPTO_lock,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11062C40 BIO_set,CRYPTO_new_ex_data,CRYPTO_free_ex_data,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11071C40 EVP_MD_CTX_cleanup,EVP_MD_CTX_test_flags,EVP_MD_CTX_test_flags,OPENSSL_cleanse,CRYPTO_free,EVP_PKEY_CTX_free,ENGINE_finish,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11081C40 ASN1_item_sign_ctx,X509_NAME_ENTRY_get_object,UI_get0_user_data,EVP_MD_CTX_cleanup,OPENSSL_cleanse,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,ERR_put_error,pqueue_peek,OBJ_find_sigid_by_algs,OBJ_nid2obj,X509_ALGOR_set0,OBJ_nid2obj,X509_ALGOR_set0,ASN1_item_i2d,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestUpdate,EVP_DigestSignFinal,CRYPTO_free,ERR_put_error,ERR_put_error,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110B9C40 CONF_modules_load_file,NCONF_new,CONF_get1_default_config_file,NCONF_load,ERR_peek_last_error,ERR_clear_error,CONF_modules_load,CRYPTO_free,NCONF_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101AC50 DES_decrypt3,DES_encrypt2,DES_encrypt2,DES_encrypt2,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11022C50 CAST_cbc_encrypt,CAST_encrypt,CAST_decrypt,CAST_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102AC50 Camellia_decrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107EC50 c2i_ASN1_BIT_STRING,ASN1_STRING_type_new,CRYPTO_malloc,ERR_put_error,ASN1_STRING_free,CRYPTO_free,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11020C80 BF_ofb64_encrypt,BF_encrypt,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104BC90 DSA_get_ex_new_index,CRYPTO_get_ex_new_index,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11056C90 CRYPTO_add_lock,EC_POINT_free,CRYPTO_free,CRYPTO_free,

Source: rfusclient.exe, 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe

Unpacked PE file: 4.2.rfusclient.exe.650000.0.unpack

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

File created: C:\ProgramData\Remote Utilities\install.log

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\Remote Utilities - Host\EULA.rtf

Jump to behavior

Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\OpenSSL\Temp\openssl-1.0.2u-x32\out32dll\ssleay32.pdb source: rutserv.exe, 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\OpenSSL\Temp\openssl-1.0.2u-x32\out32dll\libeay32.pdb source: rutserv.exe, 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\OpenSSL\Temp\openssl-1.0.2u-x32\out32dll\ssleay32.pdb@W source: rutserv.exe, 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000000.1646535165.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmp

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Windows\System32\msiexec.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB240CC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB3B070 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB4FB80 FindFirstFileExA,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11004940 OPENSSL_DIR_read,_malloc,_memset,_malloc,FindFirstFileA,FindNextFileA,_strncpy,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110D9950 __getdrive,FindFirstFileA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,

Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	File opened: C:\Windows\SysWOW64\wininet.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	File opened: C:\Windows\SysWOW64\winspool.drv
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	File opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\COMCTL32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	File opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	File opened: C:\Windows\SysWOW64\
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	File opened: C:\Windows\SysWOW64\winmm.dll

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

Code function: 4x nop then movd mm0, dword ptr [edx]

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 101.99.94.54 ports 5651,1,465,5,6,80

Source: global traffic	TCP traffic: 192.168.2.4:49734 -> 185.70.104.90:5651
Source: global traffic	TCP traffic: 192.168.2.4:49735 -> 101.99.94.54:5651
Source: global traffic	TCP traffic: 192.168.2.4:49738 -> 77.105.132.70:5651
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 64.20.61.146:5655
Source: global traffic	TCP traffic: 192.168.2.4:49818 -> 66.23.226.254:5655

Source: Joe Sandbox View	IP Address: 77.105.132.70 77.105.132.70
Source: Joe Sandbox View	IP Address: 64.20.61.146 64.20.61.146
Source: Joe Sandbox View	IP Address: 185.70.104.90 185.70.104.90
Source: Joe Sandbox View	IP Address: 66.23.226.254 66.23.226.254

Source: unknown	TCP traffic detected without corresponding DNS query: 185.70.104.90
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 185.70.104.90
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 185.70.104.90
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 185.70.104.90
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 185.70.104.90
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 185.70.104.90
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 185.70.104.90
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 185.70.104.90
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.70
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.54

Source: unknown

DNS traffic detected: queries for: id72.remoteutilities.com

Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2987878555.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006700000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2705508739.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2902670220.0000000001FBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crt0
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0B
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001FD2000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2102000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2902670220.0000000001FBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crl0N
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl0
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001FD2000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2102000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2987878555.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006700000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2705508739.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2902670220.0000000001FBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crl0=
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: rfusclient.exe, 00000004.00000000.1714769466.0000000000651000.00000020.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1849563793.000000007B8C0000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1859762685.000000007CCF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://madExcept.comU
Source: rutserv.exe, 00000009.00000002.2987513831.00000000066C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com
Source: rutserv.exe, 00000009.00000003.1919101620.0000000006708000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/
Source: rutserv.exe, 00000009.00000003.1919101620.00000000066E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/G
Source: rutserv.exe, 00000009.00000003.2512955936.00000000066CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSE67Nbq3jfQQg8yXEpbmqLTNn7XwQUm1%2BwNrqdBq4ZJ
Source: rutserv.exe, 00000009.00000003.1921331716.0000000001FFB000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2511488577.0000000001FFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuN
Source: rutserv.exe, 00000009.00000002.2987878555.00000000066EB000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919101620.00000000066E8000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.00000000066EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/O
Source: rutserv.exe, 00000009.00000003.1919101620.0000000006708000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/p
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2102000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2987878555.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006700000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2705508739.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2902670220.0000000001FBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0W
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2909220661.0000000002286000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001FD2000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006732000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: rutserv.exe, 00000009.00000002.2987513831.00000000066C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.coma
Source: rutserv.exe, 00000009.00000003.1919901189.0000000002036000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2704405939.0000000002026000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalG3CodeSigningECCSHA3842021CA1.crlhttp
Source: rutserv.exe, 00000009.00000002.2902670220.0000000001FFF000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1921331716.0000000001FFB000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2511488577.0000000001FFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG3.crl
Source: rutserv.exe, 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000005.00000000.1747218595.0000000001739000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://rmansys.ru/internet-id/
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s2.symcb.com0
Source: rfusclient.exe, 00000004.00000000.1714769466.0000000000651000.00000020.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1849563793.000000007B8C0000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1859762685.000000007CCF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: rfusclient.exe, 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcd.com0&
Source: rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1869888513.000000007E7E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.remoteutilities.net/upgrade.ini
Source: rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1869888513.000000007E7E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://update.remoteutilities.net/upgrade_beta.ini
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2102000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2987878555.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006700000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2705508739.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2902670220.0000000001FBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.flexerasoftware.com0
Source: rfusclient.exe, 00000004.00000003.1728446387.00000000033EC000.00000004.00001000.00020000.00000000.sdmp, rfusclient.exe, 00000004.00000000.1714769466.0000000000E4E000.00000020.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1736259820.000000000122A000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000002.2909594242.0000000002675000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.indyproject.org/
Source: rfusclient.exe, 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: rutserv.exe, 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmp, rutserv.exe, 00000005.00000002.1777313937.000000001114B000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.openssl.org/V
Source: rutserv.exe, 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: rutserv.exe, 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa00
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/index.php?src=app
Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/index.php?src=app?src=app
Source: rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/index.php?src=appx.php?src=app0
Source: rutserv.exe, 00000009.00000002.2909594242.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/support/docs
Source: rutserv.exe, 00000009.00000002.2909594242.000000000269A000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/support/docs/
Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/support/docs/0
Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/support/docs/a0
Source: rutserv.exe, 00000009.00000002.2971300777.000000000503E000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/support/docs/connecting-over-the-internet/
Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/support/docs/e
Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/support/docs/o0
Source: rutserv.exe, 00000009.00000002.2909594242.000000000269A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/support/docs/rt/docs/
Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/support/docs/rt/docs/r
Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/support/docs/s0
Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/support/docs/t0
Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/tell-me-more.php
Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/tell-me-more.php.
Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/tell-me-more.php...
Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/tell-me-more.php1
Source: rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpB
Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpdo?
Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpes.
Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpet
Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpities.com/tell-me-more.phpet
Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpities.com/tell-me-more.phpum
Source: rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.remoteutilities.com/tell-me-more.phpken

