Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
rufus-4.5p.exe

Overview

General Information

Sample name:rufus-4.5p.exe
Analysis ID:1514140
MD5:129e5bbf63d8299d027186eafe92754a
SHA1:c50bd94af6af186edc536ec6ff83bdd233586618
SHA256:c6e6cdba209f899e5087f1a1a4babc759414b4a687b60ba4bce62b6b37e8e82b
Infos:

Detection

Score:36
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Changes autostart functionality of drives
Modifies Group Policy settings
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Creates files inside the system directory
Enables debug privileges
Enables driver privileges
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • rufus-4.5p.exe (PID: 6832 cmdline: "C:\Users\user\Desktop\rufus-4.5p.exe" MD5: 129E5BBF63D8299D027186EAFE92754A)
  • vdsldr.exe (PID: 6984 cmdline: C:\Windows\System32\vdsldr.exe -Embedding MD5: 472A05A6ADC167E9E5D2328AD98E3067)
    • conhost.exe (PID: 280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • vds.exe (PID: 7056 cmdline: C:\Windows\System32\vds.exe MD5: 0781CE7ECCD9F6318BA72CD96B5B8992)
  • vds.exe (PID: 5980 cmdline: C:\Windows\System32\vds.exe MD5: 0781CE7ECCD9F6318BA72CD96B5B8992)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Compliance
  • Spreading
  • Networking
  • System Summary
  • Data Obfuscation
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection
  • Lowering of HIPS / PFW / Operating System Security Settings

Click to jump to signature section

Show All Signature Results
Source: rufus-4.5p.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 185.199.109.153:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.153:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.153:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.153:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: rufus-4.5p.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: Warning: Could not read file pointer %sCould not set file pointer - AbortingWarning: Possible short writeWrote %d bytes but requested %dWrite error %sRetrying in %d seconds...NtdllNtCreateFileRtlDosPathNameToNtPathNameWRtlFreeHeapRtlSetLastWin32ErrorAndNtStatusFromNtStatusDbgHelpSymInitializeSymLoadModuleExSymUnloadModule64SymEnumSymbolsSymCleanup.pdbCould not find debug info in '%s'%s@%s%x:%sSOFTWAREAkeo Consulting\Rufus%s\%shttp://msdl.microsoft.com/download/symbols/%s/%s%x/%sMicrosoft-Symbol-Server/10.0.22621.755Could not initialize DLL symbol handlerbase_address == DEFAULT_BASE_ADDRESS*!*%dregistry.hstrchr(key_name, '\\') == NULLSOFTWARE\Akeo Consulting\Rufus source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmp

Spreading

barindex
Source: C:\Users\user\Desktop\rufus-4.5p.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{8DADF20E-F6E1-4E88-A16C-87704B2715A1}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutorunJump to behavior
Source: rufus-4.5p.exeBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619E8D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619E8D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Check the device for bad blocks using a test patternUncheck this box to use the "slow" format methodMethod that will be used to make the drive bootableClick to select or download an image...Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)Install a UEFI bootloader, that will perform MD5Sum file validation of the mediaCreate an extra hidden partition and try to align partitions boundaries.
Source: rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Ignoring 'autorun.inf' label for drive %c: No media
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Using 'autorun.inf' label for drive %c: '%s'
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Unable to load '%S.dll': %sNtQueryVolumeInformationFileGetLogicalDriveStrings failed: %sGetLogicalDriveStrings: Buffer too small (required %lu vs. %zu)\\.\%c:Warning: Time-out while trying to query drive %cFailed to get a drive letterNo drive letter was assigned...ABORTED: Cannot use an image that is located on the target drive!Failed to delete mountpoint %s: %sNO_LABELlabelIgnoring 'autorun.inf' label for drive %c: No mediaUsing 'autorun.inf' label for drive %c: '%s'%s does not have a Boot Marker%s has a %s Master Boot Record%s has an unknown Master Boot RecordPartition Boot RecordVolume does not have an x86 %sDrive has a %s %sVolume has an unknown FAT16 or FAT32 %sVolume has an unknown %sCould not get layout for drive 0x%02x: %s(Unrecognized)UDFISO9660APFSHFS/HFS+extext2ext3ext4CD001NXSBBEA01exFATNTFSReFSFATFAT12FAT16FAT32Could not unmount drive: %sCould not mount %s as %c:%s was successfully mounted as %c:%s is already mounted, but volume GUID could not be checked: %s%s is mounted, but volume GUID doesn't match:
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: %sautorun.inf
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ?iconicon.cicondir != NULL && icondir->idCount <= 64Unable to create icon '%s': %s.Could not write icon header: %s.Could not write ICONDIRENTRY[%d]: %s.Could not write ICONDIRENTRY[%d] offset: %s.Could not write icon data #%d: %s.Created: %s%sautorun.infr%s already exists - keeping itw, ccs=UTF-16LEUnable to create %sNOTE: This may be caused by a poorly designed security solution. See https://goo.gl/QTobxX.; Created by %s
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Short write detectedError allocating file name%s%s/%s%s/syslinux-%s/%sRufus Replaced with local version %s Could not replace file: %s File name sanitized to '%s' Unable to create file: %sautorun.inf NOTE: This is usually caused by a poorly designed security solution. See https://bit.ly/40qDtyF.
Source: rufus-4.5p.exe, 00000000.00000002.3049518518.000001C5B3BD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-4.5p.exe, 00000000.00000002.3049518518.000001C5B3BD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)<3
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: "and set a device icon (creates an autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacionalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: m souboru autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: e un fichier autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: hoz (egy autorun.inf f
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: un file autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: (autorun.inf
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: (sukuria autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: dzenia (tworzy plik autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ier autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: uje autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: boru autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: t simgesini belirleyin (autorun.inf olu
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: o autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: "and set a device icon (creates an autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacionalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: m souboru autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: Ruf6434.tmp.0.drBinary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: Ruf6434.tmp.0.drBinary or memory string: e un fichier autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: hoz (egy autorun.inf f
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: un file autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: autorun.inf
Source: Ruf6434.tmp.0.drBinary or memory string: (autorun.inf
Source: Ruf6434.tmp.0.drBinary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: (sukuria autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: autorun.inf"
Source: Ruf6434.tmp.0.drBinary or memory string: dzenia (tworzy plik autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: ier autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: uje autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: boru autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: Ruf6434.tmp.0.drBinary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: Ruf6434.tmp.0.drBinary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: Ruf6434.tmp.0.drBinary or memory string: autorun.inf
Source: Ruf6434.tmp.0.drBinary or memory string: t simgesini belirleyin (autorun.inf olu
Source: Ruf6434.tmp.0.drBinary or memory string: o autorun.inf)"
Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox ViewIP Address: 185.199.109.153 185.199.109.153
Source: Joe Sandbox ViewIP Address: 185.199.109.153 185.199.109.153
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /Fido.ver HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Rufus/0.0.0 (Windows NT 10.0)Host: rufus.ie
Source: global trafficHTTP traffic detected: GET /pbatard/Fido/releases/download/v1.58/Fido.ps1.lzma HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Rufus/4.5.2180 (Windows NT 10.0)Host: github.com
Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/165325376/d3a1af7d-a08b-48d6-b9f2-2e91db7c6081?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240919%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240919T193909Z&X-Amz-Expires=300&X-Amz-Signature=62eb0856a00e5224e8a6c7249cda7af418181a0f86068dce0af18b66de0a34b5&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DFido.ps1.lzma&response-content-type=application%2Foctet-stream HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Rufus/4.5.2180 (Windows NT 10.0)Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /Rufus_win_x64_10.0.ver HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Rufus/4.5.2180 (Windows NT 10.0)Host: rufus.ie
Source: global trafficHTTP traffic detected: GET /Rufus_win_x64_10.ver HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Rufus/4.5.2180 (Windows NT 10.0)Host: rufus.ie
Source: global trafficHTTP traffic detected: GET /Rufus_win_x64.ver HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Rufus/4.5.2180 (Windows NT 10.0)Host: rufus.ie
Source: global trafficHTTP traffic detected: GET /Rufus_win.ver HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Rufus/4.5.2180 (Windows NT 10.0)Host: rufus.ie
Source: global trafficHTTP traffic detected: GET //Rufus_win.ver.sig HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Rufus/4.5.2180 (Windows NT 10.0)Host: rufus.ie
Source: global trafficDNS traffic detected: DNS query: rufus.ie
Source: global trafficDNS traffic detected: DNS query: github.com
Source: global trafficDNS traffic detected: DNS query: objects.githubusercontent.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 9379Server: GitHub.comContent-Type: text/html; charset=utf-8Access-Control-Allow-Origin: *ETag: "64d39a40-24a3"Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'x-proxy-cache: MISSX-GitHub-Request-Id: 8D7D:16DD:518E463:5931C63:66EC7E2DAccept-Ranges: bytesAge: 0Date: Thu, 19 Sep 2024 19:40:31 GMTVia: 1.1 varnishX-Served-By: cache-nyc-kteb1890049-NYCX-Cache: MISSX-Cache-Hits: 0X-Timer: S1726774832.845780,VS0,VE13Vary: Accept-EncodingX-Fastly-Request-ID: c8a20c61399d5c31abf3f5d5eca140ae6ff24eb1
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 9379Server: GitHub.comContent-Type: text/html; charset=utf-8Access-Control-Allow-Origin: *ETag: "64d39a40-24a3"Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'x-proxy-cache: MISSX-GitHub-Request-Id: 17DE:16DE:5D47EF9:66609CA:66EC7E2FAccept-Ranges: bytesAge: 0Date: Thu, 19 Sep 2024 19:40:32 GMTVia: 1.1 varnishX-Served-By: cache-nyc-kteb1890082-NYCX-Cache: MISSX-Cache-Hits: 0X-Timer: S1726774832.453654,VS0,VE14Vary: Accept-EncodingX-Fastly-Request-ID: d38a476400fe7d752f91e8e78a89bc5f2c73953a
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 9379Server: GitHub.comContent-Type: text/html; charset=utf-8Access-Control-Allow-Origin: *ETag: "64d39a40-24a3"Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'x-proxy-cache: MISSX-GitHub-Request-Id: 5042:1700:158FBAC:17ADFCD:66EC7E30Accept-Ranges: bytesAge: 0Date: Thu, 19 Sep 2024 19:40:33 GMTVia: 1.1 varnishX-Served-By: cache-ewr-kewr1740050-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1726774833.081423,VS0,VE13Vary: Accept-EncodingX-Fastly-Request-ID: 901ea70440598c68e645cb194710d87ae87dc804
Source: rufus-4.5p.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8994000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: rufus-4.5p.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: rufus-4.5p.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: rufus-4.5p.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: rufus-4.5p.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://e2fsprogs.sourceforge.net/
Source: rufus-4.5p.exe, rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://freedos.sourceforge.net/freecom
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://fsf.org/
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmp, Ruf6434.tmp.0.drString found in binary or memory: http://halamix2.pl
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://ms-sys.sourceforge.net/
Source: rufus-4.5p.exeString found in binary or memory: http://ocsp.comodoca.com0
Source: rufus-4.5p.exeString found in binary or memory: http://ocsp.sectigo.com0
Source: rufus-4.5p.exeString found in binary or memory: http://ocsp.sectigo.com0$
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcb
Source: rufus-4.5p.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcbversal-r
Source: rufus-4.5p.exeString found in binary or memory: http://s.symcd.com06
Source: rufus-4.5p.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl
Source: rufus-4.5p.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: rufus-4.5p.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://7-zip.org/
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://7-zip.org/openNOTICE:
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://axialis.com/
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://bit.ly/40qDtyF.
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.
Source: rufus-4.5p.exeString found in binary or memory: https://d.symcb.com/cps0%
Source: rufus-4.5p.exeString found in binary or memory: https://d.symcb.com/rpa0
Source: rufus-4.5p.exeString found in binary or memory: https://d.symcb.com/rpa0.
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://gist.github.com/mattifestation/92e545bf1ee5b68eeb71d254cec2f78e
Source: rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8994000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmp, Ruf6434.tmp.0.drString found in binary or memory: https://github.com/Chocobo1
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmp, Ruf6434.tmp.0.drString found in binary or memory: https://github.com/SiderealArt
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/chenall/grub4dos
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmp, Ruf6434.tmp.0.drString found in binary or memory: https://github.com/cupofocha
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/kokke/tiny-regex-c
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/libtom/libtomcrypt
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A159000.00000040.00000001.01000000.00000003.sdmp, rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A17F000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/pbatard/AmiNtfsBug.
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/pbatard/Fido
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AC3000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56C6000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56CF000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AB5000.00000004.00000020.00020000.00000000.sdmp, Fido[1].ver.0.drString found in binary or memory: https://github.com/pbatard/Fido/releases/download/v1.58/Fido.ps1.lzma
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pbatard/Fido/releases/download/v1.58/Fido.ps1.lzmaI
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/pbatard/bled
Source: rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/blob/m
Source: rufus-4.5p.exe, rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmp, rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619E93000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/pbatard/rufus/blob/master/res/loc/ChangeLog.txt
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/pbatard/rufus/issues
Source: rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56CF000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmp, Rufus_win[1].ver.0.drString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5.exe
Source: rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5.exedownload_url_x86
Source: rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmp, Rufus_win[1].ver.0.drString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm.exe
Source: rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm.exedownload_url_arm64
Source: rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmp, Rufus_win[1].ver.0.drString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm64.exe
Source: rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm64.exerelease_notes
Source: rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmp, Rufus_win[1].ver.0.drString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_x86.exe
Source: rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_x86.exedownload_url_arm
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/pbatard/rufus/wiki/FAQ#bsods-with-windows-to-go-drives-created-from-windows-10-18
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A08A000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/pbatard/uefi-ntfs.
Source: rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8994000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/t
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/u-boot/u-boot
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/weidai11/cryptopp/
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://goo.gl/QTobxX.
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://goo.gl/QTobxX.;
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://kolibrios.org/
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A159000.00000040.00000001.01000000.00000003.sdmp, rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A17F000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://md5.akeo.ie
Source: rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://objects.githubusercontent.com/
Source: rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B89BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/165325376/d3a1af7d-a08b
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AC3000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://objects.githubusercontent.com/rk
Source: rufus-4.5p.exeString found in binary or memory: https://rufus.ie
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A08A000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://rufus.ie).
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AC3000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8994000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmp, rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie//Rufus_win.ver.sig
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie//Rufus_win.ver.sig1
Source: rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8975000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie//Rufus_win.ver.sig9
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://rufus.ie/CheckForBetashttps://rufus.ieUsing
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AB1000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://rufus.ie/Fido.ver
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/Fido.verb
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:
Source: rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8975000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8994000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8978000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/Rufus_win.ver
Source: rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8975000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/Rufus_win.verU
Source: rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8994000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/Rufus_win.verom/
Source: rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8975000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/Rufus_win.vers1
Source: rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8975000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/Rufus_win.verver
Source: rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8975000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/Rufus_win_x64.ver
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/Rufus_win_x64_10.0.ver
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/Rufus_win_x64_10.0.ver$
Source: rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B89BD000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B89BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/Rufus_win_x64_10.ver
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/Rufus_win_x64_10.verr
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/Rufus_win_x64_10.vert
Source: rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8975000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/co
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://rufus.ie/files
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://rufus.ie/filesGrub2%s
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AC3000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rufus.ie/yl3
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://rufus.ieRufusRunning
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://rufus.ieopen321Failed
Source: rufus-4.5p.exeString found in binary or memory: https://sectigo.com/CPS0
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://sourceforge.net/projects/smartmontools
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://svn.reactos.org/reactos/trunk
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://svn.reactos.org/reactos/trunk/reactos/dll/win32/fmifs
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://syslinux.org/
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://systeminformer.sourceforge.io/
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://tortoisegit.org/
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://tortoisesvn.net/
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A05E000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://un.akeo.ie
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://winscp.net/
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.busybox.net/
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.codeguru.com/forum/showthread.php?p=1951973
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.freedos.org/
Source: rufus-4.5p.exeString found in binary or memory: https://www.gnu.org/licenses/gpl-3.0.htmlD
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.gnu.org/software/fdisk
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.gnu.org/software/grub
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.gnu.org/software/libcdio
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.gnu.org/software/wget
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.gnupg.org/
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.reactos.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 185.199.109.153:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.153:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.153:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.153:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: C:\Users\user\Desktop\rufus-4.5p.exeFile created: C:\Windows\System32\GroupPolicy\gpt.iniJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeFile created: C:\Windows\System32\GroupPolicy\MachineJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeFile created: C:\Windows\System32\GroupPolicy\UserJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeFile created: C:\Windows\System32\GroupPolicy\Machine\Registry.polJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeProcess token adjusted: Load DriverJump to behavior
Source: rufus-4.5p.exeStatic PE information: Resource name: RT_RCDATA type: DOS executable (COM)
Source: rufus-4.5p.exe, 00000000.00000000.1803233345.00007FF61A194000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamerufus-4.5.exe, vs rufus-4.5p.exe
Source: rufus-4.5p.exe, 00000000.00000002.3050380862.00007FF61A194000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamerufus-4.5.exe, vs rufus-4.5p.exe
Source: rufus-4.5p.exeBinary or memory string: OriginalFilenamerufus-4.5.exe, vs rufus-4.5p.exe
Source: rufus-4.5p.exeStatic PE information: Section: UPX1 ZLIB complexity 0.9991962955660708
Source: classification engineClassification label: sus36.spre.evad.winEXE@5/8@3/3
Source: C:\Users\user\Desktop\rufus-4.5p.exeFile created: C:\Users\user\Desktop\rufus.iniJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeMutant created: \Sessions\1\BaseNamedObjects\Global/Rufus
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:280:120:WilError_03
Source: C:\Users\user\Desktop\rufus-4.5p.exeFile created: C:\Users\user\AppData\Local\Temp\Ruf6434.tmpJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeFile read: C:\Windows\System32\GroupPolicy\gpt.iniJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: rufus-4.5p.exeString found in binary or memory: :size Sets maximum size of line edit buffer (default:128) /MACROS Displays all DOSKey macros /OVERSTRIKE Overwrites new characters onto line when typing (default) /REINSTALL Installs a new copy of DOSKey macroname Specifie
Source: rufus-4.5p.exeString found in binary or memory: s the command to carry out for each file. command-parameters Specifies parameters or switches for the specified command. To use the FOR command in a batch program, specify %%%%variable instead of %%variable. For example: FOR %%f IN (---start
Source: unknownProcess created: C:\Users\user\Desktop\rufus-4.5p.exe "C:\Users\user\Desktop\rufus-4.5p.exe"
Source: unknownProcess created: C:\Windows\System32\vdsldr.exe C:\Windows\System32\vdsldr.exe -Embedding
Source: unknownProcess created: C:\Windows\System32\vds.exe C:\Windows\System32\vds.exe
Source: C:\Windows\System32\vdsldr.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\vds.exe C:\Windows\System32\vds.exe
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: vds_ps.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: gpedit.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: activeds.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: dssec.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: dsuiext.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: ntdsapi.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: authz.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: vdsutil.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: bcd.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: vds_ps.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: osuninst.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: vdsutil.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: bcd.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: uexfat.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: ifsutil.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: uudf.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: untfs.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: ufat.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: fmifs.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: vds_ps.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: osuninst.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: vdsutil.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: bcd.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: uexfat.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: ifsutil.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: uudf.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: untfs.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: ufat.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: fmifs.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0393303-90D4-4A97-AB71-E9B671EE2729}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeFile written: C:\Windows\System32\GroupPolicy\gpt.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\rufus-4.5p.exeWindow detected: Number of UI elements: 27
Source: C:\Users\user\Desktop\rufus-4.5p.exeWindow detected: Number of UI elements: 32
Source: rufus-4.5p.exeStatic PE information: certificate valid
Source: rufus-4.5p.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: rufus-4.5p.exeStatic file information: File size 1513032 > 1048576
Source: rufus-4.5p.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x164a00
Source: rufus-4.5p.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: Warning: Could not read file pointer %sCould not set file pointer - AbortingWarning: Possible short writeWrote %d bytes but requested %dWrite error %sRetrying in %d seconds...NtdllNtCreateFileRtlDosPathNameToNtPathNameWRtlFreeHeapRtlSetLastWin32ErrorAndNtStatusFromNtStatusDbgHelpSymInitializeSymLoadModuleExSymUnloadModule64SymEnumSymbolsSymCleanup.pdbCould not find debug info in '%s'%s@%s%x:%sSOFTWAREAkeo Consulting\Rufus%s\%shttp://msdl.microsoft.com/download/symbols/%s/%s%x/%sMicrosoft-Symbol-Server/10.0.22621.755Could not initialize DLL symbol handlerbase_address == DEFAULT_BASE_ADDRESS*!*%dregistry.hstrchr(key_name, '\\') == NULLSOFTWARE\Akeo Consulting\Rufus source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmp
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\Desktop\rufus-4.5p.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\rufus-4.5p.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: rufus-4.5p.exeBinary or memory string: VMware Virtual disk SCSI Disk Device' => Eliminated
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware__VMware_Virtual_S
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "VMware-Laufwerkserkennung"
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "A detetar disco VMWare"
Source: Ruf6434.tmp.0.drBinary or memory string: w VMWare"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware Coredump Partition
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AC3000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "VMWare-levyn havaitseminen"
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP|
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "VMWare-schijfdetectie"
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "Deteksi VMWare disk"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Hyper-V Server
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "Detectare disc VMWare"
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "VMWare disk detection"
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "VMware lemez
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Processing Hub %d: Hub[%d] = '%s' Found ID[%03d]: %sUASPSTORSDIgnoreUsb%02dSOFTWAREAkeo Consulting\Rufus(uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name))(card_start > 0) && (card_start < ARRAYSIZE(genstor_name))Could not allocate Device ID listProcessing IDs belonging to '%s': %sSetupDiGetDeviceRegistryProperty (Enumerator Name) failed: %sUSBSTORProcessing '%s' device: Unsupported or disabled by policyArsenal_________Virtual_KernSafeVirtual_________Msft____Virtual_Disk____VMware__VMware_Virtual_SSCSI\Diskstrlen(scsi_card_name_copy) > 1 Hardware ID: '%s'SetupDiGetDeviceInstanceId failed: %s<N/A>Could not locate device node for '%s'Could not get children of '%s'NOTE: Matched instance from sibling for '%s' Matched with ID[%03d]: %s Matched with (GP) ID[%03d]: %s Matched with Hub[%d]: '%s'Could not get device instance handle for '%s': CR error %dCould not get port for '%s': CR error %dCould not open hub %s: %sCould not get node connection information for '%s': %sCould not get node connection information (V2) for device '%s': %sFound VHD device '%s'Found card reader device '%s'Found non-USB removable device '%s' => EliminatedIf you *REALLY* need, you can enable listing of this device with <Ctrl><Alt><F>Found non-USB removable device '%s'Found non-USB non-removable device '%s' => Eliminated????:????%04X:%04XIgnoring '%s' (%s), per user settingsFound %s%s%s device '%s' (%s) %sNOTE: This device is a USB 3.%c device operating at lower speed...A device was eliminated because it didn't report itself as a diskCould not open '%s': %sDevice eliminated because it appears to contain no mediaDevice eliminated because it is smaller than %sDevice eliminated because it contains a mounted partition that is set as non-removableDevice eliminated because it was detected as a Hard Drive (score %d > 0)If this device is not a Hard Drive, please e-mail the author of this applicationNOTE: You can enable the listing of Hard Drives under 'advanced drive properties'Device eliminated because it was detected as a card larger than %sTo use such a card, check 'List USB Hard Drives' under 'advanced drive properties'Device eliminated because it was detected as a Microsoft Dev DrivePortableBaseLayerDevice eliminated because it is a Windows Sandbox VHDDevice eliminated because listing of VHDs is disabled (Alt-G)Removing %c: from the list: This is the %s!%s [%s]Warning: Found more than %d drives - ignoring remaining ones...RTSUERCMIUCREUCRVUSBSTORETRONSTORASUSSTPTSCSIPCISTORRTSORJMCRJMCFRIMMPTSKRIMSPTSKRISDRIXDPTSKTI21SONYESD7SKESM7SKO2MDO2SDVIACRGLREADER_SD__SDHC__SDXC__MMC__MS__MSPro__xDPicture__O2Media_USBUSB 1.0USB 1.1USB 2.0USB 3.0USB 3.1
Source: Ruf6434.tmp.0.drBinary or memory string: tection de disque VMWare"
Source: rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: e device 'VMware Virtual disk SCSI Disk Device' => Eliminated
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Server Datacenter without Hyper-V
Source: Ruf6434.tmp.0.drBinary or memory string: o de disco VMWare"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware Reserved Partition
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619E93000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware Virtual disk SCSI Disk Device' => Eliminated
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "VMWare detekce disk"
Source: Ruf6434.tmp.0.drBinary or memory string: vanie VMWare disku"
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "Zaznavanje diskov VMware"
Source: rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMWare disk detection
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Server Datacenter without Hyper-V (Core)
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Server Enterprise without Hyper-V (Core)
Source: rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000R^
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "Pengesanan cakera VMWare"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Server Enterprise without Hyper-V
Source: Ruf6434.tmp.0.drBinary or memory string: a VMWare"
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "VMWare
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "VMWare disk detektering"
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "Rilevamento disco VMWare"
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "VMWare diskdetekteringen
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware VMKCORE
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Found non-USB removable device 'VMware Virtual disk SCSI Disk Device' => Eliminated
Source: Ruf6434.tmp.0.drBinary or memory string: n de discos VMWare"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware VMFS
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Unable to load '%S.dll': %srestoredsetSetLGP: CoCreateInstance failed; hr = %lxSetLGP: OpenLocalMachineGPO failed - error %lxSetLGP: GetRegistryKey failed - error %lxSetLGP: Failed to open LGPO path %s - error %lxSetLGP: Failed to read original %s policy value - error %lxSetLGP: RegSetValueEx / RegDeleteValue failed - error %lxSetLGP: Unable to apply %s policy - error %lxSetLGP: Successfully %s %s policy to 0x%08lXSetLGP: Successfully removed %s policy keySOFTWAREAkeo Consulting\Rufusstdfn.chtab->table == NULLCould not allocate space for hash table<NULL>htab->filled < htab->sizeCould not duplicate string for hash tableWldpWldpQueryWindowsLockdownModeUnable to locate %s() in '%s.dll': %sCould not detect S Mode: %sServer 2003VistaXP_64Server 2008Server 2008_R2Server 2012Server 2012_R2Server 10 (Preview 1)10Server 202212 or laterServer 2003_R211Server 2019Server 201610 (Preview 1)8.187XPx64x86arm64armunknownNT??Home BasicHome PremiumEnterpriseHome Basic NBusinessServer StandardServer DatacenterSmallbusiness ServerServer EnterpriseStarterServer Datacenter (Core)Server Standard (Core)Server Enterprise (Core)Business NWeb ServerHPC EditionStorage Server (Essentials)Home Premium NEnterprise NUltimate NHome ServerServer Standard without Hyper-VServer Datacenter without Hyper-VServer Enterprise without Hyper-VServer Datacenter without Hyper-V (Core)Server Standard without Hyper-V (Core)Server Enterprise without Hyper-V (Core)Hyper-V ServerStarter NProPro NServer Solutions PremiumServer Solutions Premium (Core)Server Hyper Core VStarter EHome Basic EPremium EPro EEnterprise EUltimate EEnterprise (Eval)Server Standard (Eval)Server Datacenter (Eval)Enterprise N (Eval)Thin PCEmbeddedHome NHome ChinaHome Single LanguageHomePro with Media CenterHome ConnectedPro StudentHome Connected NPro Student NHome Connected Single LanguageHome Connected ChinaEducationEducation NEnterprise LTSBEnterprise LTSB NPro SPro S NEnterprise LTSB (Eval)Enterprise LTSB N (Eval)Pro Single LanguagePro ChinaEnterprise SubscriptionEnterprise Subscription NServer Datacenter SA (Core)Server Standard SA (Core)Utility VMPro for WorkstationsPro for Workstations NPro for EducationPro for Education NEnterprise GEnterprise G NCloudCloud NHome OSCloud EIoT OSCloud E NIoT Edge OSIoT EnterpriseLiteIoT Enterprise SXBoxAzure Server(Unlicensed)Ultimate Kernel32IsWow64Process2Note: Underlying Windows architecture was guessed and may be incorrect...%s %u.%u %s%s SP%u.%u %s%s SP%u %s(Unknown Edition 0x%02X)%s%s%s %sSoftware\Microsoft\Windows NT\CurrentVersion\UBR (Build %lu.%lu) (Build %lu) in S Mode
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "VMWare disk alg
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Server Standard without Hyper-V
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: \\?\GLOBALROOTSuper Floppy DiskAndroid Boot PartitionAndroid Bootloader PartitionAndroid Cache PartitionAndroid Config PartitionAndroid Data PartitionAndroid Ext PartitionAndroid Factory PartitionAndroid Fastboot PartitionAndroid Metadata PartitionAndroid Misc PartitionAndroid OEM PartitionAndroid Persistent PartitionAndroid Recovery PartitionAndroid System PartitionAndroid Vendor PartitionApple APFS PartitionApple Boot PartitionApple Filevault PartitionApple HFS+ PartitionApple Label PartitionApple RAID Partition (Offline)Apple RAID PartitionApple RAID Cache PartitionApple RAID Scratch PartitionApple RAID Status PartitionApple RAID Volume PartitionApple Recovery PartitionApple UFS PartitionApple ZFS PartitionAtari Data PartitionBeOS BFS PartitionChrome OS Kernel PartitionChrome OS Reserved PartitionChrome OS Root PartitionCoreOS Raid PartitionCoreOS Reserved PartitionCoreOS Root PartitionCoreOS Usr PartitionFreeBSD Boot PartitionFreeBSD Data PartitionFreeBSD LVM PartitionFreeBSD Swap PartitionFreeBSD UFS PartitionFreeBSD ZFS PartitionBIOS Boot PartitionExtended Boot Loader PartitionEFI System PartitionMBR PartitionUnused PartitionHP-UX Data PartitionHP-UX Service PartitionIBM GPFS PartitionIntel Fast Flash PartitionLenovo Boot PartitionLinux Boot PartitionLinux Data PartitionLinux Encrypted PartitionLinux Home PartitionLinux LUKS PartitionLinux LVM PartitionLinux RAID PartitionLinux Reserved PartitionLinux Boot Partition (ARM)Linux Boot Partition (ARM64)Linux Boot Partition (x86-32)Linux Boot Partition (x86-64)Linux Srv PartitionLinux Swap PartitionMicrosoft Basic Data PartitionMicrosoft LDM Data PartitionMicrosoft LDM Metadata PartitionMicrosoft Recovery PartitionMicrosoft System Reserved PartitionMicrosoft Storage Spaces PartitionNetBSD Concatenated PartitionNetBSD Encrypted PartitionNetBSD FFS PartitionNetBSD LFS PartitionNetBSD RAID PartitionNetBSD Swap PartitionOpenBSD Data PartitionPlan 9 Data PartitionPReP Boot PartitionQNX Data PartitionSolaris Alternate Sector PartitionSolaris Backup PartitionSolaris Boot PartitionSolaris Home PartitionSolaris Reserved PartitionSolaris Root PartitionSolaris Swap PartitionSolaris Var PartitionSony Boot PartitionVeraCrypt Data PartitionVMware Coredump PartitionVMware Reserved PartitionVMware VMFS PartitionEmptyXENIX rootXENIX usrSmall FAT16ExtendedNTFS/exFAT/UDFAIXAIX BootableOS/2 Boot ManagerFAT32 LBAFAT16 LBAExtended LBAOPUSHidden FAT12Compaq DiagnosticsHidden Small FAT16Hidden FAT16Hidden NTFSAST SmartSleepHidden FAT32Hidden FAT32 LBAHidden FAT16 LBAWindows Mobile XIPSpeedStorNEC DOSWindows Mobile IMGFSHidden NTFS WinREPlan 9PMagic RecoveryVenix 80286PPC PReP BootSFSQNX4.xOnTrack DMCP/MEZ DriveGolden BowPriam EDiskGNU HURD/SysVNetwareDiskSecure MultiBootPC/IXNovellXOSLF.I.X.AODPSMinixGNU/Linux SwapGNU/LinuxWindows HibernationGNU/Linux ExtendedNTFS Volume SetGNU/Linux PlaintextFreeDOS Hidden FAT12GNU/Linux LVMFreeDOS Hidden FAT16FreeDOS Hidden ExtendedGNU/Linux HiddenCHRP ISO-9660FreeDOS Hidden FAT32BSD
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "VMWare-disk oppdagelse"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Server Standard without Hyper-V (Core)
Source: Ruf6434.tmp.0.drBinary or memory string: VMWare"
Source: Ruf6434.tmp.0.drBinary or memory string: VMWare
Source: rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AC3000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWs\
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "Otkrivanje VMware diska"
Source: Ruf6434.tmp.0.drBinary or memory string: enje VMWare diska"
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "VMWare disko aptikimas"
Source: Ruf6434.tmp.0.drBinary or memory string: t MSG_265 "Noteikts VMWare disks"
Source: rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMware VMFS Partition
Source: C:\Users\user\Desktop\rufus-4.5p.exeProcess token adjusted: DebugJump to behavior
Source: rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager,3
Source: C:\Users\user\Desktop\rufus-4.5p.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Source: C:\Users\user\Desktop\rufus-4.5p.exeFile written: C:\Windows\System32\GroupPolicy\gpt.iniJump to behavior
Source: C:\Windows\System32\vdsldr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\vdsldr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure11
Replication Through Removable Media		1
Windows Management Instrumentation		1
LSASS Driver		2
Process Injection		11
Masquerading		OS Credential Dumping1
Query Registry		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
LSASS Driver		1
Disable or Modify Tools		LSASS Memory11
Security Software Discovery		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		2
Process Injection		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
Peripheral Device Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
Software Packing		LSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials2
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1514140 Sample: rufus-4.5p.exe Startdate: 19/09/2024 Architecture: WINDOWS Score: 36 21 rufus.ie 2->21 23 objects.githubusercontent.com 2->23 25 github.com 2->25 6 rufus-4.5p.exe 1 27 2->6         started        11 vdsldr.exe 2->11         started        13 vds.exe 2->13         started        15 vds.exe 2->15         started        process3 dnsIp4 27 github.com 140.82.121.3, 443, 49735 GITHUBUS United States 6->27 29 objects.githubusercontent.com 185.199.108.133, 443, 49736 FASTLYUS Netherlands 6->29 31 rufus.ie 185.199.109.153, 443, 49734, 49743 FASTLYUS Netherlands 6->31 19 C:\Windows\System32behaviorgraphroupPolicy\gpt.ini, ASCII 6->19 dropped 33 Changes autostart functionality of drives 6->33 35 Modifies Group Policy settings 6->35 17 conhost.exe 11->17         started        file5 signatures6 process7