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	File created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3EC49180A59F0C351C30F112AD97CFA5_ED80F76A55EEDF047A88FD3F37D62FA3			Jump to dropped file
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	File created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_C5856A5EB1E3B74AE8014850A678CDBF			Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.0.rfusclient.exe.650000.0.unpack, type: UNPACKEDPE	Matched rule: RemoteUtilitiesRAT RAT payload Author: ditekSHen
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe, type: DROPPED	Matched rule: RemoteUtilitiesRAT RAT payload Author: ditekSHen
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, type: DROPPED	Matched rule: RemoteUtilitiesRAT RAT payload Author: ditekSHen

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Code function: 0_2_00007FF6CDB1C300: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\49a7b6.msi

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIAB6F.tmp

Jump to behavior

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB31E00
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB15E2C
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB3CD68
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB3B070
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB24938
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB40634
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB1F8E8
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB2A45C
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB33364
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB2AEC4
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB2F0F0
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB320B0
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB51F60
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB48AFC
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB34A78
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB11AA4
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB21A54
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB559D8
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB32990
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB4F974
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB40634
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB38CD4
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB32C38
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB2BB3C
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB25B70
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB4C718
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB176C0
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB1A664
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB2C918
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB48880
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB14840
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB33844
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB1A2FC
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB1C300
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB352D0
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB17288
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB211CC
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB2B4E0
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB52430
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11019150
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11024160
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101F170
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11040170
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110311A0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110171B0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11020000
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1103E000
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11005050
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101E060
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11023080
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110370E0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11022300
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11046340
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1107E360
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11024370
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11018200
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11032210
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11035210
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101E250
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11027260
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11015270
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101A2A0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110252B0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110E9507
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11030510
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11019540
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11008560
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110E858B
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11023400
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110E740B
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031410
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11032410
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11020420
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11019440
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101C440
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101E440
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110364A0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11045720
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11025730
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1103E780
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110227B0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102E600
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11032600
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110E0610
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101C630
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102F630
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1103D640
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1103E640
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101F660
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104A680
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110196A0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110176D0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1103E900
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11026906
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101E910
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11007940
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110E794F
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101B980
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110329B0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101A9C0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110339DD
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11005820
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11018840
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102D840
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11081850
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101F860
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110238A0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102A8A0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110178C0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11013B10
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11030B10
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101AB20
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11019B80
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101DB80
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11007B90
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1103DBD0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101CBF0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11025A00
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101AA2C
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11016A40
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102CA5F
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11020A80
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11005AC0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11017AE0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11032AF0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11045AF0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031D60
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102CD70
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101CDC0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1101AC50
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11005C80
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11020C80
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11008C89
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031CA0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1102ACD0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1103FF10
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11018F60
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110DDF75
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11026FA9
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11007FC0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11031FC0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11034FE0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11023E00
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11022E80
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110E7E93
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_12011220
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_12014290
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1201E2A0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_12010BD0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1203E0A2
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1203B947
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1203BE8B
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_12010E8B
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1201177E
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1203B403
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_12002CC0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_120124C0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_120394ED
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_12010D70
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_12011578
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1203C583
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1200EDA0
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 9_2_00481183

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: String function: 11002490 appears 200 times
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: String function: 12031BA4 appears 39 times
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: String function: 1106FBE0 appears 40 times
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: String function: 11067450 appears 116 times
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: String function: 11063420 appears 31 times
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: String function: 12031898 appears 72 times
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: String function: 11088AF0 appears 48 times
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: String function: 12032150 appears 149 times
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: String function: 11001DC0 appears 145 times
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: String function: 11088E80 appears 50 times
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: String function: 110D46A0 appears 468 times
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: String function: 110DF348 appears 45 times

Source: rutserv.exe.2.dr	Static PE information: Resource name: RT_RCDATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: rfusclient.exe.2.dr	Static PE information: Resource name: MAD type: DOS executable (COM, 0x8C-variant)
Source: rfusclient.exe.2.dr	Static PE information: Resource name: RT_RCDATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
Source: unires_vpd.dll.2.dr	Static PE information: Resource name: None type: COM executable for DOS
Source: unidrvui_rupd.dll0.2.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unires_vpd.dll0.2.dr	Static PE information: Resource name: None type: COM executable for DOS

Source: rutserv.exe.2.dr	Static PE information: Number of sections : 11 > 10
Source: rfusclient.exe.2.dr	Static PE information: Number of sections : 11 > 10

Source: unires_vpd.dll0.2.dr	Static PE information: No import functions for PE file found
Source: unires_vpd.dll.2.dr	Static PE information: No import functions for PE file found

Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_IsIcoRes.exe< vs 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A211F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSetAllUsers.dll< vs 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameISRegSvr.dll vs 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_IsIcoRes.exe< vs 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2266000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_IsIcoRes.exe< vs 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: dxgidebug.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: riched20.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: usp10.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: msls31.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: iconcodecservice.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: edputil.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: appresolver.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: slc.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: sppc.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: pcacli.dll
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: oledlg.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wsock32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: faultrep.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: olepro32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: security.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: msftedit.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: idndl.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wsock32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: faultrep.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: olepro32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: security.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_is2022.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_g18030.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_iscii.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: ssleay32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wsock32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: faultrep.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: olepro32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: security.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_is2022.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_g18030.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_iscii.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: ssleay32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: firewallapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: fwbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: sxs.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wsock32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: faultrep.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: olepro32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: security.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_is2022.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_g18030.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_iscii.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: ssleay32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wsock32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: faultrep.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: olepro32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: security.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_is2022.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_g18030.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_iscii.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: ssleay32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: idndl.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: msxml6.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: powrprof.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: umpdc.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: webio.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wsock32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: faultrep.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: olepro32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: security.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: oleacc.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: msimg32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_is2022.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_g18030.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: c_iscii.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: libeay32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: ssleay32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: firewallapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: fwbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Section loaded: sxs.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: oledlg.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wsock32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: faultrep.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: olepro32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: security.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: msftedit.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: idndl.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: msxml6.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: oledlg.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wsock32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: faultrep.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: olepro32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: security.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: msftedit.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: idndl.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: msxml6.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: textshaping.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dataexchange.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: d3d11.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dcomp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: oledlg.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: shfolder.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wsock32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: faultrep.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dbghelp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: dbgcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: winsta.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: olepro32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: security.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: msftedit.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: idndl.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Section loaded: profapi.dll

Source: 4.0.rfusclient.exe.650000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RemoteUtilitiesRAT author = ditekSHen, description = RemoteUtilitiesRAT RAT payload, clamav_sig = MALWARE.Win.Trojan.RemoteUtilitiesRAT
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe, type: DROPPED	Matched rule: MALWARE_Win_RemoteUtilitiesRAT author = ditekSHen, description = RemoteUtilitiesRAT RAT payload, clamav_sig = MALWARE.Win.Trojan.RemoteUtilitiesRAT
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, type: DROPPED	Matched rule: MALWARE_Win_RemoteUtilitiesRAT author = ditekSHen, description = RemoteUtilitiesRAT RAT payload, clamav_sig = MALWARE.Win.Trojan.RemoteUtilitiesRAT

Source: unires_vpd.dll0.2.dr	Static PE information: Section .rsrc
Source: unires_vpd.dll.2.dr	Static PE information: Section .rsrc

Source: classification engine

Classification label: mal100.troj.evad.winEXE@23/88@2/5

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Code function: 0_2_00007FF6CDB1B6E8 GetLastError,FormatMessageW,LocalFree,

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

Code function: 5_2_1106C670 RAND_poll,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,RAND_add,FreeLibrary,GetVersion,OPENSSL_isservice,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,RAND_add,GetVersion,GetVersion,RAND_add,RAND_add,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,RAND_add,Heap32First,RAND_add,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,Process32First,RAND_add,GetTickCount,GetTickCount,GetTickCount,RAND_add,GetTickCount,GetTickCount,RAND_add,GetTickCount,FindCloseChangeNotification,FreeLibrary,GlobalMemoryStatus,RAND_add,GetCurrentProcessId,RAND_add,

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Code function: 0_2_00007FF6CDB38504 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

Code function: 9_2_007F4CA4 StartServiceCtrlDispatcherW,

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

Code function: 9_2_007F4CA4 StartServiceCtrlDispatcherW,

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\Remote Utilities - Host

Jump to behavior

Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1f70
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Mutant created: \BaseNamedObjects\HookTThread$1ec4
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\RManFUSTray
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Mutant created: NULL
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1f84
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1dfc
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Mutant created: \BaseNamedObjects\madExceptSettingsMtx$1ec4
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Mutant created: \Sessions\1\BaseNamedObjects\HookTThread$1f84
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\RManFUSLocal
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Mutant created: \Sessions\1\BaseNamedObjects\HookTThread$1f70
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1dd8
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Mutant created: \BaseNamedObjects\madExceptSettingsMtx$1f48
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1e5c
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1398
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$1db0

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

File created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_4825296

Jump to behavior

Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Virustotal: Detection: 28%

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

File read: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i Exel.msi /qn
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 494BECA00E3009394CA5F2713F238EA9
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\user\AppData\Local\Temp\Exel.msi
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstall
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewall
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /start
Source: unknown	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -service
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -firewall
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i Exel.msi /qn
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 494BECA00E3009394CA5F2713F238EA9
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\user\AppData\Local\Temp\Exel.msi
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstall
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewall
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /start
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -firewall
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Source: C:\Windows\System32\msiexec.exe

File written: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupd.ini

Jump to behavior

Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Static file information: File size 20949417 > 1048576

Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\OpenSSL\Temp\openssl-1.0.2u-x32\out32dll\ssleay32.pdb source: rutserv.exe, 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\OpenSSL\Temp\openssl-1.0.2u-x32\out32dll\libeay32.pdb source: rutserv.exe, 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\OpenSSL\Temp\openssl-1.0.2u-x32\out32dll\ssleay32.pdb@W source: rutserv.exe, 00000005.00000002.1777773566.000000001203F000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000000.1646535165.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000002.1667501100.00007FF6CDB58000.00000002.00000001.01000000.00000003.sdmp

Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe

Unpacked PE file: 4.2.rfusclient.exe.650000.0.unpack

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

File created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_4825296

Jump to behavior

Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Static PE information: section name: .didat
Source: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Static PE information: section name: _RDATA
Source: vp8decoder.dll.2.dr	Static PE information: section name: .rodata
Source: vp8encoder.dll.2.dr	Static PE information: section name: .rodata
Source: webmvorbisdecoder.dll.2.dr	Static PE information: section name: _RDATA
Source: webmvorbisencoder.dll.2.dr	Static PE information: section name: _RDATA
Source: vccorlib120.dll.2.dr	Static PE information: section name: minATL
Source: rutserv.exe.2.dr	Static PE information: section name: .didata
Source: rfusclient.exe.2.dr	Static PE information: section name: .didata
Source: eventmsg.dll.2.dr	Static PE information: section name: .didata
Source: vccorlib120.dll0.2.dr	Static PE information: section name: minATL

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110DF38D push ecx; ret
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_12035721 push ecx; ret
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 9_2_007CBF79 push 34007CC2h; retn 007Ch
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 9_2_007CC270 push 34007CC2h; retn 007Ch
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 9_2_007CCA5F pushfd ; retf 007Ch
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 9_2_007CC554 push 34007CC2h; retn 007Ch
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 9_2_007CC2B0 push 34007CC2h; retn 007Ch
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 9_2_007CCBA9 pushfd ; retf 007Ch
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 9_2_007CC2A0 push eax; ret

Source: msvcr120.dll.2.dr	Static PE information: section name: .text entropy: 6.95576372950548
Source: VPDAgent.exe.2.dr	Static PE information: section name: .text entropy: 6.812931691200469

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrv_rupd.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdpm.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_settings_E3BFC76BE38F4CF79D2ED7163B7DECEE.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\libeay32.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\MessageBox.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\webmmux.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\vp8decoder.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpdisp.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\VPDAgent.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\properties.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\setupdrv.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\pdfout.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unires_vpd.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpd_sdk.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unidrv_rupd.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\ssleay32.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_start_85DB64512C79429FA70AC6C0611579DD.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\vccorlib120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\fwproc.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\ARPPRODUCTICON.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_stop_B603677802D142C98E7A415B72132E14.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupdui.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcr120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcp120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unidrvui_rupd.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\vccorlib120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unires_vpd.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\emf2pdf.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\webmvorbisdecoder.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\webmvorbisencoder.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB6F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcr120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcp120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\eventmsg.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\progressbar.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\srvinst.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupdpm.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\vp8encoder.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdui.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrvui_rupd.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\setupdrv.exe	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\ARPPRODUCTICON.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_settings_E3BFC76BE38F4CF79D2ED7163B7DECEE.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_stop_B603677802D142C98E7A415B72132E14.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB6F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_start_85DB64512C79429FA70AC6C0611579DD.exe	Jump to dropped file

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

File created: C:\ProgramData\Remote Utilities\install.log

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\Remote Utilities - Host\EULA.rtf

Jump to behavior

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

Code function: 9_2_007F4CA4 StartServiceCtrlDispatcherW,

Hooking and other Techniques for Hiding and Protection

Uses an obfuscated file name to hide its real file extension (double extension)

Source: Possible double extension: pdf.exe

Static PE information: 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

Source: C:\Windows\System32\msiexec.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SYSTEM\Remote Utilities Host Installer Security

Jump to behavior

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: rutserv.exe, 00000005.00000000.1736259820.0000000000D41000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000005.00000002.1774897369.0000000001858000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000008.00000002.1914436857.0000000001EF8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXE
Source: rutserv.exe, 00000005.00000002.1774897369.0000000001858000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXEC
Source: rutserv.exe, 00000008.00000002.1914436857.0000000001EF8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXEE0
Source: rutserv.exe, 00000005.00000002.1774897369.0000000001858000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXET
Source: rutserv.exe, 00000008.00000002.1914436857.0000000001EF8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXEW

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

Code function: 5_2_11004DE0 rdtsc

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Window / User API: threadDelayed 5772
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Window / User API: threadDelayed 1371
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Window / User API: threadDelayed 5216
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Window / User API: threadDelayed 4281

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrv_rupd.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdpm.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_settings_E3BFC76BE38F4CF79D2ED7163B7DECEE.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\MessageBox.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\webmmux.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\vp8decoder.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpdisp.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\VPDAgent.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\properties.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\setupdrv.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\pdfout.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unires_vpd.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpd_sdk.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unidrv_rupd.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_start_85DB64512C79429FA70AC6C0611579DD.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\fwproc.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\vccorlib120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\ARPPRODUCTICON.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\en_server_stop_B603677802D142C98E7A415B72132E14.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupdui.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcp120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcr120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unidrvui_rupd.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\vccorlib120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\unires_vpd.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\emf2pdf.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}\UNINST_Uninstall_R_3B1E3C8B7D0945898DA82CEEED02F0C7.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\webmvorbisdecoder.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\webmvorbisencoder.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcr120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIAB6F.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcp120.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\eventmsg.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\progressbar.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\common\srvinst.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\rupdpm.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\vp8encoder.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrvui_rupd.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdui.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\setupdrv.exe	Jump to dropped file

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

API coverage: 0.4 %

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 7952	Thread sleep count: 5772 > 30
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 7952	Thread sleep time: -5772000s >= -30000s
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8004	Thread sleep time: -50000s >= -30000s
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8032	Thread sleep time: -60000s >= -30000s
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8076	Thread sleep time: -180000s >= -30000s
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8084	Thread sleep time: -35000s >= -30000s
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8088	Thread sleep time: -60000s >= -30000s
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8044	Thread sleep count: 1371 > 30
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8092	Thread sleep time: -40000s >= -30000s
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 8188	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe TID: 7892	Thread sleep count: 38 > 30
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe TID: 7356	Thread sleep time: -2608000s >= -30000s
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe TID: 7356	Thread sleep time: -2140500s >= -30000s

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB240CC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB3B070 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB4FB80 FindFirstFileExA,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11004940 OPENSSL_DIR_read,_malloc,_memset,_malloc,FindFirstFileA,FindNextFileA,_strncpy,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110D9950 __getdrive,FindFirstFileA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Code function: 0_2_00007FF6CDB41584 VirtualQuery,GetSystemInfo,

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Thread delayed: delay time: 50000
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Thread delayed: delay time: 60000
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Thread delayed: delay time: 60000
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Thread delayed: delay time: 40000

Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	File opened: C:\Windows\SysWOW64\wininet.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	File opened: C:\Windows\SysWOW64\winspool.drv
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	File opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\COMCTL32.dll
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	File opened: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	File opened: C:\Windows\SysWOW64\
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	File opened: C:\Windows\SysWOW64\winmm.dll

Source: rutserv.exe, 00000009.00000003.1919101620.0000000006700000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2508934964.0000000006705000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.2705508739.0000000006705000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: rutserv.exe, 00000009.00000003.2513140485.0000000001F9A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: rfusclient.exe, 00000004.00000002.1733215838.00000000017D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe

Process information queried: ProcessInformation

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

Code function: 5_2_11004DE0 rdtsc

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Code function: 0_2_00007FF6CDB43050 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Code function: 0_2_00007FF6CDB50C00 GetProcessHeap,

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /start

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB43050 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB475B8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB43234 SetUnhandledExceptionFilter,
Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: 0_2_00007FF6CDB423F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110DC073 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110E5AA7 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110D4D22 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_12032EF0 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_120324E5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1203558C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Code function: 0_2_00007FF6CDB3B070 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,IsDlgButtonChecked,IsDlgButtonChecked,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetDlgItemTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,IsDlgButtonChecked,SendDlgItemMessageW,GetDlgItem,IsDlgButtonChecked,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,IsDlgButtonChecked,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i Exel.msi /qn
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstall
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewall

Source: rfusclient.exe, 00000004.00000000.1714769466.0000000000651000.00000020.00000001.01000000.00000009.sdmp

Binary or memory string: Shell_TrayWndTrayNotifyWndSV

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Code function: 0_2_00007FF6CDB2DBDC cpuid

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	Code function: GetLocaleInfoW,GetNumberFormatW,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: GetLocaleInfoA,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: GetLocaleInfoA,

Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Code function: 0_2_00007FF6CDB40634 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

Code function: 5_2_110E0E32 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,

Source: C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Code function: 0_2_00007FF6CDB24EC0 GetVersionExW,

Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: rutserv.exe, 00000005.00000000.1736259820.0000000000D41000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000005.00000002.1774897369.0000000001858000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXE
Source: rutserv.exe, 00000008.00000002.1914436857.0000000001EF8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ollydbg.exe