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
rufus-4.5p.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
https://github.com/pbatard/Fido/releases/download/v1.58/Fido.ps1.lzma0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
https://kolibrios.org/0%Avira URL Cloudsafe
https://www.gnu.org/software/grub0%Avira URL Cloudsafe
https://svn.reactos.org/reactos/trunk/reactos/dll/win32/fmifs0%Avira URL Cloudsafe
https://github.com/t0%Avira URL Cloudsafe
https://github.com/cupofocha0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#0%Avira URL Cloudsafe
https://systeminformer.sourceforge.io/0%Avira URL Cloudsafe
https://bit.ly/40qDtyF.0%Avira URL Cloudsafe
https://tortoisesvn.net/0%Avira URL Cloudsafe
https://sectigo.com/CPS00%URL Reputationsafe
https://sourceforge.net/projects/smartmontools0%Avira URL Cloudsafe
https://gist.github.com/mattifestation/92e545bf1ee5b68eeb71d254cec2f78e0%Avira URL Cloudsafe
https://github.com/weidai11/cryptopp/0%Avira URL Cloudsafe
https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:0%Avira URL Cloudsafe
https://rufus.ieRufusRunning0%Avira URL Cloudsafe
https://rufus.ie/Fido.ver0%Avira URL Cloudsafe
https://www.gnupg.org/0%Avira URL Cloudsafe
https://www.reactos.org/0%Avira URL Cloudsafe
http://e2fsprogs.sourceforge.net/0%Avira URL Cloudsafe
http://s.symcbversal-r0%Avira URL Cloudsafe
https://rufus.ie/Rufus_win.verom/0%Avira URL Cloudsafe
https://rufus.ie//Rufus_win.ver.sig10%Avira URL Cloudsafe
https://github.com/kokke/tiny-regex-c0%Avira URL Cloudsafe
https://rufus.ie/co0%Avira URL Cloudsafe
http://halamix2.pl0%Avira URL Cloudsafe
https://rufus.ie/files0%Avira URL Cloudsafe
https://www.freedos.org/0%Avira URL Cloudsafe
https://rufus.ie//Rufus_win.ver.sig90%Avira URL Cloudsafe
https://axialis.com/0%Avira URL Cloudsafe
https://rufus.ie//Rufus_win.ver.sig0%Avira URL Cloudsafe
https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm64.exerelease_notes0%Avira URL Cloudsafe
https://github.com/pbatard/rufus/blob/master/res/loc/ChangeLog.txt0%Avira URL Cloudsafe
https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm64.exe0%Avira URL Cloudsafe
https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_x86.exedownload_url_arm0%Avira URL Cloudsafe
https://syslinux.org/0%Avira URL Cloudsafe
http://ocsp.sectigo.com0$0%Avira URL Cloudsafe
https://rufus.ie/Rufus_win_x64_10.ver0%Avira URL Cloudsafe
https://rufus.ie/Rufus_win_x64_10.0.ver0%Avira URL Cloudsafe
https://rufus.ie/Rufus_win.vers10%Avira URL Cloudsafe
https://objects.githubusercontent.com/github-production-release-asset-2e65be/165325376/d3a1af7d-a08b0%Avira URL Cloudsafe
https://github.com/u-boot/u-boot0%Avira URL Cloudsafe
http://freedos.sourceforge.net/freecom0%Avira URL Cloudsafe
https://rufus.ie/yl30%Avira URL Cloudsafe
https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm.exedownload_url_arm640%Avira URL Cloudsafe
https://github.com/libtom/libtomcrypt0%Avira URL Cloudsafe
https://goo.gl/QTobxX.0%Avira URL Cloudsafe
https://tortoisegit.org/0%Avira URL Cloudsafe
https://www.gnu.org/software/fdisk0%Avira URL Cloudsafe
https://md5.akeo.ie0%Avira URL Cloudsafe
https://svn.reactos.org/reactos/trunk0%Avira URL Cloudsafe
https://www.busybox.net/0%Avira URL Cloudsafe
https://winscp.net/0%Avira URL Cloudsafe
https://rufus.ie/filesGrub2%s0%Avira URL Cloudsafe
https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_x86.exe0%Avira URL Cloudsafe
https://rufus.ie).0%Avira URL Cloudsafe
https://www.gnu.org/licenses/gpl-3.0.htmlD0%Avira URL Cloudsafe
https://rufus.ie/Fido.verb0%Avira URL Cloudsafe
https://github.com/pbatard/AmiNtfsBug.0%Avira URL Cloudsafe
https://github.com/0%Avira URL Cloudsafe
https://github.com/pbatard/rufus/issues0%Avira URL Cloudsafe
http://ms-sys.sourceforge.net/0%Avira URL Cloudsafe
https://rufus.ie/Rufus_win.ver0%Avira URL Cloudsafe
https://github.com/SiderealArt0%Avira URL Cloudsafe
https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5.exe0%Avira URL Cloudsafe
https://rufus.ie/Rufus_win.verver0%Avira URL Cloudsafe
http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm0%Avira URL Cloudsafe
https://objects.githubusercontent.com/rk0%Avira URL Cloudsafe
https://github.com/pbatard/rufus/blob/m0%Avira URL Cloudsafe
https://d.symcb.0%Avira URL Cloudsafe
https://rufus.ie/Rufus_win.verU0%Avira URL Cloudsafe
https://rufus.ie/Rufus_win_x64.ver0%Avira URL Cloudsafe
https://rufus.ieopen321Failed0%Avira URL Cloudsafe
https://rufus.ie0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl00%Avira URL Cloudsafe
https://rufus.ie/CheckForBetashttps://rufus.ieUsing0%Avira URL Cloudsafe
https://rufus.ie/0%Avira URL Cloudsafe
https://www.gnu.org/software/wget0%Avira URL Cloudsafe
https://github.com/pbatard/rufus/wiki/FAQ#bsods-with-windows-to-go-drives-created-from-windows-10-180%Avira URL Cloudsafe
https://goo.gl/QTobxX.;0%Avira URL Cloudsafe
https://rufus.ie/Rufus_win_x64_10.vert0%Avira URL Cloudsafe
http://s.symcb0%Avira URL Cloudsafe
https://7-zip.org/openNOTICE:0%Avira URL Cloudsafe
https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm.exe0%Avira URL Cloudsafe
https://www.codeguru.com/forum/showthread.php?p=19519730%Avira URL Cloudsafe
https://github.com/pbatard/bled0%Avira URL Cloudsafe
https://rufus.ie/Rufus_win_x64_10.verr0%Avira URL Cloudsafe
https://rufus.ie/Rufus_win_x64_10.0.ver$0%Avira URL Cloudsafe
https://objects.githubusercontent.com/0%Avira URL Cloudsafe
https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5.exedownload_url_x860%Avira URL Cloudsafe
https://github.com/pbatard/uefi-ntfs.0%Avira URL Cloudsafe
https://github.com/pbatard/Fido0%Avira URL Cloudsafe
https://un.akeo.ie0%Avira URL Cloudsafe
https://github.com/chenall/grub4dos0%Avira URL Cloudsafe
https://github.com/Chocobo10%Avira URL Cloudsafe
https://7-zip.org/0%Avira URL Cloudsafe
http://fsf.org/0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
github.com
140.82.121.3
truefalse
    		unknown
    rufus.ie
    		185.199.109.153
    		truefalse
      		unknown
      objects.githubusercontent.com
      		185.199.108.133
      		truefalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://github.com/pbatard/Fido/releases/download/v1.58/Fido.ps1.lzmafalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Fido.verfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie//Rufus_win.ver.sigfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Rufus_win_x64_10.verfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Rufus_win_x64_10.0.verfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Rufus_win.verfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Rufus_win_x64.verfalse
        • Avira URL Cloud: safe
        		unknown
        NameSourceMaliciousAntivirus DetectionReputation
        https://tortoisesvn.net/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/trufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8994000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8994000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.gnu.org/software/grubrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0rufus-4.5p.exefalse
        • URL Reputation: safe
        		unknown
        https://systeminformer.sourceforge.io/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#rufus-4.5p.exefalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/cupofocharufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmp, Ruf6434.tmp.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://bit.ly/40qDtyF.rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://kolibrios.org/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://svn.reactos.org/reactos/trunk/reactos/dll/win32/fmifsrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://sourceforge.net/projects/smartmontoolsrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/weidai11/cryptopp/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://e2fsprogs.sourceforge.net/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.gnupg.org/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://gist.github.com/mattifestation/92e545bf1ee5b68eeb71d254cec2f78erufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://s.symcbversal-rrufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.reactos.org/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ieRufusRunningrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Rufus_win.verom/rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8994000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8994000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/kokke/tiny-regex-crufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://halamix2.plrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmp, Ruf6434.tmp.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie//Rufus_win.ver.sig1rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/filesrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/corufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8975000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8978000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie//Rufus_win.ver.sig9rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8975000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8978000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://axialis.com/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.freedos.org/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/rufus/blob/master/res/loc/ChangeLog.txtrufus-4.5p.exe, rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmp, rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619E93000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm64.exerelease_notesrufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://syslinux.org/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm64.exerufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmp, Rufus_win[1].ver.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        http://ocsp.sectigo.com0$rufus-4.5p.exefalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_x86.exedownload_url_armrufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Rufus_win.vers1rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8975000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://objects.githubusercontent.com/github-production-release-asset-2e65be/165325376/d3a1af7d-a08brufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B89BD000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/u-boot/u-bootrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/yl3rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AC3000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm.exedownload_url_arm64rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://freedos.sourceforge.net/freecomrufus-4.5p.exe, rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://goo.gl/QTobxX.rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/libtom/libtomcryptrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.gnu.org/software/fdiskrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://ocsp.sectigo.com0rufus-4.5p.exefalse
        • URL Reputation: safe
        		unknown
        https://md5.akeo.ierufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A159000.00000040.00000001.01000000.00000003.sdmp, rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A17F000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://svn.reactos.org/reactos/trunkrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.busybox.net/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://tortoisegit.org/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://winscp.net/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#rufus-4.5p.exefalse
        • URL Reputation: safe
        		unknown
        https://rufus.ie/filesGrub2%srufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_x86.exerufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmp, Rufus_win[1].ver.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie).rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A08A000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Fido.verbrufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AB1000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.gnu.org/licenses/gpl-3.0.htmlDrufus-4.5p.exefalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/rufus/issuesrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8994000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8994000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://ms-sys.sourceforge.net/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/AmiNtfsBug.rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A159000.00000040.00000001.01000000.00000003.sdmp, rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A17F000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/SiderealArtrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmp, Ruf6434.tmp.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5.exerufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56CF000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmp, Rufus_win[1].ver.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Rufus_win.ververrufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8975000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htmrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/rufus/blob/mrufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56C6000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://objects.githubusercontent.com/rkrufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AC3000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Rufus_win.verUrufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8975000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8978000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://d.symcb.rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ieopen321Failedrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0rufus-4.5p.exefalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/CheckForBetashttps://rufus.ieUsingrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B3AC3000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000003.2049014179.000001C5B8994000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmp, rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmp, rufus-4.5p.exe, 00000000.00000002.3049768240.000001C5B8994000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://sectigo.com/CPS0rufus-4.5p.exefalse
        • URL Reputation: safe
        		unknown
        https://rufus.ierufus-4.5p.exefalse
        • Avira URL Cloud: safe
        		unknown
        https://www.gnu.org/software/wgetrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/rufus/wiki/FAQ#bsods-with-windows-to-go-drives-created-from-windows-10-18rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://goo.gl/QTobxX.;rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://s.symcbrufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://7-zip.org/openNOTICE:rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/bledrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Rufus_win_x64_10.vertrufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm.exerufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmp, Rufus_win[1].ver.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Rufus_win_x64_10.verrrufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://rufus.ie/Rufus_win_x64_10.0.ver$rufus-4.5p.exe, 00000000.00000002.3049308580.000001C5B39F7000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://www.codeguru.com/forum/showthread.php?p=1951973rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5.exedownload_url_x86rufus-4.5p.exe, 00000000.00000002.3049572141.000001C5B56E5000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/uefi-ntfs.rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A08A000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://objects.githubusercontent.com/rufus-4.5p.exe, 00000000.00000003.2049102951.000001C5B3AC0000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/pbatard/Fidorufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/chenall/grub4dosrufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/Chocobo1rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619EAB000.00000040.00000001.01000000.00000003.sdmp, Ruf6434.tmp.0.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://un.akeo.ierufus-4.5p.exe, 00000000.00000002.3049940510.00007FF61A05E000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://fsf.org/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://7-zip.org/rufus-4.5p.exe, 00000000.00000002.3049940510.00007FF619D81000.00000040.00000001.01000000.00000003.sdmpfalse
        • Avira URL Cloud: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        185.199.108.133
        		objects.githubusercontent.comNetherlands
        		54113FASTLYUSfalse
        140.82.121.3
        		github.comUnited States
        		36459GITHUBUSfalse
        185.199.109.153
        		rufus.ieNetherlands
        		54113FASTLYUSfalse