Remote Access Functionality

Detected Remote Utilities RAT

Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\user\AppData\Local\Temp\Exel.msi
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstall
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewall
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /start
Source: unknown	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -service
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -firewall
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\user\AppData\Local\Temp\Exel.msi
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstall
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewall
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /start
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters notification	Jump to behavior
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters Security	Jump to behavior
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters General	Jump to behavior
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters CallbackSettings	Jump to behavior
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters FUSClientPath	Jump to behavior
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters InternetId	Jump to behavior
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters Certificates	Jump to behavior
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\Host\Parameters CalendarRecordSettings	Jump to behavior
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe "C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -firewall
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe	Process created: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe "C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray

Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_11068160 BIO_get_accept_socket,BIO_sock_init,BUF_strdup,DSO_global_lookup,DSO_global_lookup,BIO_get_port,htons,BIO_get_host_ip,htonl,socket,setsockopt,bind,WSAGetLastError,htonl,socket,connect,closesocket,closesocket,socket,WSAGetLastError,ERR_put_error,ERR_add_error_data,ERR_put_error,ERR_put_error,ERR_add_error_data,ERR_put_error,listen,WSAGetLastError,ERR_put_error,ERR_add_error_data,ERR_put_error,CRYPTO_free,closesocket,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104E3A0 DSO_bind_var,ERR_put_error,ERR_put_error,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_1104E420 DSO_bind_func,ERR_put_error,ERR_put_error,ERR_put_error,
Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe	Code function: 5_2_110B9870 NCONF_get_string,ERR_clear_error,DSO_load,DSO_bind_func,DSO_bind_func,DSO_free,ERR_put_error,ERR_add_error_data,

Source: Yara match	File source: 4.0.rfusclient.exe.650000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000000.1747218595.0000000001739000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rfusclient.exe PID: 7600, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rutserv.exe PID: 7640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rutserv.exe PID: 7876, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	1 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Service Execution	3 Windows Service	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	3 Windows Service	14 Obfuscated Files or Information	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	12 Process Injection	12 Software Packing	NTDS	56 System Information Discovery	Distributed Component Object Model	Input Capture	1 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	251 Security Software Discovery	SSH	Keylogging	1 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	111 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	121 Masquerading	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	111 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	12 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe	28%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\MessageBox.exe	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\MessageBox.exe	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\VPDAgent.exe	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\VPDAgent.exe	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\emf2pdf.dll	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\emf2pdf.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\fwproc.exe	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\fwproc.exe	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\pdfout.dll	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\pdfout.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\progressbar.exe	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\progressbar.exe	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\properties.exe	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\properties.exe	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\srvinst.exe	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\srvinst.exe	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpd_sdk.dll	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpd_sdk.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpdisp.exe	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpdisp.exe	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcp120.dll	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcp120.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcr120.dll	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\msvcr120.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdpm.dll	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdpm.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdui.dll	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\rupdui.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\setupdrv.exe	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\setupdrv.exe	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrv_rupd.dll	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrv_rupd.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrvui_rupd.dll	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unidrvui_rupd.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unires_vpd.dll	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\unires_vpd.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\vccorlib120.dll	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\x64\vccorlib120.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcp120.dll	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcp120.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcr120.dll	0%	ReversingLabs
C:\Program Files (x86)\Remote Utilities - Host\Printer\x86\msvcr120.dll	0%	Virustotal	Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
fp2e7a.wpc.phicdn.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.indyproject.org/	0%	URL Reputation	safe
http://www.indyproject.org/	0%	URL Reputation	safe
http://www.flexerasoftware.com0	0%	URL Reputation	safe
http://update.remoteutilities.net/upgrade_beta.ini	0%	Avira URL Cloud	safe
http://update.remoteutilities.net/upgrade.ini	0%	Virustotal		Browse
http://update.remoteutilities.net/upgrade.ini	0%	Avira URL Cloud	safe
http://madExcept.comU	0%	Avira URL Cloud	safe
http://update.remoteutilities.net/upgrade_beta.ini	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
id.remoteutilities.com	64.20.61.146	true	false		high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	0%, Virustotal, Browse	unknown
id72.remoteutilities.com	unknown	unknown	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG	rutserv.exe, 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmp	false		high
https://www.remoteutilities.com/support/docs/e	rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/support/docs/	rutserv.exe, 00000009.00000002.2909594242.000000000269A000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/tell-me-more.phpities.com/tell-me-more.phpet	rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.openssl.org/V	rutserv.exe, 00000005.00000002.1777937977.0000000012053000.00000002.00000001.01000000.0000000C.sdmp, rutserv.exe, 00000005.00000002.1777313937.000000001114B000.00000002.00000001.01000000.0000000B.sdmp	false		high
https://www.remoteutilities.com/support/docs/s0	rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	false		high
http://madExcept.comU	rfusclient.exe, 00000004.00000000.1714769466.0000000000651000.00000020.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1849563793.000000007B8C0000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1859762685.000000007CCF0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.remoteutilities.com/support/docs/o0	rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/support/docs/rt/docs/r	rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/soap/envelope/	rfusclient.exe, 00000004.00000000.1714769466.0000000000651000.00000020.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1849563793.000000007B8C0000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000003.1859762685.000000007CCF0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/tell-me-more.phpet	rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.indyproject.org/	rfusclient.exe, 00000004.00000003.1728446387.00000000033EC000.00000004.00001000.00020000.00000000.sdmp, rfusclient.exe, 00000004.00000000.1714769466.0000000000E4E000.00000020.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1736259820.000000000122A000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000002.2909594242.0000000002675000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
https://www.remoteutilities.com/support/docs/0	rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/tell-me-more.phpB	rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.symauth.com/cps0(	3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	false		high
http://rmansys.ru/internet-id/	rutserv.exe, 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000005.00000000.1747218595.0000000001739000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://www.remoteutilities.com/tell-me-more.php...	rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.openssl.org/support/faq.html	rutserv.exe, 00000005.00000002.1776824610.00000000110EA000.00000002.00000001.01000000.0000000B.sdmp	false		high
https://www.remoteutilities.com/index.php?src=app?src=app	rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/index.php?src=appx.php?src=app0	rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmp	false		high
http://update.remoteutilities.net/upgrade.ini	rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1869888513.000000007E7E0000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.remoteutilities.com/tell-me-more.php1	rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/tell-me-more.php.	rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	false		high
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd	rfusclient.exe, 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.symauth.com/rpa00	3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/index.php?src=app	rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/support/docs/t0	rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/tell-me-more.phpes.	rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/support/docs/connecting-over-the-internet/	rutserv.exe, 00000009.00000002.2971300777.000000000503E000.00000004.00001000.00020000.00000000.sdmp, rutserv.exe, 00000009.00000002.2971300777.0000000004F70000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/support/docs/rt/docs/	rutserv.exe, 00000009.00000002.2909594242.000000000269A000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/tell-me-more.php	rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	false		high
http://update.remoteutilities.net/upgrade_beta.ini	rutserv.exe, 00000005.00000000.1736259820.0000000000341000.00000020.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1869888513.000000007E7E0000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.remoteutilities.com/tell-me-more.phpdo?	rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/tell-me-more.phpken	rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.flexerasoftware.com0	3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A21A0000.00000004.00000020.00020000.00000000.sdmp, 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe, 00000000.00000003.1657719455.000001A6A2162000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.inkscape.org/namespaces/inkscape	rfusclient.exe, 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp, rutserv.exe, 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, rutserv.exe, 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/support/docs/a0	rutserv.exe, 00000009.00000002.2977873306.0000000005720000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/support/docs	rutserv.exe, 00000009.00000002.2909594242.000000000269A000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.remoteutilities.com/tell-me-more.phpities.com/tell-me-more.phpum	rutserv.exe, 00000009.00000002.2909594242.00000000026C8000.00000004.00001000.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
77.105.132.70	unknown	Russian Federation	42031	PLUSTELECOM-ASRU	false
64.20.61.146	id.remoteutilities.com	United States	19318	IS-AS-1US	false
185.70.104.90	unknown	Russian Federation	49335	NCONNECT-ASRU	false
66.23.226.254	unknown	United States	19318	IS-AS-1US	false
101.99.94.54	unknown	Malaysia	45839	SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY	true

General Information

Joe Sandbox version:	39.0.0 Ruby
Analysis ID:	1385428
Start date and time:	2024-02-02 09:36:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 53s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe renamed because original name is a hash value
Original Sample Name:	3_.pdf.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@23/88@2/5
EGA Information:	Successful, ratio: 83.3%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
TCP Packets have been reduced to 100
Excluded IPs from analysis (whitelisted): 192.229.211.108
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ocsp.edge.digicert.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:37:16	API Interceptor	466522x Sleep call for process: rutserv.exe modified
09:37:24	API Interceptor	105497x Sleep call for process: rfusclient.exe modified

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	modified
Size (bytes):	32359
Entropy (8bit):	5.221077217292647
Encrypted:	false
SSDEEP:	768:fltototxA6rSrBjp1kyUXGiM01HuECIQcQpeQn6mPaUaqBt6M+pG57:YGsBjpKyUXGeHuECIQcQkQ6mPaUaqBtD
MD5:	68206233254021EE853F27ADA734D571
SHA1:	E39BBFE2F243F5DA81FF44D7F3F7F4304635A8D6
SHA-256:	70B973BF6109792A708B02D6EE011540F39C6EE73B4C7E2FBA20B23E9D4D8E7D
SHA-512:	4E6FAD6664F3D6FC8DF295BE51C5D07286EBF591AA849E57C39D781879F7D4C4EC111FB727DA2BABCD2D21B2E9E6ED286D2D08D1C350263E37E6BF0434468E9F
Malicious:	false
Preview:	...@IXOS.@.....@.LBX.@.....@.....@.....@.....@.....@......&.{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}..Remote Utilities - Host..Exel.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{BFB6CB81-8A2D-41FC-A737-5CF8EB370093}.....@.....@.....@.....@.......@.....@.....@.......@......Remote Utilities - Host......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{26EAB54E-4659-47E8-86F9-4CB74F7E03BE}&.{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}.@......&.{596F4636-5D51-49F5-B3B4-F3C366E9DC23}&.{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}.@......&.{596F4636-5D51-49F5-B3B4-F3C366E9DC23}&.{00000000-0000-0000-0000-000000000000}.@......&.{3244CDE6-6414-4399-B0D5-424562747210}&.{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}.@......&.{197F692B-7CCA-4D79-85A5-ED04202D08D0}&.{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}.@......&.{E79AC184-AD38-4B26-89D0-75B7CEA19FA2}&.{3FF12DDA-38DA-466F-B4E3-6775ACEF5538}.@......&.{BDFF180E-29DE-4951-A6

Process:	C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Remote Utilities - Host 7.2 installation package, Comments: This installer contains the logic and data to install Remote Utilities - Host 7.2, Keywords: Installer,MSI,Database, Subject: Remote Utilities - Host 7.2, Author: Remote Utilities Pty (Cy) Ltd., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2021 - Premier Edition with Virtualization Pack 27, Last Saved Time/Date: Wed Oct 25 17:17:52 2023, Create Time/Date: Wed Oct 25 17:17:52 2023, Last Printed: Wed Oct 25 17:17:52 2023, Revision Number: {BFB6CB81-8A2D-41FC-A737-5CF8EB370093}, Code page: 1252, Template: Intel;1033
Category:	dropped
Size (bytes):	22656000
Entropy (8bit):	7.906722436026202
Encrypted:	false
SSDEEP:	393216:WL2lXkXWYidpIsMLU9zQR5bFvt8uy+zZKKRa8n2o8lQKai847ZxNwb:WLY6G3Mgxmvtry+zxk8wTxNO
MD5:	DBC84F3FE9ECE7369D0FA36E34CE4844
SHA1:	37412165A73BCD574D7F2F34147F2A530FEB7936
SHA-256:	3E88E8A58C47562ED0FC4302BC22247C6D5282757CC18C316757475176FF48C1
SHA-512:	F0969CFB4B23050779391C852961E71A93C8CB1ED7378585FB573A15510D289F942286B7D302D9E352DC77CBE5A539307DC3EA923EC4A06895E072E36B815111
Malicious:	true
Preview:	......................>...................Z...............8........6..................}.................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...).........+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...@...M...:...;...=...........?.......A...B...C...D...E...F...G...H...I...J...O...L...N...........P...Q...R...U...........V...Z...X...Y.......[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.99798080331911
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
File size:	20'949'417 bytes
MD5:	075d6c122274cb9226521d3cd298f2f2
SHA1:	6f54d70f39fa28596ef90bfcb0c14278b016db1b
SHA256:	92192af947017c20ad861faf4459fb705e63f7083b34c77c1727891b88091573
SHA512:	c89f25e451ae095635bee4df25cbf7bb8431d87017ae65898471b346ee3b2a8694b5a45aa00e4dc54881905643c62843216d402e10faadd195e10922a29573be
SSDEEP:	393216:9Vz6+gdQzi/Ew1x1vXYQBEPDdasNaAzEFuEaP3CxMk50pRZfQCy0lifWA5J8EOx:LHSvI+EPDdXNaHaP4Mk50hfh/ieA5nOx
TLSH:	14273306D79D18FCC8A9E67D985B4C47E633784D2211A48F176949A22F83334ED3F72A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i...i.\.i...b.\.i...g.\.`.].C.\...Y.R.\...\.a.\.....a.\

Entrypoint:	0x140032dc0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x6579B995 [Wed Dec 13 14:03:01 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	b1c5b1beabd90d9fdabd1df0779ea832