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1514140
        Start date and time:2024-09-19 21:39:05 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 5m 7s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:12
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:rufus-4.5p.exe
        Detection:SUS
        Classification:sus36.spre.evad.winEXE@5/8@3/3
        EGA Information:Failed
        HCA Information:Failed
        Cookbook Comments:
        • Found application associated with file extension: .exe
        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtProtectVirtualMemory calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.
        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
        • VT rate limit hit for: rufus-4.5p.exe

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        185.199.108.133xmr_linux_amd64.elfGet hashmaliciousXmrigBrowse
          https://karankv02.github.io/netflix-clone/Get hashmaliciousHTMLPhisherBrowse
            SecuriteInfo.com.Win32.DropperX-gen.26059.13090.exeGet hashmaliciousXWormBrowse
              SecuriteInfo.com.Application.ProcessHacker.1.13346.5360.exeGet hashmaliciousUnknownBrowse
                SecuriteInfo.com.PossibleThreat.PALLAS.H.1088.12774.exeGet hashmaliciousUnknownBrowse
                  https://ranjitkumarmehta1.github.io/netflix/Get hashmaliciousHTMLPhisherBrowse
                    https://ascendtransportationllc665121.invisionapp.com/freehand/-4bO4Ia3X6Get hashmaliciousHtmlDropperBrowse
                      https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fkeyconserv.com%2Fskoda%2FWIA2PParYO43z1bgCVStAX12/ZHVjZXIua2FtZ2FuZ0BjbmVzc3QuZ291di5xYy5jYQ==Get hashmaliciousUnknownBrowse
                        https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bg%C2%ADloba%C2%ADlproc%C2%ADessi%C2%ADngne%C2%ADtwo%C2%ADrk.%E2%80%8Bne%C2%ADt%2Ffghd%2Fgfjfjfg%2FlZUdcjNeQOlJngwGts6Dr8m3/Y2hhZC5yYXNtdXNlbkB0aGVybW9zeXN0ZW1zLmNvbQ==Get hashmaliciousHTMLPhisher, Tycoon2FABrowse
                          file.exeGet hashmaliciousLummaCBrowse
                            140.82.121.36glRBXzk6i.exeGet hashmaliciousRedLineBrowse
                            • github.com/dyrka314/Balumba/releases/download/ver2/encrypted_ImpulseCrypt_5527713376.2.exe
                            firefox.lnkGet hashmaliciousCobaltStrikeBrowse
                            • github.com/john-xor/temp/blob/main/index.html?raw=true
                            0XzeMRyE1e.exeGet hashmaliciousAmadey, VidarBrowse
                            • github.com/neiqops/ajajaj/raw/main/file_22613.exe
                            MzRn1YNrbz.exeGet hashmaliciousVidarBrowse
                            • github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe
                            RfORrHIRNe.docGet hashmaliciousUnknownBrowse
                            • github.com/ssbb36/stv/raw/main/5.mp3
                            185.199.109.153http://mankey07.github.io/frontend-project-level-2Get hashmaliciousHTMLPhisherBrowse
                            • mankey07.github.io/frontend-project-level-2
                            http://thehrishabh.github.io/NETFLIX_CLONE.github.ioGet hashmaliciousHTMLPhisherBrowse
                            • thehrishabh.github.io/NETFLIX_CLONE.github.io
                            http://abhedanil.github.io/netflix/Get hashmaliciousHTMLPhisherBrowse
                            • abhedanil.github.io/netflix/
                            http://tasnimul1331.github.io/NetflixGet hashmaliciousHTMLPhisherBrowse
                            • tasnimul1331.github.io/Netflix
                            http://anikettiwari47.github.io/NetflixGet hashmaliciousHTMLPhisherBrowse
                            • anikettiwari47.github.io/Netflix
                            http://ravianl.github.io/Netflix_CloneGet hashmaliciousHTMLPhisherBrowse
                            • ravianl.github.io/Netflix_Clone
                            http://kardamrohit.github.io/netflix_cloneGet hashmaliciousHTMLPhisherBrowse
                            • kardamrohit.github.io/netflix_clone
                            http://l9sa.github.io/Get hashmaliciousUnknownBrowse
                            • l9sa.github.io/
                            http://strippie.github.io/netflix-homepage/Get hashmaliciousHTMLPhisherBrowse
                            • strippie.github.io/netflix-homepage/
                            http://code-web-dav.github.io/insta/Get hashmaliciousUnknownBrowse
                            • code-web-dav.github.io/insta/

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            github.comhttps://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exeGet hashmaliciousUnknownBrowse
                            • 140.82.121.4
                            VegaX.exeGet hashmaliciousUnknownBrowse
                            • 140.82.121.3
                            VegaX.exeGet hashmaliciousUnknownBrowse
                            • 140.82.121.3
                            xmr_linux_amd64.elfGet hashmaliciousXmrigBrowse
                            • 140.82.121.4
                            https://www.getcoloringpages.com/coloring/359Get hashmaliciousUnknownBrowse
                            • 140.82.121.3
                            SecuriteInfo.com.Win32.DropperX-gen.26059.13090.exeGet hashmaliciousXWormBrowse
                            • 140.82.121.3
                            objects.githubusercontent.comhttps://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exeGet hashmaliciousUnknownBrowse
                            • 185.199.111.133
                            xmr_linux_amd64.elfGet hashmaliciousXmrigBrowse
                            • 185.199.108.133
                            https://pancake.swap-web3.xyz/Get hashmaliciousUnknownBrowse
                            • 185.199.111.133
                            SecuriteInfo.com.Application.ProcessHacker.1.13346.5360.exeGet hashmaliciousUnknownBrowse
                            • 185.199.109.133
                            SecuriteInfo.com.Application.ProcessHacker.1.13346.5360.exeGet hashmaliciousUnknownBrowse
                            • 185.199.108.133
                            SecuriteInfo.com.PossibleThreat.PALLAS.H.1088.12774.exeGet hashmaliciousUnknownBrowse
                            • 185.199.108.133
                            SecuriteInfo.com.PossibleThreat.PALLAS.H.1088.12774.exeGet hashmaliciousUnknownBrowse
                            • 185.199.111.133
                            https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fkeyconserv.com%2Fskoda%2FWIA2PParYO43z1bgCVStAX12/ZHVjZXIua2FtZ2FuZ0BjbmVzc3QuZ291di5xYy5jYQ==Get hashmaliciousUnknownBrowse
                            • 185.199.109.133
                            https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Ffilmycurry.in%2Fskoda%2FBxs3IiLfKU2eWewQOro8W1Fa/dGVycmkucm9zYUByYXZlaXMuY29tGet hashmaliciousTycoon2FABrowse
                            • 185.199.109.133
                            https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fkeyconserv.com%2Fskoda%2Ff1mgxnH4u4JYtjrvS13irZ65/am9zZWUub3VlbGxldEBjbmVzc3QuZ291di5xYy5jYQ==Get hashmaliciousHTMLPhisher, Tycoon2FABrowse
                            • 185.199.109.133
                            rufus.ierufus-4.2p.exeGet hashmaliciousMars Stealer, VidarBrowse
                            • 185.199.111.153
                            https://github.com/pbatard/rufus/releases/download/v4.2/rufus-4.2.exeGet hashmaliciousUnknownBrowse
                            • 185.199.108.153
                            rufus-3.21.exeGet hashmaliciousUnknownBrowse
                            • 185.199.108.153
                            JmNRLZENol.exeGet hashmaliciousUnknownBrowse
                            • 185.199.108.153
                            rufus-3.17.exeGet hashmaliciousUnknownBrowse
                            • 185.199.110.153
                            rufus-3.17.exeGet hashmaliciousUnknownBrowse
                            • 185.199.110.153
                            007EE67C4BEC255A19AB2B6FA0F159E9D9636C74DDE34.exeGet hashmaliciousUnknownBrowse
                            • 185.199.111.153
                            5nLytf7KIw.exeGet hashmaliciousCryptOneBrowse
                            • 185.199.108.153
                            0cvg6l32fb.exeGet hashmaliciousCryptOne MofksysBrowse
                            • 185.199.108.153
                            8DiQuiWN9p.exeGet hashmaliciousCryptOneBrowse
                            • 185.199.108.153

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            FASTLYUSMCRT Florida Construction, LLC Project Proposal.emlGet hashmaliciousUnknownBrowse
                            • 151.101.66.137
                            https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exeGet hashmaliciousUnknownBrowse
                            • 151.101.3.1
                            https://retinacaregroup-my.sharepoint.com/:f:/p/vcarkido/EkgNW8vJXJRPqC9Y8qfgVFMBDJ0EZ1tbaaz6P_gHMntnXA?e=SaQ7fDGet hashmaliciousHTMLPhisherBrowse
                            • 151.101.194.137
                            The Podor Law Firm -23749-24 .pdfGet hashmaliciousHTMLPhisherBrowse
                            • 151.101.65.44
                            https://tocgrp-my.sharepoint.com/:b:/p/sselekman/ESLJ3pMBg9JMukAFYoI0BT8BAOBP2BEpeS0FwJ5k5dpC-A?e=mw3f6sGet hashmaliciousUnknownBrowse
                            • 151.101.129.140
                            http://www.pro-pharma.co.ukGet hashmaliciousUnknownBrowse
                            • 151.101.2.137
                            https://videotelephony.pages.dev/zom-conference-meetting?x1=visadoscostarica@sanitas.es&dhbdkdjhkmfiuhfjGet hashmaliciousHTMLPhisherBrowse
                            • 151.101.2.132
                            https://rc.lpl-cloud.com/login?hash=F@llS%E2%82%AClE%C3%A7Ti0NR%E2%82%ACC0nn3%C3%A7TGet hashmaliciousUnknownBrowse
                            • 151.101.194.137
                            AX3-GUI-45.exeGet hashmaliciousUnknownBrowse
                            • 185.199.109.133
                            phish_alert_sp2_2.0.0.0 - 2024-09-19T093336.425.emlGet hashmaliciousHTMLPhisherBrowse
                            • 151.101.2.137
                            GITHUBUShttps://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exeGet hashmaliciousUnknownBrowse
                            • 140.82.121.4
                            VegaX.exeGet hashmaliciousUnknownBrowse
                            • 140.82.121.3
                            VegaX.exeGet hashmaliciousUnknownBrowse
                            • 140.82.121.3
                            https://kumarayoningithub.github.io/Netflix_CloneGet hashmaliciousHTMLPhisherBrowse
                            • 140.82.112.22
                            https://piyush-ally9.github.io/Netflix-CloneGet hashmaliciousHTMLPhisherBrowse
                            • 140.82.114.22
                            xmr_linux_amd64.elfGet hashmaliciousXmrigBrowse
                            • 140.82.121.4
                            https://www.getcoloringpages.com/coloring/359Get hashmaliciousUnknownBrowse
                            • 140.82.121.4
                            https://pancake.swap-web3.xyz/Get hashmaliciousUnknownBrowse
                            • 140.82.121.5
                            https://karankv02.github.io/netflix-clone/Get hashmaliciousHTMLPhisherBrowse
                            • 140.82.113.18
                            SecuriteInfo.com.Trojan.Siggen29.39642.1614.1457.exeGet hashmaliciousMicroClip, RedLine, XWormBrowse
                            • 140.82.121.3
                            FASTLYUSMCRT Florida Construction, LLC Project Proposal.emlGet hashmaliciousUnknownBrowse
                            • 151.101.66.137
                            https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exeGet hashmaliciousUnknownBrowse
                            • 151.101.3.1
                            https://retinacaregroup-my.sharepoint.com/:f:/p/vcarkido/EkgNW8vJXJRPqC9Y8qfgVFMBDJ0EZ1tbaaz6P_gHMntnXA?e=SaQ7fDGet hashmaliciousHTMLPhisherBrowse
                            • 151.101.194.137
                            The Podor Law Firm -23749-24 .pdfGet hashmaliciousHTMLPhisherBrowse
                            • 151.101.65.44
                            https://tocgrp-my.sharepoint.com/:b:/p/sselekman/ESLJ3pMBg9JMukAFYoI0BT8BAOBP2BEpeS0FwJ5k5dpC-A?e=mw3f6sGet hashmaliciousUnknownBrowse
                            • 151.101.129.140
                            http://www.pro-pharma.co.ukGet hashmaliciousUnknownBrowse
                            • 151.101.2.137
                            https://videotelephony.pages.dev/zom-conference-meetting?x1=visadoscostarica@sanitas.es&dhbdkdjhkmfiuhfjGet hashmaliciousHTMLPhisherBrowse
                            • 151.101.2.132
                            https://rc.lpl-cloud.com/login?hash=F@llS%E2%82%AClE%C3%A7Ti0NR%E2%82%ACC0nn3%C3%A7TGet hashmaliciousUnknownBrowse
                            • 151.101.194.137
                            AX3-GUI-45.exeGet hashmaliciousUnknownBrowse
                            • 185.199.109.133
                            phish_alert_sp2_2.0.0.0 - 2024-09-19T093336.425.emlGet hashmaliciousHTMLPhisherBrowse
                            • 151.101.2.137

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            6271f898ce5be7dd52b0fc260d0662b34GX1F7u4bE.htmGet hashmaliciousUnknownBrowse
                            • 185.199.108.133
                            • 140.82.121.3
                            • 185.199.109.153
                            https://public-usa.mkt.dynamics.com/api/orgs/3cda89cf-3371-ef11-a66d-6045bd00323d/r/Awe2jkOtpUSaKWM0vylZzAEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fwww.andasuitescesme.com%252Fn%252F%253Fc3Y9bzM2NV8xX29uZSZyYW5kPVVtODFXak09JnVpZD1VU0VSMTgwOTIwMjRVMDgwOTE4MDQ%253DN0123N%255BEMAIL%255D%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%221%22%3Anull%7D%7D&digest=b%2B0UzUhCkggiEgVbhpaXFTsQ8kHc9NXq2O5Z617UkNE%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15eeGet hashmaliciousUnknownBrowse
                            • 185.199.108.133
                            • 140.82.121.3
                            • 185.199.109.153
                            http://www.wbdg.orgGet hashmaliciousUnknownBrowse
                            • 185.199.108.133
                            • 140.82.121.3
                            • 185.199.109.153
                            phish_alert_sp2_2.0.0.0 - 2024-09-19T093336.425.emlGet hashmaliciousHTMLPhisherBrowse
                            • 185.199.108.133
                            • 140.82.121.3
                            • 185.199.109.153
                            https://padlet.com/bethgabel/pdf-online-document-u6jnt0g20a7ursz9Get hashmaliciousUnknownBrowse
                            • 185.199.108.133
                            • 140.82.121.3
                            • 185.199.109.153
                            AT000005112563923.htmlGet hashmaliciousUnknownBrowse
                            • 185.199.108.133
                            • 140.82.121.3
                            • 185.199.109.153
                            ELECTRONIC RECEIPT_658776783.htmGet hashmaliciousUnknownBrowse
                            • 185.199.108.133
                            • 140.82.121.3
                            • 185.199.109.153
                            http://ankaraspotesya.comGet hashmaliciousUnknownBrowse
                            • 185.199.108.133
                            • 140.82.121.3
                            • 185.199.109.153
                            https://lookerstudio.google.com/s/kUeEbpcqsIgGet hashmaliciousHTMLPhisherBrowse
                            • 185.199.108.133
                            • 140.82.121.3
                            • 185.199.109.153
                            https://lookerstudio.google.com/s/kUeEbpcqsIgGet hashmaliciousUnknownBrowse
                            • 185.199.108.133
                            • 140.82.121.3
                            • 185.199.109.153

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Fido[1].ver

                            Download File
                            Process:C:\Users\user\Desktop\rufus-4.5p.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):75
                            Entropy (8bit):4.620773904707511
                            Encrypted:false
                            SSDEEP:3:zNeFEdlHgHMkCmI4z5v:U2sssI4z5v
                            MD5:9FDEA5E4418A46626D8BD9DFCCEB99CD
                            SHA1:4A38675E57EC85989696F5B3EE33CB3B5F291D6C
                            SHA-256:F5A9FD4F709876EE4F9F1C976E12FB1C45B68C7CB3F597905DD8FA580FE54767
                            SHA-512:1489BAF630B5C60EE795CE7DF2A00ADB41A8CC7E40E385F9000B3183265A9058411EE7D75210C42A7B5862BC5503B9CA2B7EA40484CAF579D8D9E1EADD7DBE79
                            Malicious:false
                            Reputation:low
                            Preview:z1 = https://github.com/pbatard/Fido/releases/download/v1.58/Fido.ps1.lzma.

                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Rufus_win.ver[1].sig

                            Download File
                            Process:C:\Users\user\Desktop\rufus-4.5p.exe
                            File Type:OpenPGP Secret Key
                            Category:dropped
                            Size (bytes):256
                            Entropy (8bit):7.207293152316841
                            Encrypted:false
                            SSDEEP:6:I3ZAgp/lYuF8y81zASbTUbuQEo2gE2e4+Gcu6A8HXM+:I3ZAuhKp1jbfCfe4gu6hn
                            MD5:2C85BF12103135E5B608A713AA2C588D
                            SHA1:23825A8B2EB8CF74CB2E40A2E859AC7629C5E898
                            SHA-256:12C0A821F3341D537672D5B8B3C144D5ADDC49597F5655A1447C9955FDF46F77
                            SHA-512:4578E734B9BBF5F0B8491A39761FD37D0D96B602A32964F1826E5545D86EC98246AD7C2AFBF96E13CD570C74F7670FE07ADC275534D7E78D348DE43BB5F8EDB6
                            Malicious:false
                            Reputation:low
                            Preview:..].P......\...Y...C...O.!.'w..I...U.C..(......^.|w%....A. ..4<jW.&......<;..h.#J..*.$.".'......_.C(O.O..)..q6.N....9.....Vp.L.'{.5!....M|..#.5B..o.@..*@8.._E$.i..x.J............j...W...3..9X6b.@M..\.`?tP..}E...m:.`V...!.l.D...9........._.>...8..

                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Rufus_win[1].ver

                            Download File
                            Process:C:\Users\user\Desktop\rufus-4.5p.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1789
                            Entropy (8bit):5.226518365619964
                            Encrypted:false
                            SSDEEP:48:q5MUCBnhIv0HMC+vDSuUf8HedoBuAUKBno:q5M1na/E8dUUno
                            MD5:B071392D8264070FF6E4CA0FA0FD06A6
                            SHA1:BCEB73EBF3CFFAF40441E9551C6D8A95DF9A0A83
                            SHA-256:7C1D2CFAF6CF893C186ABF59B21B63FD38C818267F179F36E90171F80C91641E
                            SHA-512:DD432E15D207816847F12A9C51315E1B6C02D3B77FB990873DF7435D7CC9C1D6AC04410B1754314B067EEF2AE3DA57272BDC08EF20964E440A1AEA25637117FC
                            Malicious:false
                            Reputation:low
                            Preview:version = 4.5.2180.platform_min = 6.2.download_url = https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5.exe.download_url_x86 = https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_x86.exe.download_url_arm = https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm.exe.download_url_arm64 = https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_arm64.exe.release_notes = {\rtf1\fbidis\ansi\ansicpg1252\deff0\deflang1024{\fonttbl{\f0\fnil\fcharset0 Courier New;}{\f1\fnil\fcharset0 Arial Unicode MS;}{\f2\fnil\fcharset2 Symbol;}}..\pard\ltrpar\sl276\slmult1\par\b\f0\fs22\lang9\tab Rufus 4.5 (2024.05.22)\b0\par\par..\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent0{\pntxtb\'B7}}\ltrpar\fi-360\li720\sl276\slmult1\fs16 Add new advanced option to perform runtime UEFI media validation of suitable images (Windows, most Linux)\par.{\pntext\f2\'B7\tab}Move the 'Use Rufus MBR' advanced option to a cheat mode (Alt-A)\par.{\pntext\f2\'B7\tab}Fix t

                            C:\Users\user\AppData\Local\Temp\Ruf6434.tmp

                            Download File
                            Process:C:\Users\user\Desktop\rufus-4.5p.exe
                            File Type:Unicode text, UTF-8 text, with very long lines (553), with CRLF line terminators
                            Category:dropped
                            Size (bytes):1156641
                            Entropy (8bit):6.378401062231127
                            Encrypted:false
                            SSDEEP:12288:Ks+3PHrtqzrk6JfFTNIun1/VvkWjr4h57weCoYSt7YYrPNUEdaHoFkiK73bYWRx9:KsHk6JrTPkQRejYSt7YY7NU2ZI8U
                            MD5:711B1476D716A52EEB5EE7565F612D0E
                            SHA1:E728FCF7AE2F0CBCF311F5D09F85F025EC91C2DD
                            SHA-256:B5C7B62A8281A940A479D8E6496710A7B96F45B406D10FB2E09C910FCE50949D
                            SHA-512:BBB632BCEB2198E8BAC202080A0EBF1A0DDD84A8DBA00406ACB54E7BCEA913A654A73BA2A9B4D415DE9FF32B58CF2BD94BDAB98719CD33273057C8074E4C81F0
                            Malicious:false
                            Preview:l "en-US" "English (English)" 0x0409, 0x0809, 0x0c09, 0x1009, 0x1409, 0x1809, 0x1c09, 0x2009, 0x2409, 0x2809, 0x2c09, 0x3009, 0x3409, 0x3809, 0x3c09, 0x4009, 0x4409, 0x4809..v 4.5..t MSG_001 "Other instance detected"..t MSG_002 "Another Rufus application is running.\n"..."Please close the first application before running another one."..t MSG_003 "WARNING: ALL DATA ON DEVICE '%s' WILL BE DESTROYED.\n"..."To continue with this operation, click OK. To quit click CANCEL."..t MSG_004 "Rufus update policy"..t MSG_005 "Do you want to allow Rufus to check for application updates online?"..t MSG_006 "Close"..t MSG_007 "Cancel"..t MSG_008 "Yes"..t MSG_009 "No"..t MSG_010 "Bad blocks found"..t MSG_011 "Check completed: %d bad block(s) found\n"..." %d read error(s)\n %d write error(s)\n %d corruption error(s)"..t MSG_012 "%s\nA more detailed report can be found in:\n%s"..t MSG_013 "Disabled"..t MSG_014 "Daily"..t MSG_015 "Weekly"..t MSG_016 "Monthly"..t MSG_017 "Custom"..t MSG_018 "Your version

                            C:\Users\user\Desktop\rufus.ini

                            Download File
                            Process:C:\Users\user\Desktop\rufus-4.5p.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):99
                            Entropy (8bit):4.826291029533976
                            Encrypted:false
                            SSDEEP:3:5HQAFoQ1Qajr0jXDJiFddV2rjqYZcRWvv:5Bnao0jlmdX2rjqBA
                            MD5:B44477EEB208B922D74A9D32A30D5C5B
                            SHA1:CCE4112B6B9EBC40035B9986C6DF9C208169741F
                            SHA-256:05CB1BB2FAB46CE9875ACD77D659CEA94772423E488A7CADCD5F3CE6F4E079D7
                            SHA-512:FD5CA03476EA75A75759DDC2441C30C3B9CA4B7F862AFC12D568CAE9ADB9A62DC8754B671719F2E3532E211A776B06FC520B46B21D0697CFAC9D0A0457B9F983
                            Malicious:false
                            Preview:Locale = en-US..CommCheck64 = 5465843..UpdateCheckInterval = 86400..LastUpdateCheck = 13371248433..

                            C:\Users\user\Desktop\rufus.ini~

                            Download File
                            Process:C:\Users\user\Desktop\rufus-4.5p.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):99
                            Entropy (8bit):4.826291029533976
                            Encrypted:false
                            SSDEEP:3:5HQAFoQ1Qajr0jXDJiFddV2rjqYZcRWvv:5Bnao0jlmdX2rjqBA
                            MD5:B44477EEB208B922D74A9D32A30D5C5B
                            SHA1:CCE4112B6B9EBC40035B9986C6DF9C208169741F
                            SHA-256:05CB1BB2FAB46CE9875ACD77D659CEA94772423E488A7CADCD5F3CE6F4E079D7
                            SHA-512:FD5CA03476EA75A75759DDC2441C30C3B9CA4B7F862AFC12D568CAE9ADB9A62DC8754B671719F2E3532E211A776B06FC520B46B21D0697CFAC9D0A0457B9F983
                            Malicious:false
                            Preview:Locale = en-US..CommCheck64 = 5465843..UpdateCheckInterval = 86400..LastUpdateCheck = 13371248433..

                            C:\Windows\System32\GroupPolicy\Machine\Registry.pol

                            Download File
                            Process:C:\Users\user\Desktop\rufus-4.5p.exe
                            File Type:RAGE Package Format (RPF),
                            Category:dropped
                            Size (bytes):190
                            Entropy (8bit):3.2791226694111044
                            Encrypted:false
                            SSDEEP:3:CFlE3A5loWcNylRjlyWdl+Sli5lm+1XMRpvLZOal7EQlXYlWj0zG+EX8e7lll6zf:CFlEEoWcHWn+SkirHNblPl4Wj0S+fehW
                            MD5:3679852D86D944EB0A0C1A29DC85E623
                            SHA1:C8D898775714206A49355D1D7538E42F7235E2D9
                            SHA-256:0372CB9877228AC59386A962D2E49B51F671E546A7BA112D43D6B2B15165AA7F
                            SHA-512:6DA335F7F330DD75FED52BAB9A67442BF37AF876026B4C218F00F0264F068CBC865144546F3CFDFCE675DFDB3F2DABEBF55F6468A958AAF12E0396F22004EBD2
                            Malicious:false
                            Preview:PReg....[.S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.C.u.r.r.e.n.t.V.e.r.s.i.o.n.\.P.o.l.i.c.i.e.s.\.E.x.p.l.o.r.e.r...;.N.o.D.r.i.v.e.T.y.p.e.A.u.t.o.r.u.n...;.....;.....;.....].

                            C:\Windows\System32\GroupPolicy\gpt.ini

                            Download File
                            Process:C:\Users\user\Desktop\rufus-4.5p.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):127
                            Entropy (8bit):5.090003435843543
                            Encrypted:false
                            SSDEEP:3:1ELGUAgKLMzY+eWgTckbnnkBfERvI3eovzFLsUov:1WsMzYHxbnKv3eoIv
                            MD5:F9A49A3E2415016FA85DDFF0B8B38419
                            SHA1:F8C987119269E58D22A6B17AE2E8ECA7744FB385
                            SHA-256:14694DBEE3897B6BD5AA596EBFD893E727179B67811920C174DC70E6EEE8E579
                            SHA-512:91EA129A51D2C3B342287C1250F5B0DA6BA2A61EFF11791D1CFAE1F5C6DD2654C935BE1452F4A681E794FD723A3C295E9BC9E59B9005AA4D8BD55ED36C9AD91C
                            Malicious:true
                            Preview:[General]..gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{3D271CFC-2BC6-4AC2-B633-3BDFF5BDAB2A}]..Version=1..

                            Static File Info

                            General

                            File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                            Entropy (8bit):7.9740529188795115
                            TrID:
                            • UPX compressed Win32 Executable (30571/9) 65.62%
                            • Win64 Executable (generic) (12005/4) 25.77%
                            • Generic Win/DOS Executable (2004/3) 4.30%
                            • DOS Executable Generic (2002/1) 4.30%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.02%
                            File name:rufus-4.5p.exe
                            File size:1'513'032 bytes
                            MD5:129e5bbf63d8299d027186eafe92754a
                            SHA1:c50bd94af6af186edc536ec6ff83bdd233586618
                            SHA256:c6e6cdba209f899e5087f1a1a4babc759414b4a687b60ba4bce62b6b37e8e82b
                            SHA512:a87a4b44ec3ce37a0da546a805f688bd3a68b52d662a294b8193717f383938f99fa68e50dddf9f012aad7b51e98fd017f6b757ca15332d79a2bb6b882c379a05
                            SSDEEP:24576:K9+dyknYGIOeicfIgMFbnMt0t6Hmx5N2MJJMex8R00nea7jNqeveiWRKreZMIlEE:K9+dpYGD6HeMet6HmjZMD6KeChVW5ZDB
                            TLSH:486533623E61C984D07B527646C99F583DD0B40BAF10793A649AFD2F2F7A3E9AD034C4
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....Mf...............*.P........*..+A...*....@..............................A...........`... ............................

                            File Icon

                            Icon Hash:3afd6633914d2601

                            Static PE Info

                            General

                            Entrypoint:0x140412bc0
                            Entrypoint Section:UPX1
                            Digitally signed:true
                            Imagebase:0x140000000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                            Time Stamp:0x664DD1B3 [Wed May 22 11:06:27 2024 UTC]
                            TLS Callbacks:0x404137ae, 0x1
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:daa01a2e7e70ef8b3ed0f442eacb2f8a

                            Authenticode Signature

                            Signature Valid:true
                            Signature Issuer:CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB
                            Signature Validation Error:The operation completed successfully
                            Error Number:0
                            Not Before, Not After
                            • 29/09/2021 01:00:00 29/09/2024 00:59:59
                            Subject Chain
                            • CN=Akeo Consulting, O=Akeo Consulting, S=Donegal, C=IE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IE, SERIALNUMBER=407950
                            Version:3
                            Thumbprint MD5:5C82B2D08EFE6EE0794B52D4309C5F37
                            Thumbprint SHA-1:3DBC3A2A0E9CE8803B422CFDBC60ACD33164965D
                            Thumbprint SHA-256:60E992275CC7503A3EBA5D391DB8AEAAAB001402D49AEA3F7F5DA3706DF97327
                            Serial:00BFB15001BBF592D4962A7797EA736FA3
                            Instruction
                            push ebx
                            push esi
                            push edi
                            push ebp
                            dec eax
                            lea esi, dword ptr [FFE9C45Ah]
                            dec eax
                            lea edi, dword ptr [esi-002AE025h]
                            push edi
                            mov eax, 00410835h
                            push eax
                            dec eax
                            mov ecx, esp
                            dec eax
                            mov edx, edi
                            dec eax
                            mov edi, esi
                            mov esi, 00163B91h
                            push ebp
                            dec eax
                            mov ebp, esp
                            inc esp
                            mov ecx, dword ptr [ecx]
                            dec ecx
                            mov eax, edx
                            dec eax
                            mov edx, esi
                            dec eax
                            lea esi, dword ptr [edi+02h]
                            push esi
                            mov al, byte ptr [edi]
                            dec edx
                            mov cl, al
                            and al, 07h
                            shr cl, 00000003h
                            dec eax
                            mov ebx, FFFFFD00h
                            dec eax
                            shl ebx, cl
                            mov cl, al
                            dec eax
                            lea ebx, dword ptr [esp+ebx*2-00000E78h]
                            dec eax
                            and ebx, FFFFFFC0h
                            push 00000000h
                            dec eax
                            cmp esp, ebx
                            jne 00007FCFBD85B30Bh
                            push ebx
                            dec eax
                            lea edi, dword ptr [ebx+08h]
                            mov cl, byte ptr [esi-01h]
                            dec edx
                            mov byte ptr [edi+02h], al
                            mov al, cl
                            shr cl, 00000004h
                            mov byte ptr [edi+01h], cl
                            and al, 0Fh
                            mov byte ptr [edi], al
                            dec eax
                            lea ecx, dword ptr [edi-04h]
                            push eax
                            inc ecx
                            push edi
                            dec eax
                            lea eax, dword ptr [edi+04h]
                            inc ebp
                            xor edi, edi
                            inc ecx
                            push esi
                            inc ecx
                            mov esi, 00000001h
                            inc ecx
                            push ebp
                            inc ebp
                            xor ebp, ebp
                            inc ecx
                            push esp
                            push ebp
                            push ebx
                            dec eax
                            sub esp, 48h
                            dec eax
                            mov dword ptr [esp+38h], ecx
                            dec eax
                            mov dword ptr [esp+20h], eax
                            mov eax, 00000001h
                            dec eax
                            mov dword ptr [esp+40h], esi
                            dec esp
                            mov dword ptr [esp+30h], eax
                            mov ebx, eax
                            inc esp
                            mov dword ptr [esp+2Ch], ecx
                            movzx ecx, byte ptr [edi+02h]
                            shl ebx, cl
                            mov ecx, ebx
                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x41e2800x2f0.rsrc
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x4140000xa280.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0xc50000x4ae8UPX0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x16f2000x2448UPX0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x41e5700x14.rsrc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x4137d80x28UPX1
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            UPX00x10000x2ae0000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            UPX10x2af0000x1650000x164a0036eb7de651b1ee13e1b43bd25e4d985fFalse0.9991962955660708data7.9998330445329255IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .rsrc0x4140000xb0000xa6000433748c51d4372b575f0fd057dc0508False0.2955101656626506data3.957270385090728IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            NameRVASizeTypeLanguageCountryZLIB Complexity
                            RT_ICON0x414f740x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.24385923476617855
                            RT_ICON0x4191a00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.30145228215767633
                            RT_ICON0x41b74c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.3468574108818011
                            RT_ICON0x41c7f80x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.42131147540983604
                            RT_ICON0x41d1840x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.5150709219858156
                            RT_DIALOG0x12b5d80x952empty0
                            RT_DIALOG0x12bf300x13cempty0
                            RT_DIALOG0x12c0700x1d6empty0
                            RT_DIALOG0x12c2480x514empty0
                            RT_DIALOG0x12c7600xacempty0
                            RT_DIALOG0x12c8100xeaempty0
                            RT_DIALOG0x12c9000x252empty0
                            RT_DIALOG0x12cb580x330empty0
                            RT_DIALOG0x12ce880x1b0empty0
                            RT_DIALOG0x12d0380x3e2empty0
                            RT_RCDATA0x12d4200x26aempty0
                            RT_RCDATA0x12d6900x1a5empty0
                            RT_RCDATA0x12d8380xcfempty0
                            RT_RCDATA0x12d9080x15fempty0
                            RT_RCDATA0x12da680xbfempty0
                            RT_RCDATA0x12db280x1f6empty0
                            RT_RCDATA0x12dd200x33bempty0
                            RT_RCDATA0x12e0600x1f0empty0
                            RT_RCDATA0x12e2500x181empty0
                            RT_RCDATA0x12e3d80x205empty0
                            RT_RCDATA0x12e5e00x154empty0
                            RT_RCDATA0x12e7380x279empty0
                            RT_RCDATA0x12e9b80x430empty0
                            RT_RCDATA0x12ede80x2dcempty0
                            RT_RCDATA0x12f0c80x120empty0
                            RT_RCDATA0x12f1e80x16dempty0
                            RT_RCDATA0x12f3580x10dempty0
                            RT_RCDATA0x12f4680x366empty0
                            RT_RCDATA0x12f7d00x14de8empty0
                            RT_RCDATA0x1445b80xb4b0empty0
                            RT_RCDATA0x14fa680xe49empty0
                            RT_RCDATA0x1508b80x2cb6empty0
                            RT_RCDATA0x1535700x3f74empty0
                            RT_RCDATA0x1574e80x9da8empty0
                            RT_RCDATA0x1612900x7436empty0
                            RT_RCDATA0x1686c80x7db2empty0
                            RT_RCDATA0x1704800x3331empty0
                            RT_RCDATA0x1737b80x1940empty0
                            RT_RCDATA0x1750f80x1b93empty0
                            RT_RCDATA0x176c900x155dempty0
                            RT_RCDATA0x1781f00x114fempty0
                            RT_RCDATA0x1793400x1c31empty0
                            RT_RCDATA0x17af780x1cf1empty0
                            RT_RCDATA0x17cc700x150bempty0
                            RT_RCDATA0x17e1800x1b3dempty0
                            RT_RCDATA0x17fcc00x1699empty0
                            RT_RCDATA0x1813600x15a7empty0
                            RT_RCDATA0x1829080x1c3cempty0
                            RT_RCDATA0x1845480x1fb7empty0
                            RT_RCDATA0x1865000x1889empty0
                            RT_RCDATA0x187d900x1e4eempty0
                            RT_RCDATA0x189be00x193aempty0
                            RT_RCDATA0x18b5200x1e71empty0
                            RT_RCDATA0x18d3980x22e1empty0
                            RT_RCDATA0x18f6800x1426empty0
                            RT_RCDATA0x190aa80x200empty0
                            RT_RCDATA0x190ca80x8e88empty0
                            RT_RCDATA0x199b300x200empty0
                            RT_RCDATA0x199d300x10a19empty0
                            RT_RCDATA0x1aa7500x855cempty0
                            RT_RCDATA0x1b2cb00x2000empty0
                            RT_RCDATA0x1b4cb00x9c88empty0
                            RT_RCDATA0x1be9380x4f1empty0
                            RT_RCDATA0x1bee300x11a621empty0
                            RT_RCDATA0x2d94580x800data1.00537109375
                            RT_RCDATA0x2d9c580x100000DOS executable (COM)1.0003108978271484
                            RT_RCDATA0x3d9c580xa100data1.0005095108695652
                            RT_RCDATA0x3e3d580x9f50data1.000514907806983
                            RT_RCDATA0x3edca80x6a40OpenPGP Public Key1.0005882352941176
                            RT_RCDATA0x3f46e80xd5f8data1.000474660435227
                            RT_RCDATA0x401ce00x9240data1.0005608974358975
                            RT_GROUP_ICON0x41d5f00x4cdata0.8026315789473685
                            RT_VERSION0x41d6400x37cdata0.48878923766816146
                            RT_MANIFEST0x41d9c00x8beXML 1.0 document, ASCII text, with CRLF line terminators0.40125111706881145
                            DLLImport
                            ADVAPI32.dllFreeSid
                            COMCTL32.dllImageList_Create
                            CRYPT32.dllCryptMsgClose
                            GDI32.dllLineTo
                            KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                            msvcrt.dllatoi
                            ole32.dllCoCreateGuid
                            SETUPAPI.dllCM_Get_Child
                            SHELL32.dllShellExecuteA
                            SHLWAPI.dllStrStrIA
                            USER32.dllGetDC

                            Network Behavior

                            Download Network PCAP: filteredfull

                            Network Port Distribution

                            • Total Packets: 110
                            • 443 (HTTPS)
                            • 53 (DNS)
                            TimestampSource PortDest PortSource IPDest IP
                            Sep 19, 2024 21:40:15.583173990 CEST49734443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:15.583225965 CEST44349734185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:15.583302975 CEST49734443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:15.624720097 CEST49734443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:15.624753952 CEST44349734185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:16.142241955 CEST44349734185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:16.142358065 CEST49734443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:16.179455996 CEST49734443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:16.179491043 CEST44349734185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:16.179852009 CEST44349734185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:16.179939985 CEST49734443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:16.181262970 CEST49734443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:16.223409891 CEST44349734185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:16.298151970 CEST44349734185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:16.298243046 CEST44349734185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:16.298259020 CEST49734443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:16.298322916 CEST49734443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:16.300990105 CEST49734443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:16.301032066 CEST44349734185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:16.317382097 CEST49735443192.168.2.4140.82.121.3
                            Sep 19, 2024 21:40:16.317418098 CEST44349735140.82.121.3192.168.2.4
                            Sep 19, 2024 21:40:16.317503929 CEST49735443192.168.2.4140.82.121.3
                            Sep 19, 2024 21:40:16.317780972 CEST49735443192.168.2.4140.82.121.3
                            Sep 19, 2024 21:40:16.317799091 CEST44349735140.82.121.3192.168.2.4
                            Sep 19, 2024 21:40:16.952749968 CEST44349735140.82.121.3192.168.2.4
                            Sep 19, 2024 21:40:16.952862024 CEST49735443192.168.2.4140.82.121.3
                            Sep 19, 2024 21:40:16.961457968 CEST49735443192.168.2.4140.82.121.3
                            Sep 19, 2024 21:40:16.961487055 CEST44349735140.82.121.3192.168.2.4
                            Sep 19, 2024 21:40:16.961730957 CEST44349735140.82.121.3192.168.2.4
                            Sep 19, 2024 21:40:16.961796045 CEST49735443192.168.2.4140.82.121.3
                            Sep 19, 2024 21:40:16.962353945 CEST49735443192.168.2.4140.82.121.3
                            Sep 19, 2024 21:40:17.007406950 CEST44349735140.82.121.3192.168.2.4
                            Sep 19, 2024 21:40:17.216586113 CEST44349735140.82.121.3192.168.2.4
                            Sep 19, 2024 21:40:17.216777086 CEST44349735140.82.121.3192.168.2.4
                            Sep 19, 2024 21:40:17.216811895 CEST44349735140.82.121.3192.168.2.4
                            Sep 19, 2024 21:40:17.216999054 CEST49735443192.168.2.4140.82.121.3
                            Sep 19, 2024 21:40:17.217056990 CEST49735443192.168.2.4140.82.121.3
                            Sep 19, 2024 21:40:17.219979048 CEST49735443192.168.2.4140.82.121.3
                            Sep 19, 2024 21:40:17.220031023 CEST44349735140.82.121.3192.168.2.4
                            Sep 19, 2024 21:40:17.230606079 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.230707884 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.230832100 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.231149912 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.231182098 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.703593016 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.703744888 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.782263041 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.782299995 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.782664061 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.782723904 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.783178091 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.827413082 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.920698881 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.920766115 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.920789003 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.920813084 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.920841932 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.920857906 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.920886993 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.920892000 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.920931101 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.920943022 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.920993090 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.921040058 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.921092987 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.921125889 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.921178102 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.921217918 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.921267033 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.921302080 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.921371937 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.921390057 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.921444893 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.926120043 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.926233053 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.927898884 CEST44349736185.199.108.133192.168.2.4
                            Sep 19, 2024 21:40:17.927964926 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.928920984 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:17.928955078 CEST49736443192.168.2.4185.199.108.133
                            Sep 19, 2024 21:40:31.316077948 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.316121101 CEST44349743185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.316250086 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.316570997 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.316587925 CEST44349743185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.791219950 CEST44349743185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.793176889 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.794089079 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.794101000 CEST44349743185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.794332027 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.794337034 CEST44349743185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.904263973 CEST44349743185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.904434919 CEST44349743185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.904517889 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.904527903 CEST44349743185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.904557943 CEST44349743185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.904584885 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.904603958 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.904644966 CEST44349743185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.904699087 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.904722929 CEST44349743185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.904772997 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.904804945 CEST44349743185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.904850960 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.904876947 CEST44349743185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.904925108 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.904983997 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.905026913 CEST49743443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.905870914 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.905901909 CEST44349744185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:31.905987978 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.906275034 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:31.906294107 CEST44349744185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:32.398544073 CEST44349744185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:32.398649931 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.400873899 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.400903940 CEST44349744185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:32.401155949 CEST44349744185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:32.401529074 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.401812077 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.443396091 CEST44349744185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:32.518130064 CEST44349744185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:32.518188953 CEST44349744185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:32.518222094 CEST44349744185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:32.518258095 CEST44349744185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:32.518260002 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.518280983 CEST44349744185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:32.518331051 CEST44349744185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:32.518410921 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.518410921 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.518410921 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.518410921 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.518755913 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.518793106 CEST49744443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.519416094 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.519464016 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:32.521513939 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.521706104 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:32.521718025 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.016427994 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.016521931 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.025346994 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.025358915 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.025615931 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.025682926 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.026094913 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.067394972 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.146823883 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.146866083 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.146888018 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.146898031 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.146908045 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.146918058 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.146949053 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.146956921 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.146966934 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.146991014 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.147011995 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.147043943 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.147048950 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.147088051 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.147607088 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.147635937 CEST44349745185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.147640944 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.147703886 CEST49745443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.148472071 CEST49746443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.148495913 CEST44349746185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.148569107 CEST49746443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.148812056 CEST49746443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.148821115 CEST44349746185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.613301992 CEST44349746185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.613419056 CEST49746443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.834326029 CEST49746443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.834350109 CEST44349746185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.834645033 CEST44349746185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.834698915 CEST49746443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.835510969 CEST49746443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.879396915 CEST44349746185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.946613073 CEST44349746185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.946804047 CEST44349746185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.946851015 CEST49746443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.946885109 CEST44349746185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.946913004 CEST49746443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.946933031 CEST49746443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:33.946943045 CEST44349746185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:33.947000980 CEST49746443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:34.026209116 CEST49746443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:34.026252031 CEST44349746185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:34.034401894 CEST49747443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:34.034470081 CEST44349747185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:34.034558058 CEST49747443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:34.035172939 CEST49747443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:34.035192013 CEST44349747185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:34.488785982 CEST44349747185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:34.489023924 CEST49747443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:34.489496946 CEST49747443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:34.489526033 CEST44349747185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:34.489715099 CEST49747443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:34.489727974 CEST44349747185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:34.600950003 CEST44349747185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:34.601185083 CEST44349747185.199.109.153192.168.2.4
                            Sep 19, 2024 21:40:34.601252079 CEST49747443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:34.601252079 CEST49747443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:34.602021933 CEST49747443192.168.2.4185.199.109.153
                            Sep 19, 2024 21:40:34.602061033 CEST44349747185.199.109.153192.168.2.4
                            TimestampSource PortDest PortSource IPDest IP
                            Sep 19, 2024 21:40:15.557502031 CEST6162453192.168.2.41.1.1.1
                            Sep 19, 2024 21:40:15.572628021 CEST53616241.1.1.1192.168.2.4
                            Sep 19, 2024 21:40:16.309087038 CEST6303053192.168.2.41.1.1.1
                            Sep 19, 2024 21:40:16.316718102 CEST53630301.1.1.1192.168.2.4
                            Sep 19, 2024 21:40:17.221163988 CEST6264653192.168.2.41.1.1.1
                            Sep 19, 2024 21:40:17.228712082 CEST53626461.1.1.1192.168.2.4
                            Sep 19, 2024 21:40:52.800947905 CEST5355516162.159.36.2192.168.2.4
                            Sep 19, 2024 21:40:53.294841051 CEST53607901.1.1.1192.168.2.4

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Sep 19, 2024 21:40:15.557502031 CEST192.168.2.41.1.1.10x6ee0Standard query (0)rufus.ieA (IP address)IN (0x0001)false
                            Sep 19, 2024 21:40:16.309087038 CEST192.168.2.41.1.1.10xe5b6Standard query (0)github.comA (IP address)IN (0x0001)false
                            Sep 19, 2024 21:40:17.221163988 CEST192.168.2.41.1.1.10xe3f4Standard query (0)objects.githubusercontent.comA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Sep 19, 2024 21:40:15.572628021 CEST1.1.1.1192.168.2.40x6ee0No error (0)rufus.ie185.199.109.153A (IP address)IN (0x0001)false
                            Sep 19, 2024 21:40:15.572628021 CEST1.1.1.1192.168.2.40x6ee0No error (0)rufus.ie185.199.111.153A (IP address)IN (0x0001)false
                            Sep 19, 2024 21:40:15.572628021 CEST1.1.1.1192.168.2.40x6ee0No error (0)rufus.ie185.199.108.153A (IP address)IN (0x0001)false
                            Sep 19, 2024 21:40:15.572628021 CEST1.1.1.1192.168.2.40x6ee0No error (0)rufus.ie185.199.110.153A (IP address)IN (0x0001)false
                            Sep 19, 2024 21:40:16.316718102 CEST1.1.1.1192.168.2.40xe5b6No error (0)github.com140.82.121.3A (IP address)IN (0x0001)false
                            Sep 19, 2024 21:40:17.228712082 CEST1.1.1.1192.168.2.40xe3f4No error (0)objects.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                            Sep 19, 2024 21:40:17.228712082 CEST1.1.1.1192.168.2.40xe3f4No error (0)objects.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                            Sep 19, 2024 21:40:17.228712082 CEST1.1.1.1192.168.2.40xe3f4No error (0)objects.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                            Sep 19, 2024 21:40:17.228712082 CEST1.1.1.1192.168.2.40xe3f4No error (0)objects.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • rufus.ie
                            • github.com
                            • objects.githubusercontent.com

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.449734185.199.109.1534436832C:\Users\user\Desktop\rufus-4.5p.exe
                            TimestampBytes transferredDirectionData
                            2024-09-19 19:40:16 UTC130OUTGET /Fido.ver HTTP/1.1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            User-Agent: Rufus/0.0.0 (Windows NT 10.0)
                            Host: rufus.ie
                            2024-09-19 19:40:16 UTC663INHTTP/1.1 200 OK
                            Connection: close
                            Content-Length: 75
                            Server: GitHub.com
                            Content-Type: application/octet-stream
                            x-origin-cache: HIT
                            Last-Modified: Wed, 21 Aug 2024 10:44:57 GMT
                            Access-Control-Allow-Origin: *
                            ETag: "66c5c529-4b"
                            expires: Thu, 19 Sep 2024 15:58:39 GMT
                            Cache-Control: max-age=600
                            x-proxy-cache: MISS
                            X-GitHub-Request-Id: 8216:16D2:10F85AB:12A7748:66EC47D7
                            Accept-Ranges: bytes
                            Age: 0
                            Date: Thu, 19 Sep 2024 19:40:16 GMT
                            Via: 1.1 varnish
                            X-Served-By: cache-ewr-kewr1740025-EWR
                            X-Cache: HIT
                            X-Cache-Hits: 0
                            X-Timer: S1726774816.239728,VS0,VE9
                            Vary: Accept-Encoding
                            X-Fastly-Request-ID: 48605efba12a648a3460e55e53df53d2f0521219
                            2024-09-19 19:40:16 UTC75INData Raw: 7a 31 20 3d 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 70 62 61 74 61 72 64 2f 46 69 64 6f 2f 72 65 6c 65 61 73 65 73 2f 64 6f 77 6e 6c 6f 61 64 2f 76 31 2e 35 38 2f 46 69 64 6f 2e 70 73 31 2e 6c 7a 6d 61 0a
                            Data Ascii: z1 = https://github.com/pbatard/Fido/releases/download/v1.58/Fido.ps1.lzma


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192.168.2.449735140.82.121.34436832C:\Users\user\Desktop\rufus-4.5p.exe
                            TimestampBytes transferredDirectionData
                            2024-09-19 19:40:16 UTC177OUTGET /pbatard/Fido/releases/download/v1.58/Fido.ps1.lzma HTTP/1.1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            User-Agent: Rufus/4.5.2180 (Windows NT 10.0)
                            Host: github.com
                            2024-09-19 19:40:17 UTC960INHTTP/1.1 302 Found
                            Server: GitHub.com
                            Date: Thu, 19 Sep 2024 19:39:09 GMT
                            Content-Type: text/html; charset=utf-8
                            Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                            Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/165325376/d3a1af7d-a08b-48d6-b9f2-2e91db7c6081?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240919%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240919T193909Z&X-Amz-Expires=300&X-Amz-Signature=62eb0856a00e5224e8a6c7249cda7af418181a0f86068dce0af18b66de0a34b5&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DFido.ps1.lzma&response-content-type=application%2Foctet-stream
                            Cache-Control: no-cache
                            Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                            X-Frame-Options: deny
                            X-Content-Type-Options: nosniff
                            X-XSS-Protection: 0
                            Referrer-Policy: no-referrer-when-downgrade
                            2024-09-19 19:40:17 UTC3476INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                            Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.449736185.199.108.1334436832C:\Users\user\Desktop\rufus-4.5p.exe
                            TimestampBytes transferredDirectionData
                            2024-09-19 19:40:17 UTC642OUTGET /github-production-release-asset-2e65be/165325376/d3a1af7d-a08b-48d6-b9f2-2e91db7c6081?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240919%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240919T193909Z&X-Amz-Expires=300&X-Amz-Signature=62eb0856a00e5224e8a6c7249cda7af418181a0f86068dce0af18b66de0a34b5&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DFido.ps1.lzma&response-content-type=application%2Foctet-stream HTTP/1.1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            User-Agent: Rufus/4.5.2180 (Windows NT 10.0)
                            Host: objects.githubusercontent.com
                            Connection: Keep-Alive
                            2024-09-19 19:40:17 UTC799INHTTP/1.1 200 OK
                            Connection: close
                            Content-Length: 18146
                            Content-Type: application/octet-stream
                            Last-Modified: Mon, 08 Jul 2024 11:36:20 GMT
                            ETag: "0x8DC9F423075D0B1"
                            Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                            x-ms-request-id: 74f15a3f-a01e-001c-0fb1-ddb335000000
                            x-ms-version: 2020-10-02
                            x-ms-creation-time: Mon, 08 Jul 2024 11:36:20 GMT
                            x-ms-lease-status: unlocked
                            x-ms-lease-state: available
                            x-ms-blob-type: BlockBlob
                            Content-Disposition: attachment; filename=Fido.ps1.lzma
                            x-ms-server-encrypted: true
                            Via: 1.1 varnish, 1.1 varnish
                            Fastly-Restarts: 1
                            Accept-Ranges: bytes
                            Age: 3508
                            Date: Thu, 19 Sep 2024 19:40:17 GMT
                            X-Served-By: cache-iad-kiad7000105-IAD, cache-ewr-kewr1740035-EWR
                            X-Cache: HIT, HIT
                            X-Cache-Hits: 52489, 0
                            X-Timer: S1726774818.833937,VS0,VE1
                            2024-09-19 19:40:17 UTC1378INData Raw: 5d 00 00 80 00 fb c6 00 00 00 00 00 00 00 77 ae d3 e2 1e e8 0e 38 6f 8a a2 08 28 f5 b0 aa 1e c8 2f be e8 f1 7c 6f 54 5f 05 da dd 84 4e 49 d0 0b bb 46 4b 68 14 0d e0 50 3c 2c 16 35 31 3c c6 07 7c 30 8b 28 39 d2 be 24 71 b9 e1 ee 4a 8c 71 fa a6 94 cd c1 fa 99 d7 48 c4 15 06 c0 de 18 e0 e2 78 c8 17 cf 90 3b 7e b6 54 bb 8d 78 e5 b7 c5 09 eb 57 a5 64 9d 1b b8 4b 0d a0 51 7c 40 c9 a3 ef 7d f5 ca ce 14 8a 46 fa e4 9f af 9e f7 33 35 72 a7 30 cc 60 a2 28 67 1f a7 26 41 35 c0 e3 44 f3 2d 93 b5 b1 37 ba 0b c0 84 ad 37 b5 6c c0 89 c5 2f f5 34 86 ef 0a 40 5e 42 f1 ae 1f b0 95 a0 e3 27 7a 61 46 d8 36 6b 71 d2 55 c8 57 39 c4 1d 28 c2 64 90 2a 0d 60 a2 d7 54 24 44 9a f3 7b 19 ce f3 45 46 51 03 87 76 1b cd 0c fd 58 f8 34 9c c1 d5 68 6a 5b e9 9d 49 ec e5 61 72 52 b5 d5 2e
                            Data Ascii: ]w8o(/|oT_NIFKhP<,51<|0(9$qJqHx;~TxWdKQ|@}F35r0`(g&A5D-77l/4@^B'zaF6kqUW9(d*`T$D{EFQvX4hj[IarR.
                            2024-09-19 19:40:17 UTC1378INData Raw: 9b 3b 1f 7a 40 17 25 20 14 da 1f 46 85 b8 5f d2 a4 98 94 e1 20 2a 30 64 60 6c ba 01 c2 93 c1 a5 9c 62 88 aa dc 93 32 b4 4d 36 dc a7 60 0d e9 b6 9a ab ac d1 00 9f 13 d3 cf 2a a6 fb a8 9f c1 17 85 4d 18 10 fb 6e b8 b5 87 be 34 0d 7c 5b a3 a2 86 eb eb 7c 22 9d 3a 85 99 30 c1 a4 92 ca af da a2 b8 cc 12 a8 d4 18 94 3c 69 3a 40 19 2a 52 fd 47 d6 7b b0 31 06 6d 47 c9 0b 27 01 b1 f2 10 e9 3f 17 e7 68 04 08 51 f8 c3 d8 15 2c fa 70 22 73 ed a9 ca bd ee 81 80 75 e8 dd bc c8 69 97 df 62 ee 6d 49 6a d4 44 fc 95 03 a0 22 7e bf a4 c3 25 47 27 5c 3d 66 3a 13 8c a4 aa cd 92 2f 65 e9 f0 ae 15 0e 65 ec cb 1d 7b 9a b4 b4 e5 89 27 0f bb 0c 90 8a bc c4 08 7c 0a 6e cf 75 c1 ac c5 e9 34 78 b6 61 6a e0 c3 a8 98 1e bd 8e 31 cf e9 57 1e e3 56 46 87 38 74 a4 05 63 5b 83 1e 89 64 3e
                            Data Ascii: ;z@% F_ *0d`lb2M6`*Mn4|[|":0<i:@*RG{1mG'?hQ,p"suibmIjD"~%G'\=f:/ee{'|nu4xaj1WVF8tc[d>
                            2024-09-19 19:40:17 UTC1378INData Raw: 58 f7 75 95 58 70 39 b7 c1 0e df 98 28 b5 b9 80 27 b8 01 3d 0a d6 0d 78 6d 64 34 5d 9e 7b e6 09 50 b9 9b 78 9c 5e 58 20 0f c0 bb a7 29 8e 88 10 54 45 63 c6 27 11 c1 2c 19 e4 4b 8d e9 8b 32 4d 46 b0 98 b6 b9 03 62 d5 c4 a9 d5 82 b7 39 5f f3 95 df c5 6c 65 b1 0c eb d1 cd 47 b7 e6 18 60 04 76 fa df b0 92 16 6c 26 26 1a dc a2 5b 59 be f6 d5 d3 fa 63 41 47 33 b0 ea b7 3f 0a 77 db e2 a7 89 5f 30 c7 92 76 6b 91 26 75 f4 39 6b 38 9e 00 85 a0 c3 9f 3c 8d b7 c2 ca 18 be de 94 a2 e5 35 08 e7 70 6c ca 14 25 5f a0 ff 59 52 76 75 18 2d ee 15 60 c3 3d f6 d9 8f ae c6 9c 14 91 e7 80 be 12 9a 29 16 11 71 68 6c 78 5d 1f 02 ad 3a e0 fb 2e 57 b5 3d 26 46 b2 4d 52 fd a6 ef eb 32 8f 4c 34 f1 92 db 8a cb 07 80 65 28 fb 85 b9 91 b6 a7 43 65 3b e7 48 af 3b 4b aa fc 7d 67 3b 2c f1
                            Data Ascii: XuXp9('=xmd4]{Px^X )TEc',K2MFb9_leG`vl&&[YcAG3?w_0vk&u9k8<5pl%_YRvu-`=)qhlx]:.W=&FMR2L4e(Ce;H;K}g;,
                            2024-09-19 19:40:17 UTC1378INData Raw: 21 cc 6b 5b 02 7a 74 61 b8 98 e6 1e 81 76 52 92 cb b8 9d 84 bd 3a 0c 0d ce 6d 44 fa 34 f3 c5 f0 6d 9e 40 93 4f fd 16 5b 59 9c be 87 96 70 4a 0b a1 52 c3 ae 2e c3 b6 de de 4b 39 67 ed 89 f6 e3 fc c1 1b a3 98 fe e6 f0 19 7d a1 a9 b4 d7 2f 94 f8 8a a9 d2 52 e6 b6 74 12 1d 17 bc c6 a3 37 4f a8 d0 1f 3e 87 e3 e7 b2 9d 96 ad 34 f0 e4 af 3a b2 08 71 5e 0e 36 8d dd 42 02 5a c5 ce 5f cc 56 fc 87 e9 75 07 31 7f 08 15 15 71 d6 41 7f 0e 5f d1 a6 29 a2 60 54 46 2b 5b 45 f0 62 76 3f 4b 85 19 52 9e 73 e9 d0 e1 7d ca 39 d7 96 20 c7 ce df 0e 3d 05 2f 19 9c 5c 58 6c f6 28 ce 93 49 43 a8 20 ab aa 9d e6 b7 d9 f9 b4 ed 15 5b 65 f3 ec 97 5e d0 47 24 9b e6 9a 04 09 b7 3b b5 8a 71 cd 99 bf 57 e2 cc e3 56 f2 09 51 3f f8 a6 7d 44 b5 92 93 62 83 1c 0e 26 09 e0 09 e5 b6 e5 ca 44 ca
                            Data Ascii: !k[ztavR:mD4m@O[YpJR.K9g}/Rt7O>4:q^6BZ_Vu1qA_)`TF+[Ebv?KRs}9 =/\Xl(IC [e^G$;qWVQ?}Db&D
                            2024-09-19 19:40:17 UTC1378INData Raw: 28 c0 2d d3 00 b7 51 56 98 bf bf b1 56 57 0b 20 45 44 70 9e e5 f6 45 2b ad 50 43 46 cf 75 99 67 82 af 43 b3 86 fb 36 8a b6 20 1b 3e 46 77 54 93 2c 6e 9b 8f 87 08 09 29 c9 6d ab e7 b9 da 0e 0e 60 6a 2c b9 e2 15 ff 84 ae b3 0d 27 ae d3 5f ba e7 b6 14 31 9c 15 8e c0 31 73 33 a6 e3 7e f3 9a e3 ab ff ad b7 2e cd ff 19 99 8d 9c 55 e1 9c f9 a6 33 8b a8 35 a2 32 7d 22 a7 a1 e6 fc b2 19 e9 e8 1a bb 4c 37 c0 d8 a6 32 cd fa 55 44 ae 4a f7 a1 58 e7 f9 32 de 53 31 5f d1 5e e9 a0 32 79 f1 9c a3 76 c0 0e f1 5a 85 7b 7b c7 b2 5d d2 ae d4 1f 30 1a 04 22 89 0a c5 34 5c 98 63 fa 68 c3 a6 25 8c 36 db f4 4d 29 5a 17 87 3c 9e 45 fd c3 7f 07 f5 a1 02 4c 04 1c 2c af 7d d9 88 8b cc e1 a6 30 9b 3d 23 17 25 2d b9 50 e0 86 b2 64 da 15 27 21 46 09 e6 52 78 ab 17 df 55 4d 46 68 db ff
                            Data Ascii: (-QVVW EDpE+PCFugC6 >FwT,n)m`j,'_11s3~.U352}"L72UDJX2S1_^2yvZ{{]0"4\ch%6M)Z<EL,}0=#%-Pd'!FRxUMFh
                            2024-09-19 19:40:17 UTC1378INData Raw: db 67 5a 6c 1b 70 42 c9 09 4d 0a 35 c6 2a fa e2 61 22 df 28 f8 00 af 0e 8d a2 cc a3 5e c8 5f 9d 0b 89 19 d2 de 92 6b d6 d3 3f 44 4a 3c b3 54 54 c1 1a 15 e0 48 fd ee d4 7c 91 45 ff 1a e1 41 e0 ac 3c 7c e3 2b 5d a5 3a cc 26 f2 9d 0d 6c cc fa e8 d1 1a 07 71 9b 0b 86 a0 3d f8 1b 9b 0c 4d fb 83 80 15 ee 38 1b eb 31 65 e7 52 d6 68 dd 46 d6 77 21 0b 64 19 6e d8 0a 47 3e bb b4 9a 8e 46 56 7e ed ec ad 08 4c fe c5 fc f0 8c ff aa ad da c9 58 e5 cb 48 0b b6 ad 5d d8 ff 5e cc 95 94 7c 25 47 ee 7d de eb 38 8b ce 0e c9 53 4e ef 40 89 a1 3c a4 28 05 4c 2f 3a f9 6c 27 b7 07 ea 16 92 b9 22 38 84 b9 77 91 f4 28 eb 22 3d 7c a7 27 05 8c 9a 4f 29 66 58 09 d9 6a 0a d8 64 6b 62 cb 3f cf 73 47 68 c5 86 7a e7 5c 14 40 4e 50 0e b6 ae 48 b0 41 7f af 85 5b 25 28 40 5a f5 b6 fc 42 35
                            Data Ascii: gZlpBM5*a"(^_k?DJ<TTH|EA<|+]:&lq=M81eRhFw!dnG>FV~LXH]^|%G}8SN@<(L/:l'"8w("=|'O)fXjdkb?sGhz\@NPHA[%(@ZB5
                            2024-09-19 19:40:17 UTC1378INData Raw: 59 8d 01 cd 17 03 3b 3b 61 4d 14 6b ed fd 32 9a fb a0 5a 0d 49 7f b0 ed 31 8c 01 23 9b 8c 6c 35 eb 89 51 26 06 50 c3 ae 36 37 ad e7 f9 89 32 b0 16 72 9e 81 21 0d ed 49 e6 51 e6 cc cf 78 74 cf d9 93 d6 d1 e1 f2 21 51 01 bd fe d8 ff f4 1d ec a0 37 70 0c a8 cf 36 56 f0 99 3e 28 8b 14 a7 81 89 f9 07 29 b9 b1 7b 82 dd 81 d2 8c 81 82 bf 3f 9a c6 45 4f 70 9a 0b 1d 50 e1 e2 84 f8 45 b8 26 08 b1 6d 49 4c 52 de 15 01 00 77 10 e5 a8 93 f6 a1 e1 4d 08 f1 ec d7 26 a3 96 8e 3a 0f 6a da e1 bc 49 62 63 13 b2 63 e3 d9 86 02 61 3f 70 3d 8c 6a 5d e4 f8 66 00 54 aa 29 ed 8b cd bc be 5d d9 79 25 4c a6 af 01 14 3f 92 ec fc 89 e5 01 37 64 a0 2a 73 c9 e5 85 f7 c9 6f eb 9b b9 fb 5f 75 ab 29 9a 65 a8 9b c9 62 f1 37 8c 39 38 5f 7d 65 96 c0 fe c0 5c 2a ab 7a c8 d7 25 61 86 c0 bb 64
                            Data Ascii: Y;;aMk2ZI1#l5Q&P672r!IQxt!Q7p6V>(){?EOpPE&mILRwM&:jIbcca?p=j]fT)]y%L?7d*so_u)eb798_}e\*z%ad
                            2024-09-19 19:40:17 UTC1378INData Raw: 49 42 01 f8 9e 4e b8 13 5d b7 35 1c 13 60 b2 be 4e cc a4 53 f2 b5 32 92 d9 c6 59 83 c3 8b c1 07 b4 55 a2 a9 fc 87 99 7d b4 07 1b 2e 9a e8 06 17 fd d3 db 2a f6 e5 b3 62 e9 bb 6a 43 ff cd 7a c3 c6 f2 62 64 34 1a 23 f3 c0 0c 8f a4 66 b4 2d de cd 88 ad fd 5f 2f e2 50 80 82 82 ff f3 a8 3d 46 4f 03 76 46 da 0a d6 f1 7e 8f 22 40 98 70 35 d8 99 51 7c 3f fa 70 44 3f af 41 eb 93 06 15 f6 6b 52 42 44 c4 17 76 17 5d 22 82 be c2 0d 35 bf 68 55 7c 7c ca b1 69 54 22 fa b6 e4 17 ae 0f 50 0d 48 fb 93 f2 ec 7a 63 40 a8 2c 62 ff 98 44 b5 10 34 c5 dd fa 39 a9 94 e3 72 98 63 8c f0 34 88 c5 1c 3c cc f5 76 cb 1d 97 7d 58 89 cd 8a bb bf d1 4f 41 90 9a d2 d6 7b 13 b6 04 1f 2a 56 6b 31 da 75 fe 70 11 27 62 05 b4 9f 9f 01 e3 6d ca 18 35 e7 7b 1b 0f d5 c2 47 d8 e7 95 6e 04 51 d4 c4
                            Data Ascii: IBN]5`NS2YU}.*bjCzbd4#f-_/P=FOvF~"@p5Q|?pD?AkRBDv]"5hU||iT"PHzc@,bD49rc4<v}XOA{*Vk1up'bm5{GnQ
                            2024-09-19 19:40:17 UTC1378INData Raw: 28 e4 c5 ce bc eb 90 d2 8d fc 62 5b c0 bc 99 59 67 1f 00 fd 46 b8 d0 3e 3a a6 f1 0c 7d 58 6a c9 e4 21 7d 68 40 67 18 a2 77 1d 54 87 3d 9d cd 1d f8 49 ea 9e 9a ed 80 5c e7 5d 37 54 9c 71 c6 40 30 ae 9f e2 2b 90 34 c4 e2 54 fa a4 b4 bb fa ae 3f 1f 82 24 25 8c 36 e6 1e c7 6c 0e ec 12 fb 01 9c 62 70 13 52 be 77 25 ef a9 65 28 46 8f 88 64 70 cc e7 ab ad 9f 36 e2 12 89 d7 df 83 18 a6 d5 eb 8b 79 fa 77 bf fd 3e 9b a1 1c a8 5f e4 42 dc 49 9e 3f 8e eb c7 ad 5f 9c c0 2e ad 99 f6 00 fc 31 47 8f da c0 cb b4 ea 23 54 3a 4b 67 ab 14 6c bc 53 79 26 7c 8d 00 a3 e9 85 a8 2e 0d a4 ba 42 43 e7 74 07 c4 51 d7 f5 8c fb 64 1d 2a bc 6e 96 df 35 f6 8b fb e2 b5 7a 4c 09 71 17 98 ec 84 16 81 99 fe b5 c2 c6 f0 62 19 d5 13 18 e1 94 5d 47 26 58 4d 4a 9b 44 07 11 f4 6e 62 79 47 4d 39
                            Data Ascii: (b[YgF>:}Xj!}h@gwT=I\]7Tq@0+4T?$%6lbpRw%e(Fdp6yw>_BI?_.1G#T:KglSy&|.BCtQd*n5zLqb]G&XMJDnbyGM9
                            2024-09-19 19:40:17 UTC1378INData Raw: 4b 38 ac 81 c7 5a d5 34 2e ea 2c 98 d8 a0 71 d0 47 2e a1 9e 26 16 7e 1d 08 10 0d 21 db e9 d5 c9 3c 91 11 06 86 87 ba 6b 6f 49 82 04 11 77 a5 47 0f 9d 68 57 c1 1b bc 54 6f 1b 6e 77 b9 0d 05 ab 3e d9 8f 55 29 bc 71 08 5b 29 34 74 37 c6 90 4c 11 b4 1a fd 18 3e ac b2 b5 8c 95 a8 6d 5c ea f4 c3 ac 80 cd 9e 4a 97 e6 6c 2e 67 72 76 91 df 5a a1 7a fc e2 52 47 62 4d 1c 6b 53 6c fd 2e 22 f9 d5 17 d0 ee 58 6b cd 01 7c 58 74 ab 33 a8 55 d8 41 50 67 8f d3 b2 6c b2 b3 3c 77 7f 72 57 88 41 a3 37 e4 33 b7 54 2b 70 50 c4 81 8c 5a 27 af c7 06 04 e2 86 7f 68 d1 b6 b2 76 be 64 64 d1 84 dd 62 91 5a 6f dd 63 52 ab ef fc 2d ac 5c fd 0b 7f c8 4f 5f ba 92 b1 46 ca c8 cd 0f 0e 1c 31 bc 71 af f7 4b ed ba b5 4f 1b 7b 85 66 b4 63 12 43 31 78 38 b5 2f 80 60 2f c2 43 da 93 dc 67 2c e7
                            Data Ascii: K8Z4.,qG.&~!<koIwGhWTonw>U)q[)4t7L>m\Jl.grvZzRGbMkSl."Xk|Xt3UAPgl<wrWA73T+pPZ'hvddbZocR-\O_F1qKO{fcC1x8/`/Cg,


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            3192.168.2.449743185.199.109.1534436832C:\Users\user\Desktop\rufus-4.5p.exe
                            TimestampBytes transferredDirectionData
                            2024-09-19 19:40:31 UTC147OUTGET /Rufus_win_x64_10.0.ver HTTP/1.1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            User-Agent: Rufus/4.5.2180 (Windows NT 10.0)
                            Host: rufus.ie
                            2024-09-19 19:40:31 UTC648INHTTP/1.1 404 Not Found
                            Connection: close
                            Content-Length: 9379
                            Server: GitHub.com
                            Content-Type: text/html; charset=utf-8
                            Access-Control-Allow-Origin: *
                            ETag: "64d39a40-24a3"
                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
                            x-proxy-cache: MISS
                            X-GitHub-Request-Id: 8D7D:16DD:518E463:5931C63:66EC7E2D
                            Accept-Ranges: bytes
                            Age: 0
                            Date: Thu, 19 Sep 2024 19:40:31 GMT
                            Via: 1.1 varnish
                            X-Served-By: cache-nyc-kteb1890049-NYC
                            X-Cache: MISS
                            X-Cache-Hits: 0
                            X-Timer: S1726774832.845780,VS0,VE13
                            Vary: Accept-Encoding
                            X-Fastly-Request-ID: c8a20c61399d5c31abf3f5d5eca140ae6ff24eb1
                            2024-09-19 19:40:31 UTC1378INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 73 74 79 6c 65 2d 73 72 63 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 3b 20 69 6d 67 2d 73 72 63 20 64 61 74 61 3a 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50
                            Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"> <title>P
                            2024-09-19 19:40:31 UTC1378INData Raw: 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 20 32 29 2c 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 31 39 32 64 70 69 29 2c 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 32 64 70 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 6c 6f 67 6f 2d 69 6d 67 2d 31 78 20 7b 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 7d 0a 20 20 20 20 20 20 20 20 2e 6c 6f 67 6f 2d 69 6d 67 2d 32 78 20 7b 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 7d 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 23 73 75
                            Data Ascii: ice-pixel-ratio: 2), only screen and ( min-resolution: 192dpi), only screen and ( min-resolution: 2dppx) { .logo-img-1x { display: none; } .logo-img-2x { display: inline-block; } } #su
                            2024-09-19 19:40:31 UTC1378INData Raw: 32 22 20 68 65 69 67 68 74 3d 22 33 32 22 20 74 69 74 6c 65 3d 22 22 20 61 6c 74 3d 22 22 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 43 41 41 41 41 41 67 43 41 59 41 41 41 42 7a 65 6e 72 30 41 41 41 41 47 58 52 46 57 48 52 54 62 32 5a 30 64 32 46 79 5a 51 42 42 5a 47 39 69 5a 53 42 4a 62 57 46 6e 5a 56 4a 6c 59 57 52 35 63 63 6c 6c 50 41 41 41 41 79 52 70 56 46 68 30 57 45 31 4d 4f 6d 4e 76 62 53 35 68 5a 47 39 69 5a 53 35 34 62 58 41 41 41 41 41 41 41 44 77 2f 65 48 42 68 59 32 74 6c 64 43 42 69 5a 57 64 70 62 6a 30 69 37 37 75 2f 49 69 42 70 5a 44 30 69 56 7a 56 4e 4d 45 31 77 51 32 56 6f 61 55 68 36 63 6d 56 54 65 6b 35 55 59 33 70 72 59
                            Data Ascii: 2" height="32" title="" alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prY
                            2024-09-19 19:40:31 UTC1378INData Raw: 2f 38 37 37 47 59 64 48 52 67 33 5a 6a 4d 58 46 78 65 70 51 4b 4e 53 36 73 4c 43 77 4a 78 71 4e 4e 75 46 70 69 4d 66 6a 56 73 34 5a 6a 55 61 2f 70 6d 6d 6a 65 44 36 56 6c 4a 53 38 4e 70 76 4e 54 34 51 51 37 6d 78 77 6a 53 73 4a 69 45 51 69 6d 2f 31 2b 2f 39 6c 67 4d 48 67 49 72 35 6f 68 75 78 47 31 57 43 77 39 56 71 76 31 63 6c 46 52 30 64 43 71 42 4f 44 45 6c 56 36 76 39 30 6f 67 45 44 6a 47 64 59 62 56 6a 58 68 70 61 65 6e 64 69 6f 71 4b 30 37 43 49 52 37 5a 41 71 45 34 39 50 54 30 39 42 50 4c 32 50 4d 67 54 42 79 51 47 73 59 69 5a 6c 51 44 34 75 4d 58 74 64 72 2b 4a 78 57 49 4e 68 67 49 4e 59 68 47 54 32 4d 73 4b 67 4d 72 6d 32 64 6e 5a 58 67 52 58 68 61 48 41 67 35 6a 45 4a 6f 64 55 41 48 78 75 78 34 4c 75 64 48 4a 45 39 52 64 45 64 41 2b 69 33 4a 75
                            Data Ascii: /877GYdHRg3ZjMXFxepQKNS6sLCwJxqNNuFpiMfjVs4ZjUa/pmmjeD6VlJS8NpvNT4QQ7mxwjSsJiEQim/1+/9lgMHgIr5ohuxG1WCw9Vqv1clFR0dCqBODElV6v90ogEDjGdYbVjXhpaendioqK07CIR7ZAqE49PT09BPL2PMgTByQGsYiZlQD4uMXtdr+JxWINhgINYhGT2MsKgMrm2dnZXgRXhaHAg5jEJodUAHxux4LudHJE9RdEdA+i3Ju
                            2024-09-19 19:40:31 UTC1378INData Raw: 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 45 41 41 41 41 42 41 43 41 59 41 41 41 43 71 61 58 48 65 41 41 41 41 47 58 52 46 57 48 52 54 62 32 5a 30 64 32 46 79 5a 51 42 42 5a 47 39 69 5a 53 42 4a 62 57 46 6e 5a 56 4a 6c 59 57 52 35 63 63 6c 6c 50 41 41 41 41 79 52 70 56 46 68 30 57 45 31 4d 4f 6d 4e 76 62 53 35 68 5a 47 39 69 5a 53 35 34 62 58 41 41 41 41 41 41 41 44 77 2f 65 48 42 68 59 32 74 6c 64 43 42 69 5a 57 64 70 62 6a 30 69 37 37 75 2f 49 69 42 70 5a 44 30 69 56 7a 56 4e 4d 45 31 77 51 32 56 6f 61 55 68 36 63 6d 56 54 65 6b 35 55 59 33 70 72 59 7a 6c 6b 49 6a 38 2b 49 44 78 34 4f 6e 68 74 63 47 31 6c 64 47 45 67 65 47 31 73 62 6e 4d 36 65 44 30 69 59 57 52 76 59 6d 55 36 62 6e 4d 36 62 57 56 30 59 53 38 69 49 48 67 36 65 47 31
                            Data Ascii: Rw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1
                            2024-09-19 19:40:31 UTC1378INData Raw: 62 74 34 6d 65 73 56 6d 73 57 64 31 71 53 70 48 68 64 58 64 32 66 75 50 2f 41 66 63 70 75 74 35 2f 41 38 38 78 77 79 6d 63 64 42 67 4c 71 65 6e 70 36 46 75 52 79 75 57 56 34 7a 75 2f 76 37 35 39 51 79 57 42 6a 78 6f 7a 35 74 37 36 2b 2f 67 75 6e 30 39 6d 4b 35 78 46 79 61 6b 6f 43 41 50 53 61 54 43 61 7a 4e 70 76 4e 50 6f 59 56 62 68 36 4f 31 59 4b 47 52 46 30 75 31 33 73 4e 44 51 32 37 51 4d 7a 66 70 69 41 41 4b 6a 30 6c 6e 55 36 2f 67 42 56 66 41 5a 57 32 57 57 70 77 77 56 7a 79 30 49 67 50 33 47 37 33 46 70 6a 49 36 52 45 68 41 47 41 39 71 56 52 71 41 31 62 39 6d 56 6f 42 56 79 49 43 32 74 44 69 38 58 67 32 34 2b 64 55 7a 51 69 41 62 53 2f 73 37 4f 78 38 47 32 6f 2f 33 6d 4b 43 43 2b 5a 77 30 65 66 7a 50 51 45 66 63 56 6a 59 72 41 52 58 33 64 62 56 31
                            Data Ascii: bt4mesVmsWd1qSpHhdXd2fuP/Afcput5/A88xwymcdBgLqenp6FuRyuWV4zu/v759QyWBjxoz5t76+/gun09mK5xFyakoCAPSaTCazNpvNPoYVbh6O1YKGRF0u13sNDQ27QMzfpiAAKj0lnU6/gBVfAZW2WWpwwVzy0IgP3G73FpjI6REhAGA9qVRqA1b9mVoBVyIC2tDi8Xg24+dUzQiAbS/s7Ox8G2o/3mKCC+Zw0efzPQEfcVjYrARX3dbV1
                            2024-09-19 19:40:31 UTC1111INData Raw: 50 41 4b 48 4c 45 37 52 64 77 75 59 4a 5a 6d 4e 77 7a 79 43 4d 6b 42 43 59 79 4b 52 4f 4a 42 4d 4a 6c 39 42 2f 50 58 58 43 6a 6a 6d 43 6d 44 4f 56 7a 48 33 66 69 50 70 4f 62 45 57 47 71 6f 4b 65 34 45 42 6c 38 76 31 68 6c 71 73 64 4c 76 64 32 33 6d 6b 78 48 4d 39 70 63 39 6b 4d 70 6d 6e 6f 39 48 6f 65 54 69 69 37 65 77 62 48 45 5a 50 50 78 31 7a 74 4c 53 31 74 56 33 41 6e 47 75 4d 6a 69 4e 6a 76 62 51 46 75 48 77 36 7a 44 6f 35 42 79 37 64 54 50 41 51 4e 42 67 4d 4c 72 52 61 72 54 6b 53 6c 73 31 6d 6e 77 54 37 75 77 70 39 76 69 72 78 39 51 7a 62 57 2f 48 75 56 2f 6a 35 64 2f 62 2b 36 6a 6e 69 4b 6c 6c 6c 50 38 6c 6b 65 4f 4e 4a 44 6b 2b 64 71 39 47 73 51 54 6e 43 34 66 42 31 68 65 4f 30 4b 34 37 48 77 65 37 57 64 44 72 39 6e 41 4b 67 58 77 4f 42 77 48 49
                            Data Ascii: PAKHLE7RdwuYJZmNwzyCMkBCYyKROJBMJl9B/PXXCjjmCmDOVzH3fiPpObEWGqoKe4EBl8v1hlqsdLvd23mkxHM9pc9kMpmno9HoeTii7ewbHEZPPx1ztLS1tV3AnGuMjiNjvbQFuHw6zDo5By7dTPAQNBgMLrRarTkSls1mnwT7uwp9virx9QzbW/HuV/j5d/b+6jniKlllP8lkeONJDk+dq9GsQTnC4fB1heO0K47Hwe7WdDr9nAKgXwOBwHI


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            4192.168.2.449744185.199.109.1534436832C:\Users\user\Desktop\rufus-4.5p.exe
                            TimestampBytes transferredDirectionData
                            2024-09-19 19:40:32 UTC145OUTGET /Rufus_win_x64_10.ver HTTP/1.1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            User-Agent: Rufus/4.5.2180 (Windows NT 10.0)
                            Host: rufus.ie
                            2024-09-19 19:40:32 UTC648INHTTP/1.1 404 Not Found
                            Connection: close
                            Content-Length: 9379
                            Server: GitHub.com
                            Content-Type: text/html; charset=utf-8
                            Access-Control-Allow-Origin: *
                            ETag: "64d39a40-24a3"
                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
                            x-proxy-cache: MISS
                            X-GitHub-Request-Id: 17DE:16DE:5D47EF9:66609CA:66EC7E2F
                            Accept-Ranges: bytes
                            Age: 0
                            Date: Thu, 19 Sep 2024 19:40:32 GMT
                            Via: 1.1 varnish
                            X-Served-By: cache-nyc-kteb1890082-NYC
                            X-Cache: MISS
                            X-Cache-Hits: 0
                            X-Timer: S1726774832.453654,VS0,VE14
                            Vary: Accept-Encoding
                            X-Fastly-Request-ID: d38a476400fe7d752f91e8e78a89bc5f2c73953a
                            2024-09-19 19:40:32 UTC1378INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 73 74 79 6c 65 2d 73 72 63 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 3b 20 69 6d 67 2d 73 72 63 20 64 61 74 61 3a 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50
                            Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"> <title>P
                            2024-09-19 19:40:32 UTC1378INData Raw: 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 20 32 29 2c 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 31 39 32 64 70 69 29 2c 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 32 64 70 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 6c 6f 67 6f 2d 69 6d 67 2d 31 78 20 7b 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 7d 0a 20 20 20 20 20 20 20 20 2e 6c 6f 67 6f 2d 69 6d 67 2d 32 78 20 7b 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 7d 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 23 73 75
                            Data Ascii: ice-pixel-ratio: 2), only screen and ( min-resolution: 192dpi), only screen and ( min-resolution: 2dppx) { .logo-img-1x { display: none; } .logo-img-2x { display: inline-block; } } #su
                            2024-09-19 19:40:32 UTC1378INData Raw: 32 22 20 68 65 69 67 68 74 3d 22 33 32 22 20 74 69 74 6c 65 3d 22 22 20 61 6c 74 3d 22 22 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 43 41 41 41 41 41 67 43 41 59 41 41 41 42 7a 65 6e 72 30 41 41 41 41 47 58 52 46 57 48 52 54 62 32 5a 30 64 32 46 79 5a 51 42 42 5a 47 39 69 5a 53 42 4a 62 57 46 6e 5a 56 4a 6c 59 57 52 35 63 63 6c 6c 50 41 41 41 41 79 52 70 56 46 68 30 57 45 31 4d 4f 6d 4e 76 62 53 35 68 5a 47 39 69 5a 53 35 34 62 58 41 41 41 41 41 41 41 44 77 2f 65 48 42 68 59 32 74 6c 64 43 42 69 5a 57 64 70 62 6a 30 69 37 37 75 2f 49 69 42 70 5a 44 30 69 56 7a 56 4e 4d 45 31 77 51 32 56 6f 61 55 68 36 63 6d 56 54 65 6b 35 55 59 33 70 72 59
                            Data Ascii: 2" height="32" title="" alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prY
                            2024-09-19 19:40:32 UTC1378INData Raw: 2f 38 37 37 47 59 64 48 52 67 33 5a 6a 4d 58 46 78 65 70 51 4b 4e 53 36 73 4c 43 77 4a 78 71 4e 4e 75 46 70 69 4d 66 6a 56 73 34 5a 6a 55 61 2f 70 6d 6d 6a 65 44 36 56 6c 4a 53 38 4e 70 76 4e 54 34 51 51 37 6d 78 77 6a 53 73 4a 69 45 51 69 6d 2f 31 2b 2f 39 6c 67 4d 48 67 49 72 35 6f 68 75 78 47 31 57 43 77 39 56 71 76 31 63 6c 46 52 30 64 43 71 42 4f 44 45 6c 56 36 76 39 30 6f 67 45 44 6a 47 64 59 62 56 6a 58 68 70 61 65 6e 64 69 6f 71 4b 30 37 43 49 52 37 5a 41 71 45 34 39 50 54 30 39 42 50 4c 32 50 4d 67 54 42 79 51 47 73 59 69 5a 6c 51 44 34 75 4d 58 74 64 72 2b 4a 78 57 49 4e 68 67 49 4e 59 68 47 54 32 4d 73 4b 67 4d 72 6d 32 64 6e 5a 58 67 52 58 68 61 48 41 67 35 6a 45 4a 6f 64 55 41 48 78 75 78 34 4c 75 64 48 4a 45 39 52 64 45 64 41 2b 69 33 4a 75
                            Data Ascii: /877GYdHRg3ZjMXFxepQKNS6sLCwJxqNNuFpiMfjVs4ZjUa/pmmjeD6VlJS8NpvNT4QQ7mxwjSsJiEQim/1+/9lgMHgIr5ohuxG1WCw9Vqv1clFR0dCqBODElV6v90ogEDjGdYbVjXhpaendioqK07CIR7ZAqE49PT09BPL2PMgTByQGsYiZlQD4uMXtdr+JxWINhgINYhGT2MsKgMrm2dnZXgRXhaHAg5jEJodUAHxux4LudHJE9RdEdA+i3Ju
                            2024-09-19 19:40:32 UTC1378INData Raw: 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 45 41 41 41 41 42 41 43 41 59 41 41 41 43 71 61 58 48 65 41 41 41 41 47 58 52 46 57 48 52 54 62 32 5a 30 64 32 46 79 5a 51 42 42 5a 47 39 69 5a 53 42 4a 62 57 46 6e 5a 56 4a 6c 59 57 52 35 63 63 6c 6c 50 41 41 41 41 79 52 70 56 46 68 30 57 45 31 4d 4f 6d 4e 76 62 53 35 68 5a 47 39 69 5a 53 35 34 62 58 41 41 41 41 41 41 41 44 77 2f 65 48 42 68 59 32 74 6c 64 43 42 69 5a 57 64 70 62 6a 30 69 37 37 75 2f 49 69 42 70 5a 44 30 69 56 7a 56 4e 4d 45 31 77 51 32 56 6f 61 55 68 36 63 6d 56 54 65 6b 35 55 59 33 70 72 59 7a 6c 6b 49 6a 38 2b 49 44 78 34 4f 6e 68 74 63 47 31 6c 64 47 45 67 65 47 31 73 62 6e 4d 36 65 44 30 69 59 57 52 76 59 6d 55 36 62 6e 4d 36 62 57 56 30 59 53 38 69 49 48 67 36 65 47 31
                            Data Ascii: Rw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            5192.168.2.449745185.199.109.1534436832C:\Users\user\Desktop\rufus-4.5p.exe
                            TimestampBytes transferredDirectionData
                            2024-09-19 19:40:33 UTC142OUTGET /Rufus_win_x64.ver HTTP/1.1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            User-Agent: Rufus/4.5.2180 (Windows NT 10.0)
                            Host: rufus.ie
                            2024-09-19 19:40:33 UTC648INHTTP/1.1 404 Not Found
                            Connection: close
                            Content-Length: 9379
                            Server: GitHub.com
                            Content-Type: text/html; charset=utf-8
                            Access-Control-Allow-Origin: *
                            ETag: "64d39a40-24a3"
                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'
                            x-proxy-cache: MISS
                            X-GitHub-Request-Id: 5042:1700:158FBAC:17ADFCD:66EC7E30
                            Accept-Ranges: bytes
                            Age: 0
                            Date: Thu, 19 Sep 2024 19:40:33 GMT
                            Via: 1.1 varnish
                            X-Served-By: cache-ewr-kewr1740050-EWR
                            X-Cache: MISS
                            X-Cache-Hits: 0
                            X-Timer: S1726774833.081423,VS0,VE13
                            Vary: Accept-Encoding
                            X-Fastly-Request-ID: 901ea70440598c68e645cb194710d87ae87dc804
                            2024-09-19 19:40:33 UTC1378INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 73 74 79 6c 65 2d 73 72 63 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 3b 20 69 6d 67 2d 73 72 63 20 64 61 74 61 3a 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50
                            Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"> <title>P
                            2024-09-19 19:40:33 UTC1378INData Raw: 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 20 32 29 2c 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 31 39 32 64 70 69 29 2c 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 32 64 70 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 6c 6f 67 6f 2d 69 6d 67 2d 31 78 20 7b 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 7d 0a 20 20 20 20 20 20 20 20 2e 6c 6f 67 6f 2d 69 6d 67 2d 32 78 20 7b 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 7d 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 23 73 75
                            Data Ascii: ice-pixel-ratio: 2), only screen and ( min-resolution: 192dpi), only screen and ( min-resolution: 2dppx) { .logo-img-1x { display: none; } .logo-img-2x { display: inline-block; } } #su
                            2024-09-19 19:40:33 UTC1378INData Raw: 32 22 20 68 65 69 67 68 74 3d 22 33 32 22 20 74 69 74 6c 65 3d 22 22 20 61 6c 74 3d 22 22 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 43 41 41 41 41 41 67 43 41 59 41 41 41 42 7a 65 6e 72 30 41 41 41 41 47 58 52 46 57 48 52 54 62 32 5a 30 64 32 46 79 5a 51 42 42 5a 47 39 69 5a 53 42 4a 62 57 46 6e 5a 56 4a 6c 59 57 52 35 63 63 6c 6c 50 41 41 41 41 79 52 70 56 46 68 30 57 45 31 4d 4f 6d 4e 76 62 53 35 68 5a 47 39 69 5a 53 35 34 62 58 41 41 41 41 41 41 41 44 77 2f 65 48 42 68 59 32 74 6c 64 43 42 69 5a 57 64 70 62 6a 30 69 37 37 75 2f 49 69 42 70 5a 44 30 69 56 7a 56 4e 4d 45 31 77 51 32 56 6f 61 55 68 36 63 6d 56 54 65 6b 35 55 59 33 70 72 59
                            Data Ascii: 2" height="32" title="" alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prY
                            2024-09-19 19:40:33 UTC1378INData Raw: 2f 38 37 37 47 59 64 48 52 67 33 5a 6a 4d 58 46 78 65 70 51 4b 4e 53 36 73 4c 43 77 4a 78 71 4e 4e 75 46 70 69 4d 66 6a 56 73 34 5a 6a 55 61 2f 70 6d 6d 6a 65 44 36 56 6c 4a 53 38 4e 70 76 4e 54 34 51 51 37 6d 78 77 6a 53 73 4a 69 45 51 69 6d 2f 31 2b 2f 39 6c 67 4d 48 67 49 72 35 6f 68 75 78 47 31 57 43 77 39 56 71 76 31 63 6c 46 52 30 64 43 71 42 4f 44 45 6c 56 36 76 39 30 6f 67 45 44 6a 47 64 59 62 56 6a 58 68 70 61 65 6e 64 69 6f 71 4b 30 37 43 49 52 37 5a 41 71 45 34 39 50 54 30 39 42 50 4c 32 50 4d 67 54 42 79 51 47 73 59 69 5a 6c 51 44 34 75 4d 58 74 64 72 2b 4a 78 57 49 4e 68 67 49 4e 59 68 47 54 32 4d 73 4b 67 4d 72 6d 32 64 6e 5a 58 67 52 58 68 61 48 41 67 35 6a 45 4a 6f 64 55 41 48 78 75 78 34 4c 75 64 48 4a 45 39 52 64 45 64 41 2b 69 33 4a 75
                            Data Ascii: /877GYdHRg3ZjMXFxepQKNS6sLCwJxqNNuFpiMfjVs4ZjUa/pmmjeD6VlJS8NpvNT4QQ7mxwjSsJiEQim/1+/9lgMHgIr5ohuxG1WCw9Vqv1clFR0dCqBODElV6v90ogEDjGdYbVjXhpaendioqK07CIR7ZAqE49PT09BPL2PMgTByQGsYiZlQD4uMXtdr+JxWINhgINYhGT2MsKgMrm2dnZXgRXhaHAg5jEJodUAHxux4LudHJE9RdEdA+i3Ju
                            2024-09-19 19:40:33 UTC1378INData Raw: 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 45 41 41 41 41 42 41 43 41 59 41 41 41 43 71 61 58 48 65 41 41 41 41 47 58 52 46 57 48 52 54 62 32 5a 30 64 32 46 79 5a 51 42 42 5a 47 39 69 5a 53 42 4a 62 57 46 6e 5a 56 4a 6c 59 57 52 35 63 63 6c 6c 50 41 41 41 41 79 52 70 56 46 68 30 57 45 31 4d 4f 6d 4e 76 62 53 35 68 5a 47 39 69 5a 53 35 34 62 58 41 41 41 41 41 41 41 44 77 2f 65 48 42 68 59 32 74 6c 64 43 42 69 5a 57 64 70 62 6a 30 69 37 37 75 2f 49 69 42 70 5a 44 30 69 56 7a 56 4e 4d 45 31 77 51 32 56 6f 61 55 68 36 63 6d 56 54 65 6b 35 55 59 33 70 72 59 7a 6c 6b 49 6a 38 2b 49 44 78 34 4f 6e 68 74 63 47 31 6c 64 47 45 67 65 47 31 73 62 6e 4d 36 65 44 30 69 59 57 52 76 59 6d 55 36 62 6e 4d 36 62 57 56 30 59 53 38 69 49 48 67 36 65 47 31
                            Data Ascii: Rw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1
                            2024-09-19 19:40:33 UTC1378INData Raw: 62 74 34 6d 65 73 56 6d 73 57 64 31 71 53 70 48 68 64 58 64 32 66 75 50 2f 41 66 63 70 75 74 35 2f 41 38 38 78 77 79 6d 63 64 42 67 4c 71 65 6e 70 36 46 75 52 79 75 57 56 34 7a 75 2f 76 37 35 39 51 79 57 42 6a 78 6f 7a 35 74 37 36 2b 2f 67 75 6e 30 39 6d 4b 35 78 46 79 61 6b 6f 43 41 50 53 61 54 43 61 7a 4e 70 76 4e 50 6f 59 56 62 68 36 4f 31 59 4b 47 52 46 30 75 31 33 73 4e 44 51 32 37 51 4d 7a 66 70 69 41 41 4b 6a 30 6c 6e 55 36 2f 67 42 56 66 41 5a 57 32 57 57 70 77 77 56 7a 79 30 49 67 50 33 47 37 33 46 70 6a 49 36 52 45 68 41 47 41 39 71 56 52 71 41 31 62 39 6d 56 6f 42 56 79 49 43 32 74 44 69 38 58 67 32 34 2b 64 55 7a 51 69 41 62 53 2f 73 37 4f 78 38 47 32 6f 2f 33 6d 4b 43 43 2b 5a 77 30 65 66 7a 50 51 45 66 63 56 6a 59 72 41 52 58 33 64 62 56 31
                            Data Ascii: bt4mesVmsWd1qSpHhdXd2fuP/Afcput5/A88xwymcdBgLqenp6FuRyuWV4zu/v759QyWBjxoz5t76+/gun09mK5xFyakoCAPSaTCazNpvNPoYVbh6O1YKGRF0u13sNDQ27QMzfpiAAKj0lnU6/gBVfAZW2WWpwwVzy0IgP3G73FpjI6REhAGA9qVRqA1b9mVoBVyIC2tDi8Xg24+dUzQiAbS/s7Ox8G2o/3mKCC+Zw0efzPQEfcVjYrARX3dbV1
                            2024-09-19 19:40:33 UTC1111INData Raw: 50 41 4b 48 4c 45 37 52 64 77 75 59 4a 5a 6d 4e 77 7a 79 43 4d 6b 42 43 59 79 4b 52 4f 4a 42 4d 4a 6c 39 42 2f 50 58 58 43 6a 6a 6d 43 6d 44 4f 56 7a 48 33 66 69 50 70 4f 62 45 57 47 71 6f 4b 65 34 45 42 6c 38 76 31 68 6c 71 73 64 4c 76 64 32 33 6d 6b 78 48 4d 39 70 63 39 6b 4d 70 6d 6e 6f 39 48 6f 65 54 69 69 37 65 77 62 48 45 5a 50 50 78 31 7a 74 4c 53 31 74 56 33 41 6e 47 75 4d 6a 69 4e 6a 76 62 51 46 75 48 77 36 7a 44 6f 35 42 79 37 64 54 50 41 51 4e 42 67 4d 4c 72 52 61 72 54 6b 53 6c 73 31 6d 6e 77 54 37 75 77 70 39 76 69 72 78 39 51 7a 62 57 2f 48 75 56 2f 6a 35 64 2f 62 2b 36 6a 6e 69 4b 6c 6c 6c 50 38 6c 6b 65 4f 4e 4a 44 6b 2b 64 71 39 47 73 51 54 6e 43 34 66 42 31 68 65 4f 30 4b 34 37 48 77 65 37 57 64 44 72 39 6e 41 4b 67 58 77 4f 42 77 48 49
                            Data Ascii: PAKHLE7RdwuYJZmNwzyCMkBCYyKROJBMJl9B/PXXCjjmCmDOVzH3fiPpObEWGqoKe4EBl8v1hlqsdLvd23mkxHM9pc9kMpmno9HoeTii7ewbHEZPPx1ztLS1tV3AnGuMjiNjvbQFuHw6zDo5By7dTPAQNBgMLrRarTkSls1mnwT7uwp9virx9QzbW/HuV/j5d/b+6jniKlllP8lkeONJDk+dq9GsQTnC4fB1heO0K47Hwe7WdDr9nAKgXwOBwHI


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            6192.168.2.449746185.199.109.1534436832C:\Users\user\Desktop\rufus-4.5p.exe
                            TimestampBytes transferredDirectionData
                            2024-09-19 19:40:33 UTC138OUTGET /Rufus_win.ver HTTP/1.1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            User-Agent: Rufus/4.5.2180 (Windows NT 10.0)
                            Host: rufus.ie
                            2024-09-19 19:40:33 UTC667INHTTP/1.1 200 OK
                            Connection: close
                            Content-Length: 1789
                            Server: GitHub.com
                            Content-Type: application/octet-stream
                            x-origin-cache: HIT
                            Last-Modified: Wed, 21 Aug 2024 10:44:57 GMT
                            Access-Control-Allow-Origin: *
                            ETag: "66c5c529-6fd"
                            expires: Thu, 19 Sep 2024 16:36:52 GMT
                            Cache-Control: max-age=600
                            x-proxy-cache: MISS
                            X-GitHub-Request-Id: 806F:1694:63DD877:6D10D4C:66EC50CB
                            Accept-Ranges: bytes
                            Age: 0
                            Date: Thu, 19 Sep 2024 19:40:33 GMT
                            Via: 1.1 varnish
                            X-Served-By: cache-ewr-kewr1740025-EWR
                            X-Cache: HIT
                            X-Cache-Hits: 0
                            X-Timer: S1726774834.885432,VS0,VE15
                            Vary: Accept-Encoding
                            X-Fastly-Request-ID: dce276d0dea95a3c1c068f91509cbc46a70d99d1
                            2024-09-19 19:40:33 UTC1378INData Raw: 76 65 72 73 69 6f 6e 20 3d 20 34 2e 35 2e 32 31 38 30 0a 70 6c 61 74 66 6f 72 6d 5f 6d 69 6e 20 3d 20 36 2e 32 0a 64 6f 77 6e 6c 6f 61 64 5f 75 72 6c 20 3d 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 70 62 61 74 61 72 64 2f 72 75 66 75 73 2f 72 65 6c 65 61 73 65 73 2f 64 6f 77 6e 6c 6f 61 64 2f 76 34 2e 35 2f 72 75 66 75 73 2d 34 2e 35 2e 65 78 65 0a 64 6f 77 6e 6c 6f 61 64 5f 75 72 6c 5f 78 38 36 20 3d 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 70 62 61 74 61 72 64 2f 72 75 66 75 73 2f 72 65 6c 65 61 73 65 73 2f 64 6f 77 6e 6c 6f 61 64 2f 76 34 2e 35 2f 72 75 66 75 73 2d 34 2e 35 5f 78 38 36 2e 65 78 65 0a 64 6f 77 6e 6c 6f 61 64 5f 75 72 6c 5f 61 72 6d 20 3d 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 70
                            Data Ascii: version = 4.5.2180platform_min = 6.2download_url = https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5.exedownload_url_x86 = https://github.com/pbatard/rufus/releases/download/v4.5/rufus-4.5_x86.exedownload_url_arm = https://github.com/p
                            2024-09-19 19:40:33 UTC411INData Raw: 4e 54 46 53 20 74 6f 20 6c 61 74 65 73 74 20 28 6e 6f 77 20 61 6c 77 61 79 73 20 75 73 65 73 20 74 68 65 20 6e 74 66 73 2d 33 67 20 64 72 69 76 65 72 2c 20 72 61 74 68 65 72 20 74 68 61 6e 20 74 68 65 20 62 75 67 67 79 20 41 4d 49 20 4e 54 46 53 20 6f 6e 65 29 5c 70 61 72 0a 7b 5c 70 6e 74 65 78 74 5c 66 32 5c 27 42 37 5c 74 61 62 7d 49 6e 63 72 65 61 73 65 20 62 75 66 66 65 72 20 73 69 7a 65 20 77 68 65 6e 20 63 6f 70 79 69 6e 67 20 49 53 4f 20 66 69 6c 65 73 2c 20 69 6e 20 61 6e 20 61 74 74 65 6d 70 74 20 74 6f 20 6d 69 6e 69 6d 69 7a 65 20 74 68 65 20 41 4d 49 20 4e 54 46 53 20 55 45 46 49 20 64 72 69 76 65 72 20 62 75 67 5c 70 61 72 0a 7b 5c 70 6e 74 65 78 74 5c 66 32 5c 27 42 37 5c 74 61 62 7d 49 6d 70 72 6f 76 65 20 70 61 72 74 69 74 69 6f 6e 20 63
                            Data Ascii: NTFS to latest (now always uses the ntfs-3g driver, rather than the buggy AMI NTFS one)\par{\pntext\f2\'B7\tab}Increase buffer size when copying ISO files, in an attempt to minimize the AMI NTFS UEFI driver bug\par{\pntext\f2\'B7\tab}Improve partition c


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            7192.168.2.449747185.199.109.1534436832C:\Users\user\Desktop\rufus-4.5p.exe
                            TimestampBytes transferredDirectionData
                            2024-09-19 19:40:34 UTC143OUTGET //Rufus_win.ver.sig HTTP/1.1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            User-Agent: Rufus/4.5.2180 (Windows NT 10.0)
                            Host: rufus.ie
                            2024-09-19 19:40:34 UTC667INHTTP/1.1 200 OK
                            Connection: close
                            Content-Length: 256
                            Server: GitHub.com
                            Content-Type: application/pgp-signature
                            x-origin-cache: HIT
                            Last-Modified: Wed, 21 Aug 2024 10:44:57 GMT
                            Access-Control-Allow-Origin: *
                            ETag: "66c5c529-100"
                            expires: Thu, 19 Sep 2024 16:36:52 GMT
                            Cache-Control: max-age=600
                            x-proxy-cache: MISS
                            X-GitHub-Request-Id: EDC1:16DD:4E053BD:5560A83:66EC50CC
                            Accept-Ranges: bytes
                            Age: 0
                            Date: Thu, 19 Sep 2024 19:40:34 GMT
                            Via: 1.1 varnish
                            X-Served-By: cache-ewr-kewr1740070-EWR
                            X-Cache: HIT
                            X-Cache-Hits: 0
                            X-Timer: S1726774835.543000,VS0,VE14
                            Vary: Accept-Encoding
                            X-Fastly-Request-ID: b36f6583e006d37b3c146dd93fdc7e3cb4b9df34
                            2024-09-19 19:40:34 UTC256INData Raw: 95 d8 5d d9 50 a8 84 9f 17 0e 08 5c e8 d1 e7 59 b0 b6 b2 43 1e c8 f4 4f 06 21 0b 27 77 f8 da 49 01 09 bd 55 93 43 8b 02 28 92 88 90 9a 2e ef b4 5e 8d 7c 77 25 a7 98 b0 a4 41 ff 20 17 1c 34 3c 6a 57 d3 26 90 d9 c6 fe b4 98 3c 3b e7 95 dc 68 cd 23 4a 17 07 2a f0 24 fd 22 a9 27 8b 81 9d bf 16 f7 5f ad 43 28 4f 1b 4f 17 0d 29 c0 eb 71 36 05 4e fa 02 b1 99 39 bc fc f5 f0 2e 56 70 ff 4c d0 27 7b b7 35 21 b2 9a e6 ca 4d 7c 93 9c 23 b9 35 42 04 c9 6f f2 40 fe ad 2a 40 38 ac 1f 5f 45 24 e9 69 ec c5 78 fa 4a fc b0 93 b5 fb a8 a8 91 10 2e 95 bf 6a a7 ce 81 05 57 12 9b 93 33 b8 a9 39 58 36 62 bf 40 4d c7 f8 5c c1 60 3f 74 50 b1 d0 84 7d 45 01 9f a8 6d 3a b6 60 56 94 9c e8 87 21 9e 6c df 44 1e ba e5 9f 8a 39 12 ad d0 9c 15 a0 f1 0a 85 b3 5f c5 3e 99 2e 00 38 eb b5 93
                            Data Ascii: ]P\YCO!'wIUC(.^|w%A 4<jW&<;h#J*$"'_C(OO)q6N9.VpL'{5!M|#5Bo@*@8_E$ixJ.jW39X6b@M\`?tP}Em:`V!lD9_>.8


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            • File
                            • Registry

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:15:40:09
                            Start date:19/09/2024
                            Path:C:\Users\user\Desktop\rufus-4.5p.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\Desktop\rufus-4.5p.exe"
                            Imagebase:0x7ff619d80000
                            File size:1'513'032 bytes
                            MD5 hash:129E5BBF63D8299D027186EAFE92754A
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false
                            Show Windows behavior

                            File Activities

                            Show Windows behavior

                            Section Activities

                            Show Windows behavior

                            Registry Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Mutex Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Thread Activities

                            Show Windows behavior

                            Memory Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Timing Activities

                            Show Windows behavior

                            Windows UI Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Process Token Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            General

                            Target ID:1
                            Start time:15:40:09
                            Start date:19/09/2024
                            Path:C:\Windows\System32\vdsldr.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\vdsldr.exe -Embedding
                            Imagebase:0x7ff740110000
                            File size:27'136 bytes
                            MD5 hash:472A05A6ADC167E9E5D2328AD98E3067
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:moderate
                            Has exited:true
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Section Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            COM Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Thread Activities

                            Show Windows behavior

                            Memory Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            General

                            Target ID:2
                            Start time:15:40:09
                            Start date:19/09/2024
                            Path:C:\Windows\System32\vds.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\vds.exe
                            Imagebase:0x7ff6b9e10000
                            File size:723'968 bytes
                            MD5 hash:0781CE7ECCD9F6318BA72CD96B5B8992
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:moderate
                            Has exited:true
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Section Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Memory Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            General

                            Target ID:8
                            Start time:15:40:26
                            Start date:19/09/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff7699e0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:true
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true
                            Show Windows behavior

                            File Activities

                            Show Windows behavior

                            Section Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Mutex Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Thread Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Windows UI Activities


                            General

                            Target ID:11
                            Start time:15:41:25
                            Start date:19/09/2024
                            Path:C:\Windows\System32\vds.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\vds.exe
                            Imagebase:0x7ff6b9e10000
                            File size:723'968 bytes
                            MD5 hash:0781CE7ECCD9F6318BA72CD96B5B8992
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:moderate
                            Has exited:false
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Section Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            Show Windows behavior

                            Memory Activities

                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                            Disassembly

                            No disassembly