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x597c0	0x34	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x597f4	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x70000	0x1e324	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x6a000	0x306c	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x8f000	0x970	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x536c0	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x53780	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x4b3f0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x48000	0x508	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x588dc	0x120	.rdata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x4664e	0x46800	cb5fa3169f581ba82faed363ff4f6e49	False	0.5365483710106383	data	6.468535106678591	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x48000	0x128e4	0x12a00	919da1ea112d11a732dbc754aee3741b	False	0.44967753775167785	data	5.272430005055125	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x5b000	0xe75c	0x1a00	17e6aee7483d05299c67ef1c20548699	False	0.28260216346153844	data	3.2575802848760493	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x6a000	0x306c	0x3200	bb12e72c2a1957150354ef39796c9470	False	0.485625	data	5.507547185354104	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.didat	0x6e000	0x360	0x400	ced4b34f6105bed5c533724cbd855e33	False	0.2568359375	data	3.0248828943464656	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
_RDATA	0x6f000	0x15c	0x200	c67570d55af77c6d3a435fe95a2589ac	False	0.40625	data	3.3215020267482327	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x70000	0x1e324	0x1e400	89bca75165439faf93b747f75742c27d	False	0.938646048553719	data	7.896782666673534	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x8f000	0x970	0xa00	77a9ddfc47a5650d6eebbcc823e39532	False	0.52421875	data	5.336289720085303	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	ZLIB Complexity
PNG	0x70524	0x13154	PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced	0.9947162376541631
RT_ICON	0x83678	0x858e	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9985668324071366
RT_DIALOG	0x8bc08	0x2ba	data	0.5286532951289399
RT_DIALOG	0x8bec4	0x13a	data	0.6560509554140127
RT_DIALOG	0x8c000	0xf2	data	0.71900826446281
RT_DIALOG	0x8c0f4	0x14a	data	0.6
RT_DIALOG	0x8c240	0x314	data	0.47588832487309646
RT_DIALOG	0x8c554	0x24a	data	0.6279863481228669
RT_STRING	0x8c7a0	0x1fc	data	0.421259842519685
RT_STRING	0x8c99c	0x246	data	0.41924398625429554
RT_STRING	0x8cbe4	0x1a6	data	0.514218009478673
RT_STRING	0x8cd8c	0xdc	data	0.65
RT_STRING	0x8ce68	0x470	data	0.3873239436619718
RT_STRING	0x8d2d8	0x164	data	0.5056179775280899
RT_STRING	0x8d43c	0x110	data	0.5772058823529411
RT_STRING	0x8d54c	0x158	data	0.4563953488372093
RT_STRING	0x8d6a4	0xe8	data	0.5948275862068966
RT_STRING	0x8d78c	0x1c6	data	0.5242290748898678
RT_STRING	0x8d954	0x268	data	0.4837662337662338
RT_GROUP_ICON	0x8dbbc	0x14	data	1.05
RT_MANIFEST	0x8dbd0	0x753	XML 1.0 document, ASCII text, with CRLF line terminators	0.39786666666666665

DLL	Import
KERNEL32.dll	LocalFree, GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA
OLEAUT32.dll	SysAllocString, SysFreeString, VariantClear
gdiplus.dll	GdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 2, 2024 09:37:22.025059938 CET	49734	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:22.028461933 CET	49735	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:22.041404009 CET	49736	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:22.042712927 CET	49737	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:22.042725086 CET	49738	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:22.051462889 CET	49739	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:22.247539043 CET	5651	49735	101.99.94.54	192.168.2.4
Feb 2, 2024 09:37:22.247647047 CET	49735	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:22.260546923 CET	465	49736	101.99.94.54	192.168.2.4
Feb 2, 2024 09:37:22.260616064 CET	49736	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:22.263031006 CET	80	49737	101.99.94.54	192.168.2.4
Feb 2, 2024 09:37:22.263729095 CET	49737	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:23.027426004 CET	49734	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:23.027559042 CET	49738	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:23.121231079 CET	49737	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:23.121229887 CET	49735	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:23.230521917 CET	49739	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:23.230535984 CET	49736	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:23.714910984 CET	49735	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:23.715123892 CET	49737	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:23.933636904 CET	49736	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:25.105581999 CET	49737	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:25.105581045 CET	49735	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:25.105592012 CET	49734	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:25.105974913 CET	49738	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:25.230550051 CET	49739	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:25.418035030 CET	49736	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:27.368830919 CET	49741	5655	192.168.2.4	64.20.61.146
Feb 2, 2024 09:37:27.489749908 CET	5655	49741	64.20.61.146	192.168.2.4
Feb 2, 2024 09:37:27.489840984 CET	49741	5655	192.168.2.4	64.20.61.146
Feb 2, 2024 09:37:27.490696907 CET	49741	5655	192.168.2.4	64.20.61.146
Feb 2, 2024 09:37:27.490799904 CET	49741	5655	192.168.2.4	64.20.61.146
Feb 2, 2024 09:37:27.611716986 CET	5655	49741	64.20.61.146	192.168.2.4
Feb 2, 2024 09:37:27.683662891 CET	49735	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:27.699285030 CET	49737	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:28.152405977 CET	49736	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:29.105572939 CET	49734	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:29.105745077 CET	49738	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:29.230571985 CET	49739	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:32.840043068 CET	49735	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:32.886811972 CET	49737	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:33.621156931 CET	49736	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:35.988476992 CET	49742	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:35.988694906 CET	49743	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:35.999866962 CET	49744	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:36.018121958 CET	49745	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:36.114202023 CET	49747	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:36.114248037 CET	49746	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:36.996181965 CET	49742	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:36.997667074 CET	49743	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:37.011818886 CET	49744	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:37.027415991 CET	49745	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:37.121166945 CET	49746	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:37.121167898 CET	49747	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:37.532773972 CET	49748	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:37.533879995 CET	49749	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:37.534821033 CET	49750	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:37.621692896 CET	5655	49741	64.20.61.146	192.168.2.4
Feb 2, 2024 09:37:37.621757030 CET	49741	5655	192.168.2.4	64.20.61.146
Feb 2, 2024 09:37:37.753740072 CET	5651	49748	101.99.94.54	192.168.2.4
Feb 2, 2024 09:37:37.753849030 CET	49748	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:37.755201101 CET	465	49750	101.99.94.54	192.168.2.4
Feb 2, 2024 09:37:37.755371094 CET	49750	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:37.755496979 CET	80	49749	101.99.94.54	192.168.2.4
Feb 2, 2024 09:37:37.755561113 CET	49749	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:38.418041945 CET	49748	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:38.418060064 CET	49749	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:38.418364048 CET	49750	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:38.949394941 CET	49750	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:38.949395895 CET	49748	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:38.949398041 CET	49749	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:38.996162891 CET	49742	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:38.996314049 CET	49743	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:39.011812925 CET	49744	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:39.043061972 CET	49745	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:39.121176958 CET	49747	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:39.136789083 CET	49746	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:40.261966944 CET	49750	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:40.261971951 CET	49749	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:40.277654886 CET	49748	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:42.871217966 CET	49749	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:42.873662949 CET	49750	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:42.933794022 CET	49748	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:42.996592999 CET	49742	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:42.997653008 CET	49743	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:43.027424097 CET	49744	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:43.043051958 CET	49745	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:43.121186972 CET	49747	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:43.136895895 CET	49735	5651	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:43.136895895 CET	49746	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:43.246273041 CET	49737	80	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:43.796216965 CET	49751	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:43.875823975 CET	49752	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:44.558669090 CET	49736	465	192.168.2.4	101.99.94.54
Feb 2, 2024 09:37:44.796236038 CET	49751	80	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:44.886828899 CET	49752	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:46.063117981 CET	49753	5651	192.168.2.4	185.70.104.90
Feb 2, 2024 09:37:46.076226950 CET	49754	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:46.173964024 CET	49755	5651	192.168.2.4	77.105.132.70
Feb 2, 2024 09:37:46.191998959 CET	49756	80	192.168.2.4	77.105.132.70

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 2, 2024 09:37:27.247483015 CET	65129	53	192.168.2.4	1.1.1.1
Feb 2, 2024 09:37:27.366250038 CET	53	65129	1.1.1.1	192.168.2.4
Feb 2, 2024 09:38:26.122497082 CET	50422	53	192.168.2.4	1.1.1.1
Feb 2, 2024 09:38:26.240483046 CET	53	50422	1.1.1.1	192.168.2.4

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 2, 2024 09:37:17.167222023 CET	1.1.1.1	192.168.2.4	0x989a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 2, 2024 09:37:17.167222023 CET	1.1.1.1	192.168.2.4	0x989a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Feb 2, 2024 09:37:27.366250038 CET	1.1.1.1	192.168.2.4	0x5fc8	No error (0)	id72.remoteutilities.com	id.remoteutilities.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 2, 2024 09:37:27.366250038 CET	1.1.1.1	192.168.2.4	0x5fc8	No error (0)	id.remoteutilities.com		64.20.61.146	A (IP address)	IN (0x0001)	false
Feb 2, 2024 09:38:26.240483046 CET	1.1.1.1	192.168.2.4	0x5fe1	No error (0)	id72.remoteutilities.com	id.remoteutilities.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 2, 2024 09:38:26.240483046 CET	1.1.1.1	192.168.2.4	0x5fe1	No error (0)	id.remoteutilities.com		64.20.61.146	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	09:36:56
Start date:	02/02/2024
Path:	C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe
Imagebase:	0x7ff6cdb10000
File size:	20'949'417 bytes
MD5 hash:	075D6C122274CB9226521D3CD298F2F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	1
Start time:	09:36:58
Start date:	02/02/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i Exel.msi /qn
Imagebase:	0x7ff6043c0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	3
Start time:	09:36:59
Start date:	02/02/2024
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 494BECA00E3009394CA5F2713F238EA9
Imagebase:	0xf30000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	4
Start time:	09:37:03
Start date:	02/02/2024
Path:	C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
Wow64 process (32bit):	true
Commandline:	C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" -msi_copy "C:\Users\user\AppData\Local\Temp\Exel.msi
Imagebase:	0x650000
File size:	10'931'000 bytes
MD5 hash:	6AAE165F3B1575DB887A0370CFC80083
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000004.00000000.1716230830.0000000001091000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe, Author: Joe Security Rule: MALWARE_Win_RemoteUtilitiesRAT, Description: RemoteUtilitiesRAT RAT payload, Source: C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe, Author: ditekSHen
Reputation:	low
Has exited:	true

Target ID:	5
Start time:	09:37:05
Start date:	02/02/2024
Path:	C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /silentinstall
Imagebase:	0x340000
File size:	21'148'984 bytes
MD5 hash:	652C2A693B333504A3879460D0AF7224
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000005.00000000.1747218595.0000000001803000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000005.00000000.1747218595.0000000001739000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, Author: Joe Security Rule: MALWARE_Win_RemoteUtilitiesRAT, Description: RemoteUtilitiesRAT RAT payload, Source: C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe, Author: ditekSHen
Reputation:	low
Has exited:	true

Target ID:	6
Start time:	09:37:09
Start date:	02/02/2024
Path:	C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /firewall
Imagebase:	0x340000
File size:	21'148'984 bytes
MD5 hash:	652C2A693B333504A3879460D0AF7224
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Target ID:	8
Start time:	09:37:14
Start date:	02/02/2024
Path:	C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" /start
Imagebase:	0x7ff6ec4b0000
File size:	21'148'984 bytes
MD5 hash:	652C2A693B333504A3879460D0AF7224
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Target ID:	9
Start time:	09:37:15
Start date:	02/02/2024
Path:	C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -service
Imagebase:	0x340000
File size:	21'148'984 bytes
MD5 hash:	652C2A693B333504A3879460D0AF7224
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_RMSRemoteAdmin, Description: Yara detected RMS RemoteAdmin tool, Source: 00000009.00000003.1896822360.000000000890F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Target ID:	10
Start time:	09:37:20
Start date:	02/02/2024
Path:	C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe" -firewall
Imagebase:	0x340000
File size:	21'148'984 bytes
MD5 hash:	652C2A693B333504A3879460D0AF7224
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Target ID:	11
Start time:	09:37:21
Start date:	02/02/2024
Path:	C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
Wow64 process (32bit):	true
Commandline:	C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
Imagebase:	0x650000
File size:	10'931'000 bytes
MD5 hash:	6AAE165F3B1575DB887A0370CFC80083
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\49a7b8.rbs

C:\Program Files (x86)\Remote Utilities - Host\EULA.rtf

C:\Program Files (x86)\Remote Utilities - Host\Printer\common\MessageBox.exe

C:\Program Files (x86)\Remote Utilities - Host\Printer\common\VPDAgent.exe

C:\Program Files (x86)\Remote Utilities - Host\Printer\common\emf2pdf.dll

C:\Program Files (x86)\Remote Utilities - Host\Printer\common\fwproc.exe

C:\Program Files (x86)\Remote Utilities - Host\Printer\common\pdfout.dll

C:\Program Files (x86)\Remote Utilities - Host\Printer\common\printer.ico

C:\Program Files (x86)\Remote Utilities - Host\Printer\common\progressbar.exe

C:\Program Files (x86)\Remote Utilities - Host\Printer\common\properties.exe

C:\Program Files (x86)\Remote Utilities - Host\Printer\common\rupd.lng

C:\Program Files (x86)\Remote Utilities - Host\Printer\common\srvinst.exe

C:\Program Files (x86)\Remote Utilities - Host\Printer\common\vpd_sdk.dll

Windows Analysis Report
3_#U0420#U0430#U0445#U0443#U043d#U043e#U043a.pdf.exe

Target ID:	15
Start time:	09:37:29
Start date:	02/02/2024
Path:	C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe" /tray
Imagebase:	0x650000
File size:	10'931'000 bytes
MD5 hash:	6AAE165F3B1575DB887A0370CFC80083
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre