Create Interactive Tour

Analysis Report rufus-3.13.exe

Overview

General Information

Sample Name:rufus-3.13.exe
Analysis ID:327315
MD5:c844fa688f3aafa80790ecd6a204bbb7
SHA1:da498e3e80186ee16620f56a601e19fbdc1f8551
SHA256:ec3136b053bd1559ad7ec1ea104113898093b886bf519e6117b138ef2e691cbb

Most interesting Screenshot:

Detection

Score:39
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Changes autostart functionality of drives
Drops PE files with a suspicious file extension
Modifies Group Policy settings
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Enables driver privileges
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
PE file contains strange resources
Queries device information via Setup API
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



  • System is w10x64
  • rufus-3.13.exe (PID: 1536 cmdline: 'C:\Users\user\Desktop\rufus-3.13.exe' -install MD5: C844FA688F3AAFA80790ECD6A204BBB7)
  • rufus-3.13.exe (PID: 5920 cmdline: 'C:\Users\user\Desktop\rufus-3.13.exe' MD5: C844FA688F3AAFA80790ECD6A204BBB7)
  • rufus-3.13.exe (PID: 6176 cmdline: 'C:\Users\user\Desktop\rufus-3.13.exe' /install MD5: C844FA688F3AAFA80790ECD6A204BBB7)
  • rufus-3.13.exe (PID: 6380 cmdline: 'C:\Users\user\Desktop\rufus-3.13.exe' /load MD5: C844FA688F3AAFA80790ECD6A204BBB7)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01369852 CryptAcquireContextW,CryptImportKey,CryptCreateHash,CryptHashData,CryptVerifySignatureW,CryptDestroyHash,CryptReleaseContext,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01368A23 calloc,GetModuleHandleW,GetModuleFileNameW,GetLastError,CryptQueryObject,Sleep,CryptMsgGetParam,CryptMsgGetParam,CertFindCertificateInStore,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,calloc,CryptMsgGetParam,CertGetNameStringA,_strcmpi,CertGetNameStringA,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_01368A23 calloc,GetModuleHandleW,GetModuleFileNameW,GetLastError,CryptQueryObject,Sleep,CryptMsgGetParam,CryptMsgGetParam,CertFindCertificateInStore,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,calloc,CryptMsgGetParam,CertGetNameStringA,_strcmpi,CertGetNameStringA,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_0137B8CB CryptMsgGetParam,GetLastError,_snprintf,strlen,calloc,FormatMessageW,GetLastError,WideCharToMultiByte,??3@YAXPAX@Z,SetLastError,SetLastError,GetLastError,_snprintf,SetLastError,_snprintf,

Spreading:

barindex
Changes autostart functionality of drives
Source: C:\Users\user\Desktop\rufus-3.13.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\group policy objects\{65E08F51-2120-42E3-9C4F-9D2F5D4CEE1E}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutorunJump to behavior
Source: rufus-3.13.exeBinary or memory string: Using autorun.inf label for drive %c: '%s'
Source: rufus-3.13.exeBinary or memory string: Ignoring autorun.inf label for drive %c: %s
Source: rufus-3.13.exeBinary or memory string: #:\autorun.inf
Source: rufus-3.13.exeBinary or memory string: creates an autorun.inf)" t MSG_167 "Install an MBR that allows boot selection and can masquerade the BIOS USB drive ID" t MSG_168 "Try to masquerade first bootable USB drive (usually 0x80) as a different disk.\n" "This should only be necessary if you insta
Source: rufus-3.13.exeBinary or memory string: . (autorun.inf .)" t MSG_167 " MBR BIO
Source: rufus-3.13.exeBinary or memory string: autorun.inf
Source: rufus-3.13.exeBinary or memory string: %sautorun.inf
Source: rufus-3.13.exeBinary or memory string: t MSG_165 "Klik untuk memilih sebuah image..." t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)" t MSG_167 "Menginstal MBR memungkinkan untuk boot dan dapat memanipulasi ID perangkat USB di
Source: rufus-3.13.exeBinary or memory string: [autorun] icon = autorun.ico label = %s
Source: rufus-3.13.exeBinary or memory string: autorun.inf
Source: rufus-3.13.exeBinary or memory string: tellen (maakt een autorun.inf aan)" t MSG_167 "Installeert een MBR die een opstartselectie toestaat en de BIOS USB-drive ID kan verbergen" t MSG_168 "Probeert de eerste opstartbare USB drive (gewoonlijk 0x80) voor te laten doen als een andere schijf.\nDit is
Source: rufus-3.13.exeBinary or memory string: autorun.inf
Source: rufus-3.13.exeBinary or memory string: mbuat cakera boot" t MSG_165 "Klik untuk memilih atau memuat turun imej..." t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)" t MSG_167 "Memasang MBR yang membenarkan pilihan b
Source: rufus-3.13.exeBinary or memory string: box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-3.13.exeBinary or memory string: " t MSG_164 "" t MSG_165 "..." t MSG_166 " ( autorun.inf)" t MSG_
Source: rufus-3.13.exeBinary or memory string: [autorun]icon = autorun.icolabel = %s
Source: rufus-3.13.exe, 00000000.00000002.617413596.0000000003688000.00000004.00000001.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-3.13.exe, 00000000.00000002.613957668.0000000001434000.00000040.00020000.sdmpBinary or memory string: bytesthe device for bad blocks using a test patternbytesk this box to use the "slow" format methodbytes that will be used to make the drive bootablebytesto select or download an image...kilobytes box to allow the display of international labels and set a device icon (creates an autorun.inf)kilobytes MBR that allows boot selection and can masquerade the BIOS USB drive IDkilobytesquerade first bootable USB drive (usually 0x80) as a different disk.
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmpBinary or memory string: NtQueryVolumeInformationFileGetLogicalDriveStrings failed: %sGetLogicalDriveStrings: Buffer too small (required %d vs. %d)\\.\%c:\\.\#:Failed to get a drive letterNo drive letter was assigned...ABORTED: Cannot use an image that is located on the target drive!Failed to delete mountpoint %s: %sNO_LABELNo medialabelIgnoring autorun.inf label for drive %c: %sUsing autorun.inf label for drive %c: '%s'#:\autorun.inf%s does not have a Boot Marker%s has a %s Master Boot Record%s has an unknown Master Boot RecordPartition Boot RecordVolume does not have an x86 %sDrive has a %s %sVolume has an unknown FAT16 or FAT32 %sVolume has an unknown %sCould not unmount drive: %sCould not mount %s as %C:%s was successfully mounted as %C:%s is already mounted, but volume GUID could not be checked: %s%s is mounted, but volume GUID doesn't match:
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmpBinary or memory string: @FATLarge FAT32Invalid logical volume handleIOCTL_DISK_GET_DRIVE_GEOMETRY error: %sFailed to get device geometry (both regular and _ex)IOCTL_DISK_GET_PARTITION_INFO error: %sFailed to get partition info (both regular and _ex)This drive is too small for FAT32 - there must be at least 64K clustersThis drive is too big for FAT32 - max 2TB supportedFailed to allocate memoryformat_fat32.cSectorsPerCluster > 0This drive has more than 2^28 clusters, try to specify a larger cluster size or use the defaultFAT32 must have at least 65536 clusters, try to specify a smaller cluster size or use the defaultThis drive is too big for large FAT32 formatSize : %s %u sectorsCluster size %d bytes, %d bytes per sectorVolume ID is %x:%x%d Reserved sectors, %d sectors per FAT, %d FATs%d Total clusters%d Free clustersClearing out %d sectors for reserved sectors, FATs and root cluster...Error clearing reserved sectorsInitializing reserved sectors and FATs...FAT #%d sector at address: %dCould not write partition boot record - drive may not boot...Setting label...Could not set label: %sFormat completed.NO NAME iconUnable to create icon '%s': %s.Could not write icon header: %s.Could not write ICONDIRENTRY[%d]: %s.Could not write ICONDIRENTRY[%d] offset: %s.Could not write icon data #%d: %s.Created: %s%sautorun.infr%s already exists - keeping itw, ccs=UTF-16LEUnable to create %sNOTE: This may be caused by a poorly designed security solution. See https://goo.gl/QTobxX.; Created by %s
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmpBinary or memory string: [autorun]
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmpBinary or memory string: Error allocating file name%s%s/%srufus_files%s/syslinux-%s/%s Replaced with local version %s Could not replace file: %s File name sanitized to '%s' Unable to create file: %sautorun.inf NOTE: This is usually caused by a poorly designed security solution. See https://goo.gl/QTobxX.
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: "and set a device icon (creates an autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacijonalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: m souboru autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: e un fichier autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: hoz (egy autorun.inf f
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: un file autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: . (autorun.inf
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: (sukuria autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: autorun.inf"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: dzenia (tworzy plik autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: ier autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: uje autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: boru autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: autorun.inf
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: t simgesini belirleyin (autorun.inf olu
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmpBinary or memory string: t autorun.inf)"
Source: rufus-3.13.exeBinary or memory string: Using autorun.inf label for drive %c: '%s'
Source: rufus-3.13.exeBinary or memory string: Ignoring autorun.inf label for drive %c: %s
Source: rufus-3.13.exeBinary or memory string: #:\autorun.inf
Source: rufus-3.13.exeBinary or memory string: creates an autorun.inf)" t MSG_167 "Install an MBR that allows boot selection and can masquerade the BIOS USB drive ID" t MSG_168 "Try to masquerade first bootable USB drive (usually 0x80) as a different disk.\n" "This should only be necessary if you insta
Source: rufus-3.13.exeBinary or memory string: . (autorun.inf .)" t MSG_167 " MBR BIO
Source: rufus-3.13.exeBinary or memory string: autorun.inf
Source: rufus-3.13.exeBinary or memory string: %sautorun.inf
Source: rufus-3.13.exeBinary or memory string: t MSG_165 "Klik untuk memilih sebuah image..." t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)" t MSG_167 "Menginstal MBR memungkinkan untuk boot dan dapat memanipulasi ID perangkat USB di
Source: rufus-3.13.exeBinary or memory string: [autorun] icon = autorun.ico label = %s
Source: rufus-3.13.exeBinary or memory string: autorun.inf
Source: rufus-3.13.exeBinary or memory string: tellen (maakt een autorun.inf aan)" t MSG_167 "Installeert een MBR die een opstartselectie toestaat en de BIOS USB-drive ID kan verbergen" t MSG_168 "Probeert de eerste opstartbare USB drive (gewoonlijk 0x80) voor te laten doen als een andere schijf.\nDit is
Source: rufus-3.13.exeBinary or memory string: autorun.inf
Source: rufus-3.13.exeBinary or memory string: mbuat cakera boot" t MSG_165 "Klik untuk memilih atau memuat turun imej..." t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)" t MSG_167 "Memasang MBR yang membenarkan pilihan b
Source: rufus-3.13.exeBinary or memory string: " t MSG_164 "" t MSG_165 "..." t MSG_166 " ( autorun.inf)" t MSG_
Source: rufus-3.13.exeBinary or memory string: [autorun]icon = autorun.icolabel = %s
Source: rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmpBinary or memory string: NtQueryVolumeInformationFileGetLogicalDriveStrings failed: %sGetLogicalDriveStrings: Buffer too small (required %d vs. %d)\\.\%c:\\.\#:Failed to get a drive letterNo drive letter was assigned...ABORTED: Cannot use an image that is located on the target drive!Failed to delete mountpoint %s: %sNO_LABELNo medialabelIgnoring autorun.inf label for drive %c: %sUsing autorun.inf label for drive %c: '%s'#:\autorun.inf%s does not have a Boot Marker%s has a %s Master Boot Record%s has an unknown Master Boot RecordPartition Boot RecordVolume does not have an x86 %sDrive has a %s %sVolume has an unknown FAT16 or FAT32 %sVolume has an unknown %sCould not unmount drive: %sCould not mount %s as %C:%s was successfully mounted as %C:%s is already mounted, but volume GUID could not be checked: %s%s is mounted, but volume GUID doesn't match:
Source: rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmpBinary or memory string: @FATLarge FAT32Invalid logical volume handleIOCTL_DISK_GET_DRIVE_GEOMETRY error: %sFailed to get device geometry (both regular and _ex)IOCTL_DISK_GET_PARTITION_INFO error: %sFailed to get partition info (both regular and _ex)This drive is too small for FAT32 - there must be at least 64K clustersThis drive is too big for FAT32 - max 2TB supportedFailed to allocate memoryformat_fat32.cSectorsPerCluster > 0This drive has more than 2^28 clusters, try to specify a larger cluster size or use the defaultFAT32 must have at least 65536 clusters, try to specify a smaller cluster size or use the defaultThis drive is too big for large FAT32 formatSize : %s %u sectorsCluster size %d bytes, %d bytes per sectorVolume ID is %x:%x%d Reserved sectors, %d sectors per FAT, %d FATs%d Total clusters%d Free clustersClearing out %d sectors for reserved sectors, FATs and root cluster...Error clearing reserved sectorsInitializing reserved sectors and FATs...FAT #%d sector at address: %dCould not write partition boot record - drive may not boot...Setting label...Could not set label: %sFormat completed.NO NAME iconUnable to create icon '%s': %s.Could not write icon header: %s.Could not write ICONDIRENTRY[%d]: %s.Could not write ICONDIRENTRY[%d] offset: %s.Could not write icon data #%d: %s.Created: %s%sautorun.infr%s already exists - keeping itw, ccs=UTF-16LEUnable to create %sNOTE: This may be caused by a poorly designed security solution. See https://goo.gl/QTobxX.; Created by %s
Source: rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmpBinary or memory string: [autorun]
Source: rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmpBinary or memory string: Error allocating file name%s%s/%srufus_files%s/syslinux-%s/%s Replaced with local version %s Could not replace file: %s File name sanitized to '%s' Unable to create file: %sautorun.inf NOTE: This is usually caused by a poorly designed security solution. See https://goo.gl/QTobxX.
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: "and set a device icon (creates an autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacijonalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: m souboru autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: e un fichier autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: hoz (egy autorun.inf f
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: un file autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: . (autorun.inf
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: (sukuria autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: autorun.inf"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: dzenia (tworzy plik autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: ier autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: uje autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: boru autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: autorun.inf
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: t simgesini belirleyin (autorun.inf olu
Source: rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmpBinary or memory string: t autorun.inf)"
Source: rufus-3.13.exe, 00000002.00000002.207895497.0000000001100000.00000004.00000001.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: "and set a device icon (creates an autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacijonalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: m souboru autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: e un fichier autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: hoz (egy autorun.inf f
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: un file autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: autorun.inf
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: . (autorun.inf
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: (sukuria autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: autorun.inf"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: dzenia (tworzy plik autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: ier autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: uje autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: boru autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: autorun.inf
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: t simgesini belirleyin (autorun.inf olu
Source: rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmpBinary or memory string: t autorun.inf)"
Source: rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmpBinary or memory string: Ignoring autorun.inf label for drive %c: %s
Source: rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmpBinary or memory string: Using autorun.inf label for drive %c: '%s'
Source: rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmpBinary or memory string: #:\autorun.inf
Source: rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmpBinary or memory string: NtQueryVolumeInformationFileGetLogicalDriveStrings failed: %sGetLogicalDriveStrings: Buffer too small (required %d vs. %d)\\.\%c:\\.\#:Failed to get a drive letterNo drive letter was assigned...ABORTED: Cannot use an image that is located on the target drive!Failed to delete mountpoint %s: %sNO_LABELNo medialabelIgnoring autorun.inf label for drive %c: %sUsing autorun.inf label for drive %c: '%s'#:\autorun.inf%s does not have a Boot Marker%s has a %s Master Boot Record%s has an unknown Master Boot RecordPartition Boot RecordVolume does not have an x86 %sDrive has a %s %sVolume has an unknown FAT16 or FAT32 %sVolume has an unknown %sCould not unmount drive: %sCould not mount %s as %C:%s was successfully mounted as %C:%s is already mounted, but volume GUID could not be checked: %s%s is mounted, but volume GUID doesn't match:
Source: rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmpBinary or memory string: %sautorun.inf
Source: rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmpBinary or memory string: @FATLarge FAT32Invalid logical volume handleIOCTL_DISK_GET_DRIVE_GEOMETRY error: %sFailed to get device geometry (both regular and _ex)IOCTL_DISK_GET_PARTITION_INFO error: %sFailed to get partition info (both regular and _ex)This drive is too small for FAT32 - there must be at least 64K clustersThis drive is too big for FAT32 - max 2TB supportedFailed to allocate memoryformat_fat32.cSectorsPerCluster > 0This drive has more than 2^28 clusters, try to specify a larger cluster size or use the defaultFAT32 must have at least 65536 clusters, try to specify a smaller cluster size or use the defaultThis drive is too big for large FAT32 formatSize : %s %u sectorsCluster size %d bytes, %d bytes per sectorVolume ID is %x:%x%d Reserved sectors, %d sectors per FAT, %d FATs%d Total clusters%d Free clustersClearing out %d sectors for reserved sectors, FATs and root cluster...Error clearing reserved sectorsInitializing reserved sectors and FATs...FAT #%d sector at address: %dCould not write partition boot record - drive may not boot...Setting label...Could not set label: %sFormat completed.NO NAME iconUnable to create icon '%s': %s.Could not write icon header: %s.Could not write ICONDIRENTRY[%d]: %s.Could not write ICONDIRENTRY[%d] offset: %s.Could not write icon data #%d: %s.Created: %s%sautorun.infr%s already exists - keeping itw, ccs=UTF-16LEUnable to create %sNOTE: This may be caused by a poorly designed security solution. See https://goo.gl/QTobxX.; Created by %s
Source: rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmpBinary or memory string: [autorun]
Source: rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmpBinary or memory string: Error allocating file name%s%s/%srufus_files%s/syslinux-%s/%s Replaced with local version %s Could not replace file: %s File name sanitized to '%s' Unable to create file: %sautorun.inf NOTE: This is usually caused by a poorly designed security solution. See https://goo.gl/QTobxX.
Source: rufus-3.13.exe, 00000005.00000002.219236145.00000000037B0000.00000004.00000001.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-3.13.exe, 00000007.00000002.228556491.0000000001180000.00000004.00000001.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: Ignoring autorun.inf label for drive %c: %s
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: Using autorun.inf label for drive %c: '%s'
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: #:\autorun.inf
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: NtQueryVolumeInformationFileGetLogicalDriveStrings failed: %sGetLogicalDriveStrings: Buffer too small (required %d vs. %d)\\.\%c:\\.\#:Failed to get a drive letterNo drive letter was assigned...ABORTED: Cannot use an image that is located on the target drive!Failed to delete mountpoint %s: %sNO_LABELNo medialabelIgnoring autorun.inf label for drive %c: %sUsing autorun.inf label for drive %c: '%s'#:\autorun.inf%s does not have a Boot Marker%s has a %s Master Boot Record%s has an unknown Master Boot RecordPartition Boot RecordVolume does not have an x86 %sDrive has a %s %sVolume has an unknown FAT16 or FAT32 %sVolume has an unknown %sCould not unmount drive: %sCould not mount %s as %C:%s was successfully mounted as %C:%s is already mounted, but volume GUID could not be checked: %s%s is mounted, but volume GUID doesn't match:
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: %sautorun.inf
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: @FATLarge FAT32Invalid logical volume handleIOCTL_DISK_GET_DRIVE_GEOMETRY error: %sFailed to get device geometry (both regular and _ex)IOCTL_DISK_GET_PARTITION_INFO error: %sFailed to get partition info (both regular and _ex)This drive is too small for FAT32 - there must be at least 64K clustersThis drive is too big for FAT32 - max 2TB supportedFailed to allocate memoryformat_fat32.cSectorsPerCluster > 0This drive has more than 2^28 clusters, try to specify a larger cluster size or use the defaultFAT32 must have at least 65536 clusters, try to specify a smaller cluster size or use the defaultThis drive is too big for large FAT32 formatSize : %s %u sectorsCluster size %d bytes, %d bytes per sectorVolume ID is %x:%x%d Reserved sectors, %d sectors per FAT, %d FATs%d Total clusters%d Free clustersClearing out %d sectors for reserved sectors, FATs and root cluster...Error clearing reserved sectorsInitializing reserved sectors and FATs...FAT #%d sector at address: %dCould not write partition boot record - drive may not boot...Setting label...Could not set label: %sFormat completed.NO NAME iconUnable to create icon '%s': %s.Could not write icon header: %s.Could not write ICONDIRENTRY[%d]: %s.Could not write ICONDIRENTRY[%d] offset: %s.Could not write icon data #%d: %s.Created: %s%sautorun.infr%s already exists - keeping itw, ccs=UTF-16LEUnable to create %sNOTE: This may be caused by a poorly designed security solution. See https://goo.gl/QTobxX.; Created by %s
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: [autorun]
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: autorun.inf
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: Error allocating file name%s%s/%srufus_files%s/syslinux-%s/%s Replaced with local version %s Could not replace file: %s File name sanitized to '%s' Unable to create file: %sautorun.inf NOTE: This is usually caused by a poorly designed security solution. See https://goo.gl/QTobxX.
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: "and set a device icon (creates an autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacijonalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: m souboru autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: e un fichier autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: hoz (egy autorun.inf f
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: un file autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: . (autorun.inf
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: (sukuria autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: autorun.inf"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: dzenia (tworzy plik autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: ier autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: uje autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: boru autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: autorun.inf
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: t simgesini belirleyin (autorun.inf olu
Source: rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpBinary or memory string: t autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: "and set a device icon (creates an autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacijonalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: m souboru autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: Ruf345A.tmp.0.drBinary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: Ruf345A.tmp.0.drBinary or memory string: e un fichier autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: hoz (egy autorun.inf f
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: un file autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: autorun.inf
Source: Ruf345A.tmp.0.drBinary or memory string: . (autorun.inf
Source: Ruf345A.tmp.0.drBinary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: (sukuria autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: autorun.inf"
Source: Ruf345A.tmp.0.drBinary or memory string: dzenia (tworzy plik autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: ier autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: uje autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: boru autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: Ruf345A.tmp.0.drBinary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: Ruf345A.tmp.0.drBinary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: Ruf345A.tmp.0.drBinary or memory string: autorun.inf
Source: Ruf345A.tmp.0.drBinary or memory string: t simgesini belirleyin (autorun.inf olu
Source: Ruf345A.tmp.0.drBinary or memory string: t autorun.inf)"
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0134F9DA GetLogicalDriveStringsA,toupper,strlen,
Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox ViewIP Address: 185.199.111.153 185.199.111.153
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01363280 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,Sleep,GetVersionExA,InternetCrackUrlA,_snprintf,InternetConnectA,??3@YAXPAX@Z,??3@YAXPAX@Z,_snprintf,strlen,HttpOpenRequestA,HttpSendRequestA,HttpQueryInfoA,InternetCloseHandle,HttpQueryInfoA,SystemTimeToFileTime,_snprintf,HttpQueryInfoA,calloc,InternetReadFile,_snprintf,??3@YAXPAX@Z,??3@YAXPAX@Z,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,Sleep,PostMessageW,RtlExitUserThread,_strtoi64,??3@YAXPAX@Z,_snprintf,GetSystemTime,SystemTimeToFileTime,
Source: unknownDNS traffic detected: queries for: rufus.ie
Source: rufus-3.13.exe, 00000002.00000002.207914906.0000000001207000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com
Source: rufus-3.13.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: rufus-3.13.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: http://e2fsprogs.sourceforge.net/
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpString found in binary or memory: http://freedos.sourceforge.net/freecom
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: http://fsf.org/
Source: rufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmp, Ruf345A.tmp.0.drString found in binary or memory: http://halamix2.pl
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: http://ms-sys.sourceforge.net/
Source: rufus-3.13.exe, 00000002.00000002.207914906.0000000001207000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comod
Source: rufus-3.13.exeString found in binary or memory: http://ocsp.comodoca.com0
Source: rufus-3.13.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: rufus-3.13.exeString found in binary or memory: http://s.symcd.com06
Source: rufus-3.13.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: rufus-3.13.exe, 00000007.00000002.228502134.0000000000E87000.00000004.00000020.sdmpString found in binary or memory: http://ts-crl.ws.s
Source: rufus-3.13.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: rufus-3.13.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://7-zip.org/
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://axialis.com/
Source: rufus-3.13.exe, 00000007.00000002.228502134.0000000000E87000.00000004.00000020.sdmpString found in binary or memory: https://d.sy
Source: rufus-3.13.exeString found in binary or memory: https://d.symcb.com/cps0%
Source: rufus-3.13.exeString found in binary or memory: https://d.symcb.com/rpa0
Source: rufus-3.13.exeString found in binary or memory: https://d.symcb.com/rpa0.
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmp, Ruf345A.tmp.0.drString found in binary or memory: https://github.com/Chocobo1
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://github.com/chenall/grub4dos
Source: rufus-3.13.exe, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/Fido
Source: rufus-3.13.exe, 00000000.00000002.617413596.0000000003688000.00000004.00000001.sdmp, Fido[1].ver.0.drString found in binary or memory: https://github.com/pbatard/Fido/releases/download/v1.11/Fido.ps1
Source: rufus-3.13.exe, 00000000.00000002.617413596.0000000003688000.00000004.00000001.sdmp, Fido[1].ver.0.drString found in binary or memory: https://github.com/pbatard/Fido/releases/download/v1.17/Fido.ps1.lzma
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/bled
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/blob/master/res/loc/ChangeLog.txt
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/issues
Source: rufus-3.13.exe, 00000000.00000002.617413596.0000000003688000.00000004.00000001.sdmp, Rufus_win[1].ver.0.drString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v3.13/rufus-3.13.exe
Source: rufus-3.13.exe, 00000000.00000002.617413596.0000000003688000.00000004.00000001.sdmp, Rufus_win[1].ver.0.drString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v3.13/rufus-3.13_arm.exe
Source: rufus-3.13.exe, 00000000.00000002.617413596.0000000003688000.00000004.00000001.sdmp, Rufus_win[1].ver.0.drString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v3.13/rufus-3.13_arm64.exe
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/wiki/FAQ#BSODs_with_Windows_To_Go_drives_created_from_Windows_10_18
Source: rufus-3.13.exe, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/wiki/FAQ#Why_do_I_need_to_disable_Secure_Boot_to_use_UEFINTFS
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/wiki/FAQ#Why_do_I_need_to_disable_Secure_Boot_to_use_UEFINTFSSecure
Source: rufus-3.13.exe, 00000000.00000002.614316395.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208874891.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.216338162.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228867862.00000000015DC000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/uefi-ntfs.
Source: rufus-3.13.exe, 00000000.00000002.614316395.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208874891.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.216338162.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228867862.00000000015DC000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/uefi-ntfs.MZ
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://github.com/weidai11/cryptopp/
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://goo.gl/QTobxX.
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://goo.gl/QTobxX.;
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://kolibrios.org/
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://processhacker.sourceforge.io/
Source: rufus-3.13.exeString found in binary or memory: https://rufus.ie
Source: rufus-3.13.exe, 00000000.00000002.614316395.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208874891.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.216338162.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228867862.00000000015DC000.00000040.00020000.sdmpString found in binary or memory: https://rufus.ie).
Source: rufus-3.13.exe, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://rufus.ie/
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://rufus.ie/CheckForBetashttps://rufus.ieUsing
Source: rufus-3.13.exe, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://rufus.ie/Fido.ver
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:
Source: rufus-3.13.exe, 00000000.00000003.265712986.0000000003490000.00000004.00000001.sdmpString found in binary or memory: https://rufus.ie/Rufus_win_x64.ver
Source: rufus-3.13.exe, 00000000.00000003.265550931.0000000003490000.00000004.00000001.sdmpString found in binary or memory: https://rufus.ie/Rufus_win_x64_10.ver
Source: rufus-3.13.exe, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://rufus.ie/files
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://rufus.ie/files%s/%s-%s/%sGrub2%s
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://rufus.ie321Failed
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://sourceforge.net/projects/smartmontools
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://svn.reactos.org/reactos/trunk
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://svn.reactos.org/reactos/trunk/reactos/dll/win32/fmifs
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://syslinux.org/
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://tortoisegit.org/
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://tortoisesvn.net/
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://winscp.net/
Source: rufus-3.13.exe, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://www.7-zip.org
Source: rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://www.7-zip.orgopen2.04rufus_filescore.imggrub%s-%s/%srbWill
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://www.busybox.net/
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://www.codeguru.com/forum/showthread.php?p=1951973
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://www.freedos.org/
Source: rufus-3.13.exeString found in binary or memory: https://www.gnu.org/licenses/gpl-3.0.htmlF
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://www.gnu.org/software/fdisk
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://www.gnu.org/software/grub
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://www.gnu.org/software/libcdio
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://www.gnu.org/software/wget
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://www.gnupg.org/
Source: rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpString found in binary or memory: https://www.reactos.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01369852 CryptAcquireContextW,CryptImportKey,CryptCreateHash,CryptHashData,CryptVerifySignatureW,CryptDestroyHash,CryptReleaseContext,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0136B064 GetProcAddress,GetProcAddress,GetProcAddress,NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,_snprintf,strlen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0134D79D: CreateFileA,DeviceIoControl,CloseHandle,
Source: C:\Users\user\Desktop\rufus-3.13.exeFile created: C:\Windows\SysWOW64\GroupPolicy\gpt.iniJump to behavior
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_013668A4
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01363280
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_013419D5
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_013531D0
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0135A864
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0135E8CD
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_013BE380
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_013ACA38
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_013A82F0
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0135E2EA
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_013A2505
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_013B4499
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01350CC3
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01342738
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01342F7A
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_013668A4
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_013419D5
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_013531D0
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_0135A864
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_0135E8CD
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_013BE380
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_013ACA38
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_0135E2EA
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_013B4499
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_01350CC3
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_01342738
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_01342F7A
Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\rufus.com 5F819F6EAE4B5845C082EDF14CB389AB9805BC3C17440F3B5398D4FDD0079FFE
Source: C:\Users\user\Desktop\rufus-3.13.exeProcess token adjusted: Load Driver
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: String function: 0137B2B6 appears 1609 times
Source: rufus-3.13.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: rufus-3.13.exe, 00000000.00000002.614771844.0000000001900000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameimageres.DLL.MUIj% vs rufus-3.13.exe
Source: rufus-3.13.exe, 00000000.00000002.629522537.00000000066A0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamecomdlg32.dll.muij% vs rufus-3.13.exe
Source: rufus-3.13.exe, 00000000.00000002.617659000.00000000038C0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameimageres.DLLj% vs rufus-3.13.exe
Source: rufus-3.13.exe, 00000000.00000002.630618047.00000000076F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs rufus-3.13.exe
Source: rufus-3.13.exe, 00000000.00000002.613476049.0000000000E60000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamecomctl32.DLL.MUIj% vs rufus-3.13.exe
Source: rufus-3.13.exe, 00000000.00000002.624124726.0000000005400000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameOLEACCRC.DLLj% vs rufus-3.13.exe
Source: rufus-3.13.exe, 00000000.00000002.614729303.00000000018E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs rufus-3.13.exe
Source: rufus-3.13.exe, 00000002.00000002.207841965.0000000001010000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs rufus-3.13.exe
Source: rufus-3.13.exe, 00000005.00000002.219253396.00000000038B0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs rufus-3.13.exe
Source: rufus-3.13.exeStatic PE information: Section: UPX1 ZLIB complexity 0.999062753066
Source: classification engineClassification label: sus39.spre.evad.winEXE@4/14@3/3
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0137B8CB GetLastError,_snprintf,strlen,calloc,FormatMessageW,GetLastError,WideCharToMultiByte,??3@YAXPAX@Z,SetLastError,SetLastError,GetLastError,_snprintf,SetLastError,_snprintf,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0137A4DF FindResourceA,LoadResource,SizeofResource,calloc,LockResource,LockResource,
Source: C:\Users\user\Desktop\rufus-3.13.exeFile created: C:\Users\user\Desktop\rufus.comJump to behavior
Source: C:\Users\user\Desktop\rufus-3.13.exeMutant created: \Sessions\1\BaseNamedObjects\Global/Rufus
Source: C:\Users\user\Desktop\rufus-3.13.exeMutant created: \Sessions\1\BaseNamedObjects\Global/Rufus_CmdLine
Source: C:\Users\user\Desktop\rufus-3.13.exeFile created: C:\Users\user\AppData\Local\Temp\Ruf345A.tmpJump to behavior
Source: C:\Users\user\Desktop\rufus-3.13.exeFile read: C:\Windows\SysWOW64\GroupPolicy\gpt.iniJump to behavior
Source: C:\Users\user\Desktop\rufus-3.13.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\rufus-3.13.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\rufus-3.13.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\rufus-3.13.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: rufus-3.13.exeString found in binary or memory: gen worden als het bestand al bestaat. Als er geen bestand online wordt gevonden, dan zal de standaard versie worden gebruikt." t MSG_117 "Standaard Windows-installatie" t MSG_119 "Geavanceerde eigenschappen van drive" t MSG_120 "Geavanceerde opties voor fo
Source: rufus-3.13.exeString found in binary or memory: /boot/i386/loader/isolinux.cfg
Source: rufus-3.13.exeString found in binary or memory: /boot/x86_64/loader/isolinux.cfg
Source: rufus-3.13.exeString found in binary or memory: -h, --help
Source: rufus-3.13.exeString found in binary or memory: -h, --help
Source: rufus-3.13.exeString found in binary or memory: :size Sets maximum size of line edit buffer (default:128) /MACROS Displays all DOSKey macros /OVERSTRIKE Overwrites new characters onto line when typing (default) /REINSTALL Installs a new copy of DOSKey macroname Specifie
Source: rufus-3.13.exeString found in binary or memory: the command to carry out for each file. command-parameters Specifies parameters or switches for the specified command. To use the FOR command in a batch program, specify %%variable instead of %variable. For example: FOR %f IN (---start--- a*
Source: rufus-3.13.exeString found in binary or memory: chten:" t MSG_132 "Ein anderer Prozess bzw. ein anderes Programm verwendet das Laufwerk gerade. Wollen Sie es trotzdem formatieren?" t MSG_133 "Rufus hat erkannt, dass Sie ein 'Windows To Go'-Startmedium, basierend auf Windows 10 Version 1809, erstellen woll
Source: rufus-3.13.exeString found in binary or memory: gen worden als het bestand al bestaat. Als er geen bestand online wordt gevonden, dan zal de standaard versie worden gebruikt." t MSG_117 "Standaard Windows-installatie" t MSG_119 "Geavanceerde eigenschappen van drive" t MSG_120 "Geavanceerde opties voor fo
Source: rufus-3.13.exeString found in binary or memory: /boot/i386/loader/isolinux.cfg
Source: rufus-3.13.exeString found in binary or memory: /boot/x86_64/loader/isolinux.cfg
Source: rufus-3.13.exeString found in binary or memory: -h, --help
Source: rufus-3.13.exeString found in binary or memory: -h, --help
Source: rufus-3.13.exeString found in binary or memory: :size Sets maximum size of line edit buffer (default:128) /MACROS Displays all DOSKey macros /OVERSTRIKE Overwrites new characters onto line when typing (default) /REINSTALL Installs a new copy of DOSKey macroname Specifie
Source: rufus-3.13.exeString found in binary or memory: the command to carry out for each file. command-parameters Specifies parameters or switches for the specified command. To use the FOR command in a batch program, specify %%variable instead of %variable. For example: FOR %f IN (---start--- a*
Source: rufus-3.13.exeString found in binary or memory: chten:" t MSG_132 "Ein anderer Prozess bzw. ein anderes Programm verwendet das Laufwerk gerade. Wollen Sie es trotzdem formatieren?" t MSG_133 "Rufus hat erkannt, dass Sie ein 'Windows To Go'-Startmedium, basierend auf Windows 10 Version 1809, erstellen woll
Source: unknownProcess created: C:\Users\user\Desktop\rufus-3.13.exe 'C:\Users\user\Desktop\rufus-3.13.exe' -install
Source: unknownProcess created: C:\Users\user\Desktop\rufus-3.13.exe 'C:\Users\user\Desktop\rufus-3.13.exe'
Source: unknownProcess created: C:\Users\user\Desktop\rufus-3.13.exe 'C:\Users\user\Desktop\rufus-3.13.exe' /install
Source: unknownProcess created: C:\Users\user\Desktop\rufus-3.13.exe 'C:\Users\user\Desktop\rufus-3.13.exe' /load
Source: C:\Users\user\Desktop\rufus-3.13.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA502722-A23D-11D1-A7D3-0000F87571E3}\InProcServer32
Source: C:\Users\user\Desktop\rufus-3.13.exeFile written: C:\Windows\SysWOW64\GroupPolicy\gpt.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\rufus-3.13.exeWindow detected: Number of UI elements: 28
Source: C:\Users\user\Desktop\rufus-3.13.exeWindow detected: Number of UI elements: 33
Source: rufus-3.13.exeStatic PE information: certificate valid
Source: rufus-3.13.exeStatic file information: File size 1156152 > 1048576
Source: rufus-3.13.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x10e200
Source: rufus-3.13.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: Binary string: C:\Projects\uefi-ntfs\arm\Release\bootarm.pdb source: rufus-3.13.exe, 00000000.00000002.614316395.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208874891.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.216338162.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228867862.00000000015DC000.00000040.00020000.sdmp
Source: Binary string: C:\Projects\uefi-ntfs\aa64\Release\bootaa64.pdb source: rufus-3.13.exe, 00000000.00000002.614316395.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208874891.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.216338162.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228867862.00000000015DC000.00000040.00020000.sdmp
Source: Binary string: C:\Projects\uefi-ntfs\ia32\Release\bootia32.pdb source: rufus-3.13.exe, 00000000.00000002.614316395.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208874891.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.216338162.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228867862.00000000015DC000.00000040.00020000.sdmp
Source: Binary string: C:\Projects\uefi-ntfs\x64\Release\bootx64.pdb source: rufus-3.13.exe, 00000000.00000002.614316395.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208874891.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.216338162.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228867862.00000000015DC000.00000040.00020000.sdmp
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0134F37D GetModuleHandleA,LoadLibraryA,GetProcAddress,GetLogicalDriveStringsA,isalpha,strlen,DeviceIoControl,CloseHandle,toupper,GetDriveTypeA,_snprintf,CreateFileA,CloseHandle,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0137AB0D push ecx; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01383E3B push eax; mov dword ptr [esp], 00000C4Dh
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01365638 push edx; mov dword ptr [esp], edi
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01365638 push ecx; mov dword ptr [esp], esi
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_013626FF push edi; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0135A864 push eax; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0135E8CD push eax; mov dword ptr [esp], esi
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0137F3EF push eax; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0136AD83 push edx; mov dword ptr [esp], 013D4274h
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01346DEF push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01346DEF push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01346DEF push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01346DEF push ecx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01346DEF push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01346DEF push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0135B6B0 push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_0135A864 push eax; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_0135E8CD push eax; mov dword ptr [esp], esi
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_0137AB0D push ecx; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_0137F3EF push eax; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_0136AD83 push edx; mov dword ptr [esp], 013D4274h
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_01346DEF push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_01346DEF push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_01346DEF push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_01346DEF push ecx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_01346DEF push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_01346DEF push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_01383E3B push eax; mov dword ptr [esp], 00000C4Dh
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_0135B6B0 push edx; mov dword ptr [esp], eax
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1

Persistence and Installation Behavior:

barindex
Drops PE files with a suspicious file extension
Source: C:\Users\user\Desktop\rufus-3.13.exeFile created: C:\Users\user\Desktop\rufus.comJump to dropped file
Source: C:\Users\user\Desktop\rufus-3.13.exeFile created: C:\Users\user\Desktop\rufus.comJump to dropped file
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01349122 strstr,_strnicmp,strlen,strlen,strstr,strlen,strstr,SetupDiGetDeviceInstanceIdA,SetupDiGetDeviceRegistryPropertyA,strlen,strlen,strlen,strlen,??3@YAXPAX@Z,SetupDiEnumDeviceInterfaces,GetLastError,
Source: C:\Users\user\Desktop\rufus-3.13.exeDropped PE file which has not been started: C:\Users\user\Desktop\rufus.com
Source: C:\Users\user\Desktop\rufus-3.13.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleep
Source: C:\Users\user\Desktop\rufus-3.13.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\rufus-3.13.exeAPI coverage: 4.1 %
Source: C:\Users\user\Desktop\rufus-3.13.exeAPI coverage: 1.3 %
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0134F9DA GetLogicalDriveStringsA,toupper,strlen,
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: VMware__VMware_Virtual_S
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "VMware-Laufwerkserkennung"
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "A detetar disco VMWare"
Source: rufus-3.13.exeBinary or memory string: dimensione CORRETTA" t MSG_264 "Eliminazione cartella '%s'" t MSG_265 "Rilevamento disco VMWare" t MSG_266 "Modo duale UEFI/BIOS" t MSG_267 "Applicazione immagine Windows: %s" t MSG_268 "Applicazione immagine Windows..." t MSG_269 "Preserva data/ora" t
Source: Ruf345A.tmp.0.drBinary or memory string: w VMWare"
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: VMware Coredump Partition
Source: rufus-3.13.exeBinary or memory string: 62 "ISO " t MSG_263 "" t MSG_264 " '%s'" t MSG_265 "VMWare " t MSG_266 " UEFI/BIOS " t MSG_267 "
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "VMWare-levyn havaitseminen"
Source: rufus-3.13.exe, 00000000.00000002.617381037.0000000003680000.00000004.00000001.sdmpBinary or memory string: VMWare disk detection~
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "VMWare-schijfdetectie"
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "Deteksi VMWare disk"
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "Detectare disc VMWare"
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "VMWare disk detection"
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "VMware lemez
Source: rufus-3.13.exeBinary or memory string: PER" t MSG_264 "Menghapus direktori '%s'" t MSG_265 "Deteksi VMWare disk" t MSG_266 "Modus Dual UEFI/BIOS" t MSG_267 "Menerapkan image Windows: %s" t MSG_268 "Menerapkan image Windows..." t MSG_269 "Pertahankan timestamps" t MSG_271 "Menghitung ceksum i
Source: Ruf345A.tmp.0.drBinary or memory string: tection de disque VMWare"
Source: Ruf345A.tmp.0.drBinary or memory string: o de disco VMWare"
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: VMware Reserved Partition
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: \\?\GLOBALROOTSuper Floppy DiskAndroid Boot PartitionAndroid Bootloader PartitionAndroid Cache PartitionAndroid Config PartitionAndroid Data PartitionAndroid Ext PartitionAndroid Factory PartitionAndroid Fastboot PartitionAndroid Metadata PartitionAndroid Misc PartitionAndroid OEM PartitionAndroid Persistent PartitionAndroid Recovery PartitionAndroid System PartitionAndroid Vendor PartitionApple APFS PartitionApple Boot PartitionApple Filevault PartitionApple HFS+ PartitionApple Label PartitionApple RAID Partition (Offline)Apple RAID PartitionApple RAID Cache PartitionApple RAID Scratch PartitionApple RAID Status PartitionApple RAID Volume PartitionApple Recovery PartitionApple UFS PartitionApple ZFS PartitionAtari Data PartitionBeOS BFS PartitionChrome OS Kernel PartitionChrome OS Reserved PartitionChrome OS Root PartitionCoreOS Raid PartitionCoreOS Reserved PartitionCoreOS Root PartitionCoreOS Usr PartitionFreeBSD Boot PartitionFreeBSD Data PartitionFreeBSD LVM PartitionFreeBSD Swap PartitionFreeBSD UFS PartitionFreeBSD ZFS PartitionBIOS Boot PartitionBootloader PartitionEFI System PartitionMBR PartitionUnused PartitionHP-UX Data PartitionHP-UX Service PartitionIBM GPFS PartitionIntel Fast Flash PartitionLenovo Boot PartitionLinux Boot PartitionLinux Data PartitionLinux Encrypted PartitionLinux Home PartitionLinux LUKS PartitionLinux LVM PartitionLinux RAID PartitionLinux Reserved PartitionLinux Boot Partition (ARM)Linux Boot Partition (ARM64)Linux Boot Partition (x86-32)Linux Boot Partition (x86-64)Linux Srv PartitionLinux Swap PartitionMicrosoft Basic Data PartitionMicrosoft LDM Data PartitionMicrosoft LDM Metadata PartitionMicrosoft Recovery PartitionMicrosoft System Reserved PartitionMicrosoft Storage Spaces PartitionNetBSD Concatenated PartitionNetBSD Encrypted PartitionNetBSD FFS PartitionNetBSD LFS PartitionNetBSD RAID PartitionNetBSD Swap PartitionOpenBSD Data PartitionPlan 9 Data PartitionPReP Boot PartitionQNX Data PartitionSolaris Alternate Sector PartitionSolaris Backup PartitionSolaris Boot PartitionSolaris Home PartitionSolaris Reserved PartitionSolaris Root PartitionSolaris Swap PartitionSolaris Var PartitionSony Boot PartitionVeraCrypt Data PartitionVMware Coredump PartitionVMware Reserved PartitionVMware VMFS PartitionEmptyFAT12XENIX rootXENIX usrSmall FAT16ExtendedFAT16NTFS/exFAT/UDFAIXAIX BootableOS/2 Boot ManagerFAT32FAT32 LBAFAT16 LBAExtended LBAOPUSHidden FAT12Compaq DiagnosticsHidden Small FAT16Hidden FAT16Hidden NTFSAST SmartSleepHidden FAT32Hidden FAT32 LBAHidden FAT16 LBAWindows Mobile XIPSpeedStorNEC DOSWindows Mobile IMGFSHidden NTFS WinREPlan 9PMagic RecoveryVenix 80286PPC PReP BootSFSQNX4.xOnTrack DMCP/MEZ DriveGolden BowPriam EDiskGNU HURD/SysVNetwareDiskSecure MultiBootPC/IXNovellXOSLF.I.X.AODPSMinixGNU/Linux SwapGNU/LinuxWindows HibernationGNU/Linux ExtendedNTFS Volume SetGNU/Linux PlaintextFreeDOS Hidden FAT12GNU/Linux LVMFreeDOS Hidden FAT16FreeDOS Hidden ExtendedGNU/Linux HiddenCHRP ISO-9660FreeDOS Hidden FAT
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "VMWare detekce disk"
Source: Ruf345A.tmp.0.drBinary or memory string: vanie VMWare disku"
Source: rufus-3.13.exe, 00000000.00000002.617381037.0000000003680000.00000004.00000001.sdmpBinary or memory string: d non-USB removable device 'VMware Virtual disk SCSI Disk Device' => Eliminated
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "Zaznavanje diskov VMware"
Source: rufus-3.13.exe, 00000007.00000002.228578166.00000000012AB000.00000004.00000040.sdmpBinary or memory string: VMWare disk detection
Source: rufus-3.13.exeBinary or memory string: 62 "ISO " t MSG_263 "" t MSG_264 " '%s'" t MSG_265 "VMWare " t MSG_266 "Dual UEFI/BIOS " t MSG_267 " Windows : %s" t
Source: rufus-3.13.exeBinary or memory string: okongan Rock Ridge" t MSG_259 "Paksa kemas kini" t MSG_260 "Mampatan NTFS" t MSG_261 "Menulis imej: %s" t MSG_262 "Sokongan ISO" t MSG_263 "Guna saiz seunit yang BETUL" t MSG_264 "Memadam direktori '%s'" t MSG_265 "Pengesanan cakera VMWare" t MSG_266 "
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "Pengesanan cakera VMWare"
Source: Ruf345A.tmp.0.drBinary or memory string: a VMWare"
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "VMWare
Source: rufus-3.13.exe, 00000000.00000002.613957668.0000000001434000.00000040.00020000.sdmpBinary or memory string: vable device 'VMware Virtual disk SCSI Disk Device' => Eliminated
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "VMWare disk detektering"
Source: rufus-3.13.exeBinary or memory string: rrelsesenhet" t MSG_264 "Sletter mappe '%s'" t MSG_265 "VMWare-disk oppdagelse" t MSG_266 "Dobbel UEFI/BIOS-innstilling" t MSG_267 "Legger til Windows-bilde: %s" t MSG_268 "Legger til Windows-bilde..." t MSG_269 "Bevarer tidskode" t MSG_270 "USB-avkodin
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "Rilevamento disco VMWare"
Source: rufus-3.13.exeBinary or memory string: " t MSG_264 "'%s' " t MSG_265 "VMWare " t MSG_266 " UEFI/BIOS " t MSG_267 "Windows : %s"
Source: rufus-3.13.exe, 00000007.00000002.228578166.00000000012AB000.00000004.00000040.sdmpBinary or memory string: VMWare disk detectionA
Source: rufus-3.13.exeBinary or memory string: o NTFS" t MSG_261 "A criar imagem: %s" t MSG_262 "Suporte ISO" t MSG_263 "Usar unidade de tamanho APROPRIADO" t MSG_264 "A eliminar pasta '%s'" t MSG_265 "A detetar disco VMWare" t MSG_266 "Modo duplo UEFI/BIOS" t MSG_267 "Aplicar imagem Windows: %s" t
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "VMWare diskdetekteringen
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: VMware VMKCORE
Source: rufus-3.13.exeBinary or memory string: t MSG_260 "NTFS compression" t MSG_261 "Writing image: %s" t MSG_262 "ISO Support" t MSG_263 "Use PROPER size units" t MSG_264 "Deleting directory '%s'" t MSG_265 "VMWare disk detection" t MSG_266 "Dual UEFI/BIOS mode" t MSG_267 "Applying Windows image:
Source: Ruf345A.tmp.0.drBinary or memory string: n de discos VMWare"
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: VMware VMFS
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "VMWare disk alg
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: USBSTORRTSUERCMIUCREUCRUASPSTORVUSBSTORETRONSTORASUSSTPTSCSISDPCISTORRTSORJMCRJMCFRIMMPTSKRIMSPTSKRISDRIXDPTSKTI21SONYESD7SKESM7SKO2MDO2SDVIACR_SD__SDHC__MMC__MS__MSPro__xDPicture__O2Media_USBUSB 1.0USB 1.1USB 2.0USB 3.0USB 3.1Arsenal_________Virtual_KernSafeVirtual_________Msft____Virtual_Disk____VMware__VMware_Virtual_SYou must wait at least 10 seconds before trying to reset a deviceThe device you are trying to reset does not appear to be a USB device...Could not open %s: %sCycling port %d (reset) on %s Failed to cycle port: %sPlease wait for the device to re-appear...<NULL>Could not get classes for device cycling: %sCould not cycle device (D1): %sCould not cycle device (D2): %sCould not cycle device (E1): %sCould not cycle device (E2): %sCould not find a device to cycle!SetupDiGetClassDevs (Interface) failed: %sSetupDiGetDeviceRegistryProperty (Friendly Name) failed: %sGeneric Optical DriveFound '%s' optical deviceSetupDiEnumDeviceInterfaces failed: %sUnable to allocate data for SP_DEVICE_INTERFACE_DETAIL_DATASetupDiGetDeviceInterfaceDetail (dummy) failed: %sSetupDiGetDeviceInterfaceDetail (dummy) - no data was allocatedSetupDiGetDeviceInterfaceDetail (actual) failed: %s[ID][GP])UAS (disk from which Rufus is runningsystem disk
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "VMWare-disk oppdagelse"
Source: rufus-3.13.exeBinary or memory string: w VMWare" t MSG_266 "Tryb dual UEFI/BIOS" t MSG_267 "Zastosowywanie obrazu Windows: %s" t MSG_268 "Zastosowywanie obrazu Windows..." t MSG_269 "Zachowaj znaczniki czasu" t MSG_270 "Debugowanie USB" t MSG_271 "Obliczanie sum kontrolnych obrazu: %s" t MSG
Source: Ruf345A.tmp.0.drBinary or memory string: VMWare"
Source: rufus-3.13.exeBinary or memory string: t MSG_261 "Image schrijven: %s" t MSG_262 "ISO-ondersteuning" t MSG_263 "JUISTE grootte-eenheden gebruiken" t MSG_264 "Map '%s' verwijderen" t MSG_265 "VMWare-schijfdetectie" t MSG_266 "Dubbele UEFI/BIOS-modus" t MSG_267 "Windows-image toepassen: %s"
Source: Ruf345A.tmp.0.drBinary or memory string: VMWare
Source: rufus-3.13.exeBinary or memory string: sche Ordner '%s'" t MSG_265 "VMware-Laufwerkserkennung" t MSG_266 "Dualer UEFI/BIOS-Modus" t MSG_267 "Windows-Abbild aufspielen: %s" t MSG_268 "Windows-Abbild aufspielen..." t MSG_269 "Zeitstempel bewahren" t MSG_270 "USB-Testmodus" t MSG_271 "Berechne
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "Otkrivanje VMware diska"
Source: Ruf345A.tmp.0.drBinary or memory string: enje VMWare diska"
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "VMWare disko aptikimas"
Source: Ruf345A.tmp.0.drBinary or memory string: t MSG_265 "Noteikts VMWare disks"
Source: rufus-3.13.exeBinary or memory string: ttelse" t MSG_263 "MiB notation" t MSG_264 "Sletter mappen '%s'" t MSG_265 "VMWare disk detektering" t MSG_267 "Anvender Windows-image: %s" t MSG_268 "Anvender Windows-image..." t MSG_269 "Bevar tidsstempler" t MSG_271 "Beregner imagechecksumme: %s" t
Source: rufus-3.13.exeBinary or memory string: vable device 'VMware Virtual disk SCSI Disk Device' => Eliminated
Source: rufus-3.13.exe, 00000000.00000002.617302589.0000000003480000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}z
Source: rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpBinary or memory string: VMware VMFS Partition
Source: rufus-3.13.exe, 00000002.00000002.207887698.00000000010FB000.00000004.00000040.sdmpBinary or memory string: VMWare disk detection(
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0134F37D GetModuleHandleA,LoadLibraryA,GetProcAddress,GetLogicalDriveStringsA,isalpha,strlen,DeviceIoControl,CloseHandle,toupper,GetDriveTypeA,_snprintf,CreateFileA,CloseHandle,
Source: C:\Users\user\Desktop\rufus-3.13.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_013411B3 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,_amsg_exit,_initterm,_cexit,exit,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 2_2_013411B3 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,_amsg_exit,_initterm,_cexit,exit,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_0137AF56 GetCurrentProcess,OpenProcessToken,GetTokenInformation,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,CloseHandle,
Source: rufus-3.13.exe, 00000000.00000002.615092711.0000000001D30000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: rufus-3.13.exe, 00000000.00000002.615092711.0000000001D30000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: rufus-3.13.exe, 00000000.00000002.615092711.0000000001D30000.00000002.00000001.sdmpBinary or memory string: Progman
Source: rufus-3.13.exe, 00000000.00000002.617413596.0000000003688000.00000004.00000001.sdmpBinary or memory string: Program Managerm
Source: rufus-3.13.exe, 00000000.00000002.615092711.0000000001D30000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetKeyboardLayoutNameA,sscanf,GetSystemDefaultLangID,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fputs,fprintf,fprintf,fputs,fclose,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fputs,fprintf,fputs,fprintf,fprintf,fprintf,fputs,fclose,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetKeyboardLayoutNameA,sscanf,GetSystemDefaultLangID,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fputs,fprintf,fprintf,fputs,fclose,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fputs,fprintf,fputs,fprintf,fprintf,fprintf,fputs,fclose,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01349122 strstr,_strnicmp,strlen,strlen,strstr,strlen,strstr,SetupDiGetDeviceInstanceIdA,SetupDiGetDeviceRegistryPropertyA,strlen,strlen,strlen,strlen,??3@YAXPAX@Z,SetupDiEnumDeviceInterfaces,GetLastError,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01363280 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,Sleep,GetVersionExA,InternetCrackUrlA,_snprintf,InternetConnectA,??3@YAXPAX@Z,??3@YAXPAX@Z,_snprintf,strlen,HttpOpenRequestA,HttpSendRequestA,HttpQueryInfoA,InternetCloseHandle,HttpQueryInfoA,SystemTimeToFileTime,_snprintf,HttpQueryInfoA,calloc,InternetReadFile,_snprintf,??3@YAXPAX@Z,??3@YAXPAX@Z,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,Sleep,PostMessageW,RtlExitUserThread,_strtoi64,??3@YAXPAX@Z,_snprintf,GetSystemTime,SystemTimeToFileTime,
Source: C:\Users\user\Desktop\rufus-3.13.exeCode function: 0_2_01379B0C GetVersionExA,GetVersionExA,GetVersionExA,VerSetConditionMask,VerifyVersionInfoA,VerSetConditionMask,VerifyVersionInfoA,GetSystemMetrics,_snprintf,_snprintf,_snprintf,_snprintf,strlen,_snprintf,_snprintf,
Source: C:\Users\user\Desktop\rufus-3.13.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
Modifies Group Policy settings
Source: C:\Users\user\Desktop\rufus-3.13.exeFile written: C:\Windows\System32\GroupPolicy\GPT.INIJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Replication Through Removable Media11Command and Scripting Interpreter2LSASS Driver1Process Injection2Masquerading111OS Credential DumpingSystem Time Discovery1Replication Through Removable Media11Archive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel22Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
Default AccountsNative API2Boot or Logon Initialization ScriptsLSASS Driver1Disable or Modify Tools1LSASS MemoryQuery Registry1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection2Security Account ManagerSecurity Software Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information21LSA SecretsPeripheral Device Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing11Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery3Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery24Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 327315 Sample: rufus-3.13.exe Startdate: 06/12/2020 Architecture: WINDOWS Score: 39 4 rufus-3.13.exe 5 25 2->4         started        9 rufus-3.13.exe 3 2->9         started        11 rufus-3.13.exe 2 2->11         started        13 rufus-3.13.exe 2 2->13         started        dnsIp3 19 github.com 140.82.121.3, 443, 49729 GITHUBUS United States 4->19 21 rufus.ie 185.199.111.153, 443, 49728 FASTLYUS Netherlands 4->21 23 2 other IPs or domains 4->23 15 C:\Windows\System32behaviorgraphroupPolicybehaviorgraphPT.INI, ASCII 4->15 dropped 25 Changes autostart functionality of drives 4->25 27 Drops PE files with a suspicious file extension 4->27 29 Modifies Group Policy settings 4->29 17 C:\Users\user\Desktop\rufus.com, PE32 9->17 dropped file4 signatures5

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand
SourceDetectionScannerLabelLink
rufus-3.13.exe0%VirustotalBrowse
rufus-3.13.exe0%MetadefenderBrowse
rufus-3.13.exe0%ReversingLabs
SourceDetectionScannerLabelLink
C:\Users\user\Desktop\rufus.com2%MetadefenderBrowse
C:\Users\user\Desktop\rufus.com0%ReversingLabs
No Antivirus matches
SourceDetectionScannerLabelLink
rufus.ie1%VirustotalBrowse
SourceDetectionScannerLabelLink
http://ocsp.comod0%Avira URL Cloudsafe
http://ts-crl.ws.s0%Avira URL Cloudsafe
https://kolibrios.org/3%VirustotalBrowse
https://kolibrios.org/0%Avira URL Cloudsafe
https://rufus.ie).0%Avira URL Cloudsafe
https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:0%Avira URL Cloudsafe
https://rufus.ie/Fido.ver0%Avira URL Cloudsafe
http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm0%Avira URL Cloudsafe
https://d.sy0%Avira URL Cloudsafe
https://rufus.ie/Rufus_win_x64.ver0%Avira URL Cloudsafe
https://rufus.ie/CheckForBetashttps://rufus.ieUsing0%Avira URL Cloudsafe
https://rufus.ie/0%Avira URL Cloudsafe
https://rufus.ie0%Avira URL Cloudsafe
http://halamix2.pl0%Avira URL Cloudsafe
https://rufus.ie/files0%Avira URL Cloudsafe
https://axialis.com/0%Avira URL Cloudsafe
https://syslinux.org/0%Avira URL Cloudsafe
https://rufus.ie/files%s/%s-%s/%sGrub2%s0%Avira URL Cloudsafe
https://rufus.ie/Rufus_win_x64_10.ver0%Avira URL Cloudsafe
https://rufus.ie321Failed0%Avira URL Cloudsafe
https://www.7-zip.orgopen2.04rufus_filescore.imggrub%s-%s/%srbWill0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
s3-1-w.amazonaws.com
52.216.207.163
truefalse
    high
    github.com
    140.82.121.3
    truefalse
      high
      rufus.ie
      185.199.111.153
      truefalseunknown
      github-production-release-asset-2e65be.s3.amazonaws.com
      unknown
      unknownfalse
        high
        NameSourceMaliciousAntivirus DetectionReputation
        https://github.com/pbatard/rufus/wiki/FAQ#Why_do_I_need_to_disable_Secure_Boot_to_use_UEFINTFSSecurerufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
          high
          https://tortoisesvn.net/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
            high
            http://ocsp.comodrufus-3.13.exe, 00000002.00000002.207914906.0000000001207000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://ts-crl.ws.srufus-3.13.exe, 00000007.00000002.228502134.0000000000E87000.00000004.00000020.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://www.gnu.org/software/fdiskrufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
              high
              https://www.gnu.org/software/grubrufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                high
                https://svn.reactos.org/reactos/trunkrufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                  high
                  https://www.busybox.net/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                    high
                    https://processhacker.sourceforge.io/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                      high
                      https://tortoisegit.org/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                        high
                        https://kolibrios.org/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                        • 3%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        https://winscp.net/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                          high
                          https://svn.reactos.org/reactos/trunk/reactos/dll/win32/fmifsrufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                            high
                            https://www.gnu.org/licenses/gpl-3.0.htmlFrufus-3.13.exefalse
                              high
                              https://rufus.ie).rufus-3.13.exe, 00000000.00000002.614316395.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208874891.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.216338162.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228867862.00000000015DC000.00000040.00020000.sdmpfalse
                              • Avira URL Cloud: safe
                              low
                              https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://sourceforge.net/projects/smartmontoolsrufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                high
                                https://github.com/weidai11/cryptopp/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                  high
                                  http://e2fsprogs.sourceforge.net/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                    high
                                    https://github.com/pbatard/rufus/issuesrufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                      high
                                      https://www.gnupg.org/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                        high
                                        http://ms-sys.sourceforge.net/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                          high
                                          https://rufus.ie/Fido.verrufus-3.13.exe, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://www.reactos.org/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                            high
                                            http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htmrufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://d.syrufus-3.13.exe, 00000007.00000002.228502134.0000000000E87000.00000004.00000020.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://github.com/pbatard/uefi-ntfs.MZrufus-3.13.exe, 00000000.00000002.614316395.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208874891.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.216338162.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228867862.00000000015DC000.00000040.00020000.sdmpfalse
                                              high
                                              https://rufus.ie/Rufus_win_x64.verrufus-3.13.exe, 00000000.00000003.265712986.0000000003490000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://www.7-zip.orgrufus-3.13.exe, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                high
                                                https://github.com/pbatard/Fido/releases/download/v1.17/Fido.ps1.lzmarufus-3.13.exe, 00000000.00000002.617413596.0000000003688000.00000004.00000001.sdmp, Fido[1].ver.0.drfalse
                                                  high
                                                  https://rufus.ie/CheckForBetashttps://rufus.ieUsingrufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://github.com/pbatard/rufus/wiki/FAQ#BSODs_with_Windows_To_Go_drives_created_from_Windows_10_18rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                    high
                                                    https://rufus.ie/rufus-3.13.exe, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://rufus.ierufus-3.13.exefalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://halamix2.plrufus-3.13.exe, 00000000.00000002.614010325.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmp, Ruf345A.tmp.0.drfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://www.gnu.org/software/wgetrufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                      high
                                                      https://rufus.ie/filesrufus-3.13.exe, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://goo.gl/QTobxX.;rufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                        high
                                                        https://axialis.com/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://www.freedos.org/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                          high
                                                          https://github.com/pbatard/bledrufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                            high
                                                            https://github.com/pbatard/rufus/blob/master/res/loc/ChangeLog.txtrufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                              high
                                                              https://syslinux.org/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://rufus.ie/files%s/%s-%s/%sGrub2%srufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://www.codeguru.com/forum/showthread.php?p=1951973rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                                high
                                                                https://rufus.ie/Rufus_win_x64_10.verrufus-3.13.exe, 00000000.00000003.265550931.0000000003490000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://rufus.ie321Failedrufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://github.com/pbatard/rufus/releases/download/v3.13/rufus-3.13.exerufus-3.13.exe, 00000000.00000002.617413596.0000000003688000.00000004.00000001.sdmp, Rufus_win[1].ver.0.drfalse
                                                                  high
                                                                  https://github.com/pbatard/rufus/releases/download/v3.13/rufus-3.13_arm.exerufus-3.13.exe, 00000000.00000002.617413596.0000000003688000.00000004.00000001.sdmp, Rufus_win[1].ver.0.drfalse
                                                                    high
                                                                    https://github.com/pbatard/rufus/wiki/FAQ#Why_do_I_need_to_disable_Secure_Boot_to_use_UEFINTFSrufus-3.13.exe, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                                      high
                                                                      https://github.com/pbatard/uefi-ntfs.rufus-3.13.exe, 00000000.00000002.614316395.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208874891.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.216338162.00000000015DC000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228867862.00000000015DC000.00000040.00020000.sdmpfalse
                                                                        high
                                                                        https://github.com/pbatard/Fidorufus-3.13.exe, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                                          high
                                                                          https://github.com/chenall/grub4dosrufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                                            high
                                                                            https://github.com/Chocobo1rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmp, Ruf345A.tmp.0.drfalse
                                                                              high
                                                                              http://fsf.org/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                                                high
                                                                                https://github.com/pbatard/rufus/releases/download/v3.13/rufus-3.13_arm64.exerufus-3.13.exe, 00000000.00000002.617413596.0000000003688000.00000004.00000001.sdmp, Rufus_win[1].ver.0.drfalse
                                                                                  high
                                                                                  https://www.7-zip.orgopen2.04rufus_filescore.imggrub%s-%s/%srbWillrufus-3.13.exe, 00000000.00000002.613583047.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  low
                                                                                  http://freedos.sourceforge.net/freecomrufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208117484.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.215298667.0000000001450000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228705093.0000000001450000.00000040.00020000.sdmpfalse
                                                                                    high
                                                                                    https://7-zip.org/rufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                                                      high
                                                                                      https://github.com/pbatard/Fido/releases/download/v1.11/Fido.ps1rufus-3.13.exe, 00000000.00000002.617413596.0000000003688000.00000004.00000001.sdmp, Fido[1].ver.0.drfalse
                                                                                        high
                                                                                        https://goo.gl/QTobxX.rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                                                          high
                                                                                          https://www.gnu.org/software/libcdiorufus-3.13.exe, rufus-3.13.exe, 00000002.00000002.208006547.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000005.00000002.214460255.0000000001341000.00000040.00020000.sdmp, rufus-3.13.exe, 00000007.00000002.228593783.0000000001341000.00000040.00020000.sdmpfalse
                                                                                            high
                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs
                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            52.216.207.163
                                                                                            unknownUnited States
                                                                                            16509AMAZON-02USfalse
                                                                                            140.82.121.3
                                                                                            unknownUnited States
                                                                                            36459GITHUBUSfalse
                                                                                            185.199.111.153
                                                                                            unknownNetherlands
                                                                                            54113FASTLYUSfalse

                                                                                            General Information

                                                                                            Joe Sandbox Version:31.0.0 Red Diamond
                                                                                            Analysis ID:327315
                                                                                            Start date:06.12.2020
                                                                                            Start time:07:59:06
                                                                                            Joe Sandbox Product:CloudBasic
                                                                                            Overall analysis duration:0h 9m 24s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:light
                                                                                            Sample file name:rufus-3.13.exe
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                            Run name:Cmdline fuzzy
                                                                                            Number of analysed new started processes analysed:34
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:0
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • HDC enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Detection:SUS
                                                                                            Classification:sus39.spre.evad.winEXE@4/14@3/3
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 100%
                                                                                            HDC Information:
                                                                                            • Successful, ratio: 14.8% (good quality ratio 1.6%)
                                                                                            • Quality average: 5.3%
                                                                                            • Quality standard deviation: 13.6%
                                                                                            HCA Information:Failed
                                                                                            Cookbook Comments:
                                                                                            • Adjust boot time
                                                                                            • Enable AMSI
                                                                                            • Found application associated with file extension: .exe
                                                                                            Warnings:
                                                                                            • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
                                                                                            • TCP Packets have been reduced to 100
                                                                                            • Excluded IPs from analysis (whitelisted): 52.147.198.201, 104.42.151.234, 51.11.168.160, 2.20.84.85, 51.11.168.232, 20.54.26.129, 2.20.142.210, 2.20.142.209, 51.104.144.132, 92.122.213.194, 92.122.213.247, 52.155.217.156
                                                                                            • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, settings-win.data.microsoft.com, ctldl.windowsupdate.com, a767.dscg3.akamai.net, settingsfd-geo.trafficmanager.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net
                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                            No simulations
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                            140.82.121.3PO348578.jarGet hashmaliciousBrowse
                                                                                              http://pma.climabitus.com/undercook.phpGet hashmaliciousBrowse
                                                                                                ShippingDoc.jarGet hashmaliciousBrowse
                                                                                                  YOeg64zDX4.exeGet hashmaliciousBrowse
                                                                                                    QgwtAnenic.exeGet hashmaliciousBrowse
                                                                                                      QjXbdjRLIP.exeGet hashmaliciousBrowse
                                                                                                        02_extracted.jarGet hashmaliciousBrowse
                                                                                                          reservation.pdf.exeGet hashmaliciousBrowse
                                                                                                            http://data-and-the-world.onrender.com/Get hashmaliciousBrowse
                                                                                                              http://www.w3.org/1999/xhtmlGet hashmaliciousBrowse
                                                                                                                04_extracted.jarGet hashmaliciousBrowse
                                                                                                                  185.199.111.153https://onedrive.live.com/redir?resid=BC7E39DB9FD83D96!2306&authkey=!ACcfJSfZpEuMlqUGet hashmaliciousBrowse
                                                                                                                  • www.jacklmoore.com/colorbox/example1/colorbox.css
                                                                                                                  46New Order.exeGet hashmaliciousBrowse
                                                                                                                  • www.rollersk8s.com/on/?1b=os6+U0KC5KBpEaV3W38aO3lLNLGoMR1ildoeuXpEhX6b/85Q2fEKZ2FbE5OM2XDrqg4c13EdHa9kFNY1&5jp=6lTpXdKxJpIt70Xp
                                                                                                                  malware.jsGet hashmaliciousBrowse
                                                                                                                  • www.hotelalbanareal.com/
                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                  rufus.ierufus-3.11.exeGet hashmaliciousBrowse
                                                                                                                  • 185.199.109.153
                                                                                                                  rufus-3.4p.exeGet hashmaliciousBrowse
                                                                                                                  • 185.199.111.153
                                                                                                                  rufus-portable-v3.10.exeGet hashmaliciousBrowse
                                                                                                                  • 185.199.111.153
                                                                                                                  rufus-portable-v3.9.exeGet hashmaliciousBrowse
                                                                                                                  • 185.199.111.153
                                                                                                                  rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                  • 185.199.108.153
                                                                                                                  rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                  • 185.199.109.153
                                                                                                                  https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                  • 185.199.108.153
                                                                                                                  rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                  • 185.199.111.153
                                                                                                                  rufus-3.3p.exeGet hashmaliciousBrowse
                                                                                                                  • 192.159.65.198
                                                                                                                  http://rufus.akeo.ie/downloads/rufus-3.3.exeGet hashmaliciousBrowse
                                                                                                                  • 192.159.65.198
                                                                                                                  rufus-3.5.exeGet hashmaliciousBrowse
                                                                                                                  • 185.199.108.153
                                                                                                                  rufus-usb-3-3.exeGet hashmaliciousBrowse
                                                                                                                  • 185.199.111.153
                                                                                                                  rufus-3.5.exeGet hashmaliciousBrowse
                                                                                                                  • 185.199.109.153
                                                                                                                  rufus-3.5.exeGet hashmaliciousBrowse
                                                                                                                  • 185.199.108.153
                                                                                                                  github.comhttp://mail.strantake.casaGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.4
                                                                                                                  http://strantake.casaGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.4
                                                                                                                  PO348578.jarGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.3
                                                                                                                  http://pma.climabitus.com/undercook.phpGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.5
                                                                                                                  ShippingDoc.jarGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.3
                                                                                                                  http://f.zgbmw.com.cnGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.4
                                                                                                                  YOeg64zDX4.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.3
                                                                                                                  QgwtAnenic.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.3
                                                                                                                  http://www.w3.org/TR/REC-html40Get hashmaliciousBrowse
                                                                                                                  • 140.82.121.4
                                                                                                                  mz1shN8TSG.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.10
                                                                                                                  mz1shN8TSG.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.9
                                                                                                                  TJ3Z43yN2m.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.10
                                                                                                                  Tu8O5QdOKb.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.9
                                                                                                                  jmTPBV8ekH.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.10
                                                                                                                  bwYWeDRnet.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.9
                                                                                                                  AGPIZs7r0k.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.9
                                                                                                                  FGzfp11Eji.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.10
                                                                                                                  s3-1-w.amazonaws.comhttps://storage.googleapis.com/gotohealth/etchebiyano.html#3bknmlcj5.hyBxpYSI?s4c6dxe0mrsbtcjfkjjtlticaxogyy4en~3vucdhw9xa2dfwnqf9ls8m27mgvnwveya~p0k0uw8i9adtvzhkrli7nelnsxqanrtv5p~cbbbc4GZ92ccjJtkcwBjxcdcJrcmcxTvgdj7fcbbb3gGet hashmaliciousBrowse
                                                                                                                  • 52.216.230.195
                                                                                                                  https://u903311.ct.sendgrid.net/ls/click?upn=E8QoZc3iKswNc0WfUye-2FZsi7fgoDB-2BD5XJ1dlFUIi0Dza7MWLS8Xg2Op8FzaSnLBZlj8AcCA8QcyDqcK8st17rRV6OIOfG8jOREoFKVkQ27Uglu1tw863qNWXZbMEM0CYf7fr-2FJZECvsLMsSbrX5l0CnWOY1hirnSbLslee9BKi5QZDf-2Foq6O45Gab-2Fo-2Bb1Xd2ahBIAPpxW1W-2FRuub9RICdEF8qv-2FmtH1O3mz7eOEMQ-3D00DK_8IuQLyusNfi1xYURkJwSZD1aOQwWkwoeDp9YyA0ORin6bBp7bRAR6BH4k6DRYbezS0ah1GVpoixPXCAsv8AaIzDnizvZN-2BsmwrciRZ0ANEjDHFLvWVIBy6zu-2BmKPg3axAexo9BFHBTrmIt8t5A17BqOieFqpxwsNrl-2BkJInF0O9Gblul1CuTpMy-2FBHceEfumQizkfO-2FZhPOMhvJ77DYIEb3S95-2Fp389dezrWmBsUH8Q-3D&d=DwMFaQGet hashmaliciousBrowse
                                                                                                                  • 52.217.17.4
                                                                                                                  https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fu903311.ct.sendgrid.net%2fls%2fclick%3fupn%3dE8QoZc3iKswNc0WfUye-2FZsi7fgoDB-2BD5XJ1dlFUIi0DQixi5R1DX-2BPi42DP5xD38okSKE-2BAkZ1KTe-2BfW-2Bt-2BTRaBMD4ycNdNwNAK5mgcO2K3IuLH-2BQ1FrWw7gZqWC-2F76j2s8t-2BJ-2Fe8fTHPmTcdMhezIZtSGkkTqV7K-2BPDY6oce0Rq-2B2nn1dH8o5Aa-2BdD6Lkh3CI6JRiUY5Xhyse6qPpMA-2BmnYp33sFuIkoEaTUq6X6-2Fc-3Dwh-C_fktbBws6gHSKQ6m8X06Xv77AOew7R30tooXrho2Q1bNYZzbT9AGkI99Fhw5io1CxtnGScqjZ6ogmINmktJ8TrEdcGxAKNh6sO31dPRwZlrk95fwUJ9-2FL-2B8yBrZUxvkvp5Ud4WqS5Wbv5KNhuf-2BG1NOi0BxtAIpLdNE9k8-2B64u7ZAx2Tei0IIdmCBB21ftN60ZbV8QOlUe4D8-2FsGRXFF5MaVVxn4s1qQ5sCCUZzfNTdk-3D&c=E,1,925dUpXm5tsVMcOfslTFN9RiCMi4kfcNFe9qbvSbsyD-rtXYrNLBiRENO22KZDcoukJ4OC9L6NXbIfs2uw1uZbCFRovyw7Pvs8m7ra2xOC4up0tsCwBw4fkX&typo=1Get hashmaliciousBrowse
                                                                                                                  • 52.217.36.236
                                                                                                                  3ML0rBGt2E.exeGet hashmaliciousBrowse
                                                                                                                  • 52.217.17.84
                                                                                                                  http://www.authorea.com/496817/s_HUCBQs4gOQpqvMdvqmFQGet hashmaliciousBrowse
                                                                                                                  • 52.217.40.68
                                                                                                                  https://0000000000.doodlekit.com/Get hashmaliciousBrowse
                                                                                                                  • 52.216.85.107
                                                                                                                  http://search.hdirectionsandmap.comGet hashmaliciousBrowse
                                                                                                                  • 52.216.226.48
                                                                                                                  http://files.flipsnack.com/iframe/embed.html?hash=ft3abm83d&wmode=window&bgcolor=EEEEEE&t=1432248525Get hashmaliciousBrowse
                                                                                                                  • 52.217.40.76
                                                                                                                  PO348578.jarGet hashmaliciousBrowse
                                                                                                                  • 52.217.41.212
                                                                                                                  http://pma.climabitus.com/undercook.phpGet hashmaliciousBrowse
                                                                                                                  • 52.217.85.20
                                                                                                                  http://searchlf.comGet hashmaliciousBrowse
                                                                                                                  • 52.217.106.204
                                                                                                                  https://app.archbee.io/doc/wjFBJ1IQgNqcYtxyaUfi5/V9dqJTS3iO58EgXIT7wr1Get hashmaliciousBrowse
                                                                                                                  • 52.216.10.91
                                                                                                                  ShippingDoc.jarGet hashmaliciousBrowse
                                                                                                                  • 52.217.32.172
                                                                                                                  YOeg64zDX4.exeGet hashmaliciousBrowse
                                                                                                                  • 52.216.142.148
                                                                                                                  http://www.w3.org/TR/REC-html40Get hashmaliciousBrowse
                                                                                                                  • 52.216.242.76
                                                                                                                  https://office083i0997b9vo4lhg0efam0i5hxce2ud97af42maf.s3.amazonaws.com/index.htm?c=eee014ae02ae0e010ae2e1e08ae014aeeee010ae1e02ae00ae0e010ae07a.e01ae3.e4e07aGet hashmaliciousBrowse
                                                                                                                  • 52.217.48.148
                                                                                                                  http://search.hquickemailaccess.biz/?ap=appfocus1&uc=20190420&i_id=email_spt__1.30&uid=df2f81d0-dd5b-4023-bcea-6b96f5c2d443&source=s-lp1-cp_1608807742-bb8-ieiGet hashmaliciousBrowse
                                                                                                                  • 52.216.102.115
                                                                                                                  02_extracted.jarGet hashmaliciousBrowse
                                                                                                                  • 52.216.21.59
                                                                                                                  http://login.onlinedocshare.com/d053e505ea?l=50Get hashmaliciousBrowse
                                                                                                                  • 52.217.17.12
                                                                                                                  http://trello-attachments.s3.amazonaws.comGet hashmaliciousBrowse
                                                                                                                  • 52.217.38.60
                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                  FASTLYUShttps://storage.googleapis.com/gotohealth/etchebiyano.html#3bknmlcj5.hyBxpYSI?s4c6dxe0mrsbtcjfkjjtlticaxogyy4en~3vucdhw9xa2dfwnqf9ls8m27mgvnwveya~p0k0uw8i9adtvzhkrli7nelnsxqanrtv5p~cbbbc4GZ92ccjJtkcwBjxcdcJrcmcxTvgdj7fcbbb3gGet hashmaliciousBrowse
                                                                                                                  • 151.101.12.193
                                                                                                                  biden.dllGet hashmaliciousBrowse
                                                                                                                  • 151.101.1.44
                                                                                                                  12-4.exeGet hashmaliciousBrowse
                                                                                                                  • 151.101.1.195
                                                                                                                  http://test.kunmiskincare.com/index.phpGet hashmaliciousBrowse
                                                                                                                  • 151.101.2.133
                                                                                                                  http://test.kunmiskincare.com/index.phpGet hashmaliciousBrowse
                                                                                                                  • 151.101.2.133
                                                                                                                  https://4352.blob.core.windows.net/990009/redict.html?sp=r&st=2020-12-04T17:14:45Z&se=2020-12-06T01:14:45Z&spr=https&sv=2019-12-12&sr=b&sig=Rf041%2B%2FluEuvtCzWAsSWSN0m09ed%2BtLzjQOWqvo1bFc%3DGet hashmaliciousBrowse
                                                                                                                  • 151.101.112.193
                                                                                                                  https://nursing-theory.org/nursing-theorists/Isabel-Hampton-Robb.phpGet hashmaliciousBrowse
                                                                                                                  • 151.101.1.44
                                                                                                                  https://4352.blob.core.windows.net/3824/redict.html?sp=r&st=2020-12-04T14:27:30Z&se=2020-12-06T22:27:30Z&spr=https&sv=2019-12-12&sr=b&sig=MWJCDQpp1ExKLHHw6yNf6B03XIDbE0ysxKxWnwOaDSM%3DGet hashmaliciousBrowse
                                                                                                                  • 151.101.12.193
                                                                                                                  https://4352.blob.core.windows.net/3824/redict.html?sp=r&st=2020-12-04T14:27:30Z&se=2020-12-06T22:27:30Z&spr=https&sv=2019-12-12&sr=b&sig=MWJCDQpp1ExKLHHw6yNf6B03XIDbE0ysxKxWnwOaDSM%3DGet hashmaliciousBrowse
                                                                                                                  • 151.101.12.193
                                                                                                                  RFQ - UNICEF CCEOP and Vaccine Project - Copy (6).htmlGet hashmaliciousBrowse
                                                                                                                  • 151.101.112.193
                                                                                                                  https://maxhealth-adobe-auth.gq/?login=doGet hashmaliciousBrowse
                                                                                                                  • 151.101.112.157
                                                                                                                  https://u903311.ct.sendgrid.net/ls/click?upn=E8QoZc3iKswNc0WfUye-2FZsi7fgoDB-2BD5XJ1dlFUIi0Dza7MWLS8Xg2Op8FzaSnLBZlj8AcCA8QcyDqcK8st17rRV6OIOfG8jOREoFKVkQ27Uglu1tw863qNWXZbMEM0CYf7fr-2FJZECvsLMsSbrX5l0CnWOY1hirnSbLslee9BKi5QZDf-2Foq6O45Gab-2Fo-2Bb1Xd2ahBIAPpxW1W-2FRuub9RICdEF8qv-2FmtH1O3mz7eOEMQ-3D00DK_8IuQLyusNfi1xYURkJwSZD1aOQwWkwoeDp9YyA0ORin6bBp7bRAR6BH4k6DRYbezS0ah1GVpoixPXCAsv8AaIzDnizvZN-2BsmwrciRZ0ANEjDHFLvWVIBy6zu-2BmKPg3axAexo9BFHBTrmIt8t5A17BqOieFqpxwsNrl-2BkJInF0O9Gblul1CuTpMy-2FBHceEfumQizkfO-2FZhPOMhvJ77DYIEb3S95-2Fp389dezrWmBsUH8Q-3D&d=DwMFaQGet hashmaliciousBrowse
                                                                                                                  • 151.101.65.195
                                                                                                                  https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fu903311.ct.sendgrid.net%2fls%2fclick%3fupn%3dE8QoZc3iKswNc0WfUye-2FZsi7fgoDB-2BD5XJ1dlFUIi0DQixi5R1DX-2BPi42DP5xD38okSKE-2BAkZ1KTe-2BfW-2Bt-2BTRaBMD4ycNdNwNAK5mgcO2K3IuLH-2BQ1FrWw7gZqWC-2F76j2s8t-2BJ-2Fe8fTHPmTcdMhezIZtSGkkTqV7K-2BPDY6oce0Rq-2B2nn1dH8o5Aa-2BdD6Lkh3CI6JRiUY5Xhyse6qPpMA-2BmnYp33sFuIkoEaTUq6X6-2Fc-3Dwh-C_fktbBws6gHSKQ6m8X06Xv77AOew7R30tooXrho2Q1bNYZzbT9AGkI99Fhw5io1CxtnGScqjZ6ogmINmktJ8TrEdcGxAKNh6sO31dPRwZlrk95fwUJ9-2FL-2B8yBrZUxvkvp5Ud4WqS5Wbv5KNhuf-2BG1NOi0BxtAIpLdNE9k8-2B64u7ZAx2Tei0IIdmCBB21ftN60ZbV8QOlUe4D8-2FsGRXFF5MaVVxn4s1qQ5sCCUZzfNTdk-3D&c=E,1,925dUpXm5tsVMcOfslTFN9RiCMi4kfcNFe9qbvSbsyD-rtXYrNLBiRENO22KZDcoukJ4OC9L6NXbIfs2uw1uZbCFRovyw7Pvs8m7ra2xOC4up0tsCwBw4fkX&typo=1Get hashmaliciousBrowse
                                                                                                                  • 151.101.65.195
                                                                                                                  https://sec-office-sharepoint.web.app/#test@test.comGet hashmaliciousBrowse
                                                                                                                  • 151.101.1.195
                                                                                                                  https://alldomainverifications.web.app#paulo.horta@gnbga.ptGet hashmaliciousBrowse
                                                                                                                  • 151.101.1.195
                                                                                                                  https://www.evernote.com/shard/s388/sh/9c47779f-4cca-4ce6-ac44-541ac5f1d3bc/b1c9d6f77076f60f846a4fee1797af69&d=DwMGaQGet hashmaliciousBrowse
                                                                                                                  • 151.101.2.109
                                                                                                                  fasm.dllGet hashmaliciousBrowse
                                                                                                                  • 151.101.1.44
                                                                                                                  c8mCgwz9HX.dllGet hashmaliciousBrowse
                                                                                                                  • 151.101.1.44
                                                                                                                  https://criswellauto-my.sharepoint.com/:b:/p/jtan/EU06P7jwOKFJoP-tIPrljMMBEG3gKDGg6TlM9-QtbrOOKg?e=N4aC2pGet hashmaliciousBrowse
                                                                                                                  • 151.101.1.192
                                                                                                                  http://fx19827c.zizera.com/fx19827c/publisher/login?r=/fx19827c/lite/Get hashmaliciousBrowse
                                                                                                                  • 185.199.108.153
                                                                                                                  AMAZON-02UShttps://storage.googleapis.com/gotohealth/etchebiyano.html#3bknmlcj5.hyBxpYSI?s4c6dxe0mrsbtcjfkjjtlticaxogyy4en~3vucdhw9xa2dfwnqf9ls8m27mgvnwveya~p0k0uw8i9adtvzhkrli7nelnsxqanrtv5p~cbbbc4GZ92ccjJtkcwBjxcdcJrcmcxTvgdj7fcbbb3gGet hashmaliciousBrowse
                                                                                                                  • 143.204.90.51
                                                                                                                  OncoImmune.xlsxGet hashmaliciousBrowse
                                                                                                                  • 52.216.10.133
                                                                                                                  http://test.kunmiskincare.com/index.phpGet hashmaliciousBrowse
                                                                                                                  • 65.9.68.68
                                                                                                                  ACH WIRE PAYMENT REMITTANCE ._ (002).xlsxGet hashmaliciousBrowse
                                                                                                                  • 65.9.68.116
                                                                                                                  http://test.kunmiskincare.com/index.phpGet hashmaliciousBrowse
                                                                                                                  • 15.237.76.117
                                                                                                                  ACH WIRE PAYMENT REMITTANCE ._ (002).xlsxGet hashmaliciousBrowse
                                                                                                                  • 13.224.93.45
                                                                                                                  https://nursing-theory.org/nursing-theorists/Isabel-Hampton-Robb.phpGet hashmaliciousBrowse
                                                                                                                  • 3.126.56.137
                                                                                                                  https://vectecinc.com/aud/gyaltq2p80356chrwju1o4kdnzi7bfsxm9verektci7xygv12aw6p980bmjzq3nuf5dh4losobcj6twfavgsq12eku0r83pz59mh4xy7ndli?data=Y2FybG9zLmZyb250ZXJhQGJtcy5jb20=Get hashmaliciousBrowse
                                                                                                                  • 13.224.93.68
                                                                                                                  SHIPPING.EXEGet hashmaliciousBrowse
                                                                                                                  • 3.138.82.195
                                                                                                                  SKY POUNDS.exeGet hashmaliciousBrowse
                                                                                                                  • 52.58.78.16
                                                                                                                  https://www.samsungsds.com/us/en/solutions/bns/high-performance-computing/hpc-managed-services.htmlGet hashmaliciousBrowse
                                                                                                                  • 52.49.193.31
                                                                                                                  https://maxhealth-conm.cf/?login=doGet hashmaliciousBrowse
                                                                                                                  • 18.202.70.164
                                                                                                                  28YPAd8yWe.exeGet hashmaliciousBrowse
                                                                                                                  • 3.138.82.195
                                                                                                                  2VTQ0DkeC4.exeGet hashmaliciousBrowse
                                                                                                                  • 13.248.196.204
                                                                                                                  ISLONlRQUM.exeGet hashmaliciousBrowse
                                                                                                                  • 13.234.252.244
                                                                                                                  DT8ihCmXiT.rtfGet hashmaliciousBrowse
                                                                                                                  • 3.1.221.201
                                                                                                                  https://mitrend.com/app/docs/4f20dec69fefd61fbae804e908596b7dGet hashmaliciousBrowse
                                                                                                                  • 13.224.93.71
                                                                                                                  https://maxhealth-adobe-auth.gq/?login=doGet hashmaliciousBrowse
                                                                                                                  • 15.237.76.117
                                                                                                                  https://u903311.ct.sendgrid.net/ls/click?upn=E8QoZc3iKswNc0WfUye-2FZsi7fgoDB-2BD5XJ1dlFUIi0Dza7MWLS8Xg2Op8FzaSnLBZlj8AcCA8QcyDqcK8st17rRV6OIOfG8jOREoFKVkQ27Uglu1tw863qNWXZbMEM0CYf7fr-2FJZECvsLMsSbrX5l0CnWOY1hirnSbLslee9BKi5QZDf-2Foq6O45Gab-2Fo-2Bb1Xd2ahBIAPpxW1W-2FRuub9RICdEF8qv-2FmtH1O3mz7eOEMQ-3D00DK_8IuQLyusNfi1xYURkJwSZD1aOQwWkwoeDp9YyA0ORin6bBp7bRAR6BH4k6DRYbezS0ah1GVpoixPXCAsv8AaIzDnizvZN-2BsmwrciRZ0ANEjDHFLvWVIBy6zu-2BmKPg3axAexo9BFHBTrmIt8t5A17BqOieFqpxwsNrl-2BkJInF0O9Gblul1CuTpMy-2FBHceEfumQizkfO-2FZhPOMhvJ77DYIEb3S95-2Fp389dezrWmBsUH8Q-3D&d=DwMFaQGet hashmaliciousBrowse
                                                                                                                  • 52.217.17.4
                                                                                                                  https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fu903311.ct.sendgrid.net%2fls%2fclick%3fupn%3dE8QoZc3iKswNc0WfUye-2FZsi7fgoDB-2BD5XJ1dlFUIi0DQixi5R1DX-2BPi42DP5xD38okSKE-2BAkZ1KTe-2BfW-2Bt-2BTRaBMD4ycNdNwNAK5mgcO2K3IuLH-2BQ1FrWw7gZqWC-2F76j2s8t-2BJ-2Fe8fTHPmTcdMhezIZtSGkkTqV7K-2BPDY6oce0Rq-2B2nn1dH8o5Aa-2BdD6Lkh3CI6JRiUY5Xhyse6qPpMA-2BmnYp33sFuIkoEaTUq6X6-2Fc-3Dwh-C_fktbBws6gHSKQ6m8X06Xv77AOew7R30tooXrho2Q1bNYZzbT9AGkI99Fhw5io1CxtnGScqjZ6ogmINmktJ8TrEdcGxAKNh6sO31dPRwZlrk95fwUJ9-2FL-2B8yBrZUxvkvp5Ud4WqS5Wbv5KNhuf-2BG1NOi0BxtAIpLdNE9k8-2B64u7ZAx2Tei0IIdmCBB21ftN60ZbV8QOlUe4D8-2FsGRXFF5MaVVxn4s1qQ5sCCUZzfNTdk-3D&c=E,1,925dUpXm5tsVMcOfslTFN9RiCMi4kfcNFe9qbvSbsyD-rtXYrNLBiRENO22KZDcoukJ4OC9L6NXbIfs2uw1uZbCFRovyw7Pvs8m7ra2xOC4up0tsCwBw4fkX&typo=1Get hashmaliciousBrowse
                                                                                                                  • 65.9.68.102
                                                                                                                  GITHUBUSPO348578.jarGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.3
                                                                                                                  http://pma.climabitus.com/undercook.phpGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.5
                                                                                                                  ShippingDoc.jarGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.3
                                                                                                                  YOeg64zDX4.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.3
                                                                                                                  QgwtAnenic.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.3
                                                                                                                  http://www.w3.org/TR/REC-html40Get hashmaliciousBrowse
                                                                                                                  • 140.82.121.4
                                                                                                                  mz1shN8TSG.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.10
                                                                                                                  mz1shN8TSG.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.9
                                                                                                                  TJ3Z43yN2m.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.10
                                                                                                                  Tu8O5QdOKb.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.9
                                                                                                                  jmTPBV8ekH.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.10
                                                                                                                  bwYWeDRnet.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.9
                                                                                                                  AGPIZs7r0k.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.9
                                                                                                                  FGzfp11Eji.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.10
                                                                                                                  Q4OfyKlLsy.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.10
                                                                                                                  KKerT1Jel3.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.10
                                                                                                                  2h6NUBy4ls.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.9
                                                                                                                  OfhFuyl6N0.exeGet hashmaliciousBrowse
                                                                                                                  • 140.82.121.10
                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                  6271f898ce5be7dd52b0fc260d0662b3rufus-3.11.exeGet hashmaliciousBrowse
                                                                                                                  • 52.216.207.163
                                                                                                                  • 140.82.121.3
                                                                                                                  • 185.199.111.153
                                                                                                                  filecoach[1].exeGet hashmaliciousBrowse
                                                                                                                  • 52.216.207.163
                                                                                                                  • 140.82.121.3
                                                                                                                  • 185.199.111.153
                                                                                                                  Invoice_no.-9fwd7-xy0c5zge.pdfGet hashmaliciousBrowse
                                                                                                                  • 52.216.207.163
                                                                                                                  • 140.82.121.3
                                                                                                                  • 185.199.111.153
                                                                                                                  Invoice_no.-9fwd7-xy0c5zge.pdfGet hashmaliciousBrowse
                                                                                                                  • 52.216.207.163
                                                                                                                  • 140.82.121.3
                                                                                                                  • 185.199.111.153
                                                                                                                  Incoming_Fax-Kknsy vkomlus2.pdfGet hashmaliciousBrowse
                                                                                                                  • 52.216.207.163
                                                                                                                  • 140.82.121.3
                                                                                                                  • 185.199.111.153
                                                                                                                  New Fax 8elrb bq7txtl4.pdfGet hashmaliciousBrowse
                                                                                                                  • 52.216.207.163
                                                                                                                  • 140.82.121.3
                                                                                                                  • 185.199.111.153
                                                                                                                  https://val.filesconverterpro.com/js/FilesConverterProApp.exeGet hashmaliciousBrowse
                                                                                                                  • 52.216.207.163
                                                                                                                  • 140.82.121.3
                                                                                                                  • 185.199.111.153
                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                  C:\Users\user\Desktop\rufus.comrufus-3.11.exeGet hashmaliciousBrowse
                                                                                                                    rufus-3.4p.exeGet hashmaliciousBrowse
                                                                                                                      rufus-portable-v3.10.exeGet hashmaliciousBrowse
                                                                                                                        rufus-portable-v3.9.exeGet hashmaliciousBrowse
                                                                                                                          rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                            rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                              https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                                rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                                  rufus-3.5.exeGet hashmaliciousBrowse
                                                                                                                                    rufus-usb-3-3.exeGet hashmaliciousBrowse
                                                                                                                                      rufus-3.5.exeGet hashmaliciousBrowse
                                                                                                                                        rufus-3.5.exeGet hashmaliciousBrowse
                                                                                                                                          Rufus 2.10.exeGet hashmaliciousBrowse
                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Fido[1].ver
                                                                                                                                            Process:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            File Type:ASCII text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):145
                                                                                                                                            Entropy (8bit):4.553719870222819
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:zNeFEdlHgHMkCmLKw8Ln5Lv0FEdlHgHMkCmNKw8pn:U2ssssn5LM2sssA
                                                                                                                                            MD5:97DC49E41DBA0A8B6BA81CCDB6733BCB
                                                                                                                                            SHA1:722A77E60DFB5008E799C87A861473AAE15511E7
                                                                                                                                            SHA-256:4DACF00AAE3BF5AEF99F28293DE58B854FA8CC75875B867130F331D64F530F41
                                                                                                                                            SHA-512:8F05F6D728D8DBD909EE102B9137B18C4F318B2C6889DBA8DA73C133877C41A5A825472FC3E779E9D631806D58B0144908CFC425A9A5C0ACE817CCDDBCE981CC
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: z1 = https://github.com/pbatard/Fido/releases/download/v1.17/Fido.ps1.lzma.v1 = https://github.com/pbatard/Fido/releases/download/v1.11/Fido.ps1.
                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Rufus_win.ver[1].sig
                                                                                                                                            Process:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:modified
                                                                                                                                            Size (bytes):256
                                                                                                                                            Entropy (8bit):7.111475476484885
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:hyswpkUvsQ4tMQTa9ZQt1CUUkOYQ7/1HAsSaJ/GVQu+:uL4tMQTaaErZJ/OQu+
                                                                                                                                            MD5:3461E3303ECF698217B6246A75E0EBF7
                                                                                                                                            SHA1:C7F3019D2A8A5FFF4B54AE39D9D34857FDD6DE14
                                                                                                                                            SHA-256:5AFC8B735FF106799A66864FBBF522862527F3BA5A54DD8F57A44967101C5DC1
                                                                                                                                            SHA-512:0AF68FD83D394FF6213B0D9782ACED764FE6006CD22DADEF1B8C313B71D144AF6048CD4DA641328D31C8EB0B4B00D35C4C9CBEB9CC3D7C04448D2D8BBB97382E
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: riS.........e.ls|..|/<.hd...UUV...'fs.UQ%V..h.l..b.aP.,.....,.|BM..|.l$....[.L<t.TG.t..[..........N..X....V..L...68.h.9.|...!.....T.C. E....${Q.'r....L.j4.=...K.~...e..M.y.Y.{P..Qw.;-...~.Y....}!...>.3..5M.!f...pF.. .r!z.\....&0..x#.=|.4.{..u.....6.
                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Rufus_win[1].ver
                                                                                                                                            Process:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            File Type:ASCII text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1564
                                                                                                                                            Entropy (8bit):5.148244980512279
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:HUCBnzIvTjnyDH0EfYVHpQxeo//cml3Bno:H1nsTC/Em/no
                                                                                                                                            MD5:BE7200DFCC646AA345BE7ADB5CBA19B8
                                                                                                                                            SHA1:13429D2B92B9CEAE289D12166A7F1DE2D16EEB79
                                                                                                                                            SHA-256:3930C9FDE8AB12B83A8EB31A2B7CE9355B98185FE64BC86ED3DE141C639202E8
                                                                                                                                            SHA-512:4FCE929E3C7C8A417D19FBB6EFE5B8D0C81CF3542CB8E2950DA4A70F80EED3DA6DD8A0396B5C7679187CB7803DEF8153673912259CAB15C446EF8EEDFFDDE2E7
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: version = 3.13.1730.platform_min = 6.1.download_url = https://github.com/pbatard/rufus/releases/download/v3.13/rufus-3.13.exe.download_url_arm = https://github.com/pbatard/rufus/releases/download/v3.13/rufus-3.13_arm.exe.download_url_arm64 = https://github.com/pbatard/rufus/releases/download/v3.13/rufus-3.13_arm64.exe.release_notes = {\rtf1\fbidis\ansi\ansicpg1252\deff0\deflang1024{\fonttbl{\f0\fnil\fcharset0 Courier New;}{\f1\fnil\fcharset0 Arial Unicode MS;}{\f2\fnil\fcharset2 Symbol;}}..\pard\ltrpar\sl276\slmult1\b\f0\fs22\lang9\tab Rufus 3.13 (2020.11.20)\b0\par\par..\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent0{\pntxtb\'B7}}\ltrpar\fi-360\li720\sl276\slmult1\fs16 Add a cheat mode (Alt-M) to accept disk images without a Boot Marker\par.{\pntext\f2\'B7\tab}Add marquee operation progress to the taskbar icon\par.{\pntext\f2\'B7\tab}Add zeroing/image writing progress to the log\par.{\pntext\f2\'B7\tab}Switch to using 0x55 and 0xAA instead of 0x00 and 0xFF for low pass badbloc
                                                                                                                                            C:\Users\user\AppData\Local\Temp\Ruf345A.tmp
                                                                                                                                            Process:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1021440
                                                                                                                                            Entropy (8bit):6.382112084589605
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:ypbTpt2tqLil6Ja//NzqptVv0SwPk/poOF3oMCSEFs3LNDuOIApsDsiHgzhLco6s:yjQl6JmO90SWUF4MCSEFs3LNDuMoCsk
                                                                                                                                            MD5:C262E01725E545CE7CBC44AF500E5A49
                                                                                                                                            SHA1:863D5FF9B27CF0AFA84EB1BD00A1D26770B5DB13
                                                                                                                                            SHA-256:846E6608D48FC86FF22DE70FA5C8C44A0DC12F0826810219713608EAE509E6ED
                                                                                                                                            SHA-512:185913355A8D4166D40B559B66C9BFB44B4D3744850D2AD65981A8F62F606358D9AC9EEAF059BE5ED72FED30B1FA87BB086080BE218E253268A183E2726B7FCD
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: # . v3.5 "ko-KR" "Korean (...)"..l "en-US" "English (English)" 0x0409, 0x0809, 0x0c09, 0x1009, 0x1409, 0x1809, 0x1c09, 0x2009, 0x2409, 0x2809, 0x2c09, 0x3009, 0x3409, 0x3809, 0x3c09, 0x4009, 0x4409, 0x4809..v 3.5..t MSG_001 "Other instance detected"..t MSG_002 "Another Rufus application is running.\n"..."Please close the first application before running another one."..t MSG_003 "WARNING: ALL DATA ON DEVICE '%s' WILL BE DESTROYED.\n"..."To continue with this operation, click OK. To quit click CANCEL."..t MSG_004 "Rufus update policy"..t MSG_005 "Do you want to allow Rufus to check for application updates online?"..t MSG_006 "Close"..t MSG_007 "Cancel"..t MSG_008 "Yes"..t MSG_009 "No"..t MSG_010 "Bad blocks found"..t MSG_011 "Check completed: %d bad block(s) found\n"..." %d read error(s)\n %d write error(s)\n %d corruption error(s)"..t MSG_012 "%s\nA more detailed report can be found in:\n%s"..t MSG_013 "Disabled"..t MSG_014 "Daily"..t MSG_015 "Weekly"..t MSG_016 "Monthly"..t
                                                                                                                                            C:\Users\user\AppData\Local\Temp\Ruf367D.tmp
                                                                                                                                            Process:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1021440
                                                                                                                                            Entropy (8bit):6.382112084589605
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:ypbTpt2tqLil6Ja//NzqptVv0SwPk/poOF3oMCSEFs3LNDuOIApsDsiHgzhLco6s:yjQl6JmO90SWUF4MCSEFs3LNDuMoCsk
                                                                                                                                            MD5:C262E01725E545CE7CBC44AF500E5A49
                                                                                                                                            SHA1:863D5FF9B27CF0AFA84EB1BD00A1D26770B5DB13
                                                                                                                                            SHA-256:846E6608D48FC86FF22DE70FA5C8C44A0DC12F0826810219713608EAE509E6ED
                                                                                                                                            SHA-512:185913355A8D4166D40B559B66C9BFB44B4D3744850D2AD65981A8F62F606358D9AC9EEAF059BE5ED72FED30B1FA87BB086080BE218E253268A183E2726B7FCD
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: # . v3.5 "ko-KR" "Korean (...)"..l "en-US" "English (English)" 0x0409, 0x0809, 0x0c09, 0x1009, 0x1409, 0x1809, 0x1c09, 0x2009, 0x2409, 0x2809, 0x2c09, 0x3009, 0x3409, 0x3809, 0x3c09, 0x4009, 0x4409, 0x4809..v 3.5..t MSG_001 "Other instance detected"..t MSG_002 "Another Rufus application is running.\n"..."Please close the first application before running another one."..t MSG_003 "WARNING: ALL DATA ON DEVICE '%s' WILL BE DESTROYED.\n"..."To continue with this operation, click OK. To quit click CANCEL."..t MSG_004 "Rufus update policy"..t MSG_005 "Do you want to allow Rufus to check for application updates online?"..t MSG_006 "Close"..t MSG_007 "Cancel"..t MSG_008 "Yes"..t MSG_009 "No"..t MSG_010 "Bad blocks found"..t MSG_011 "Check completed: %d bad block(s) found\n"..." %d read error(s)\n %d write error(s)\n %d corruption error(s)"..t MSG_012 "%s\nA more detailed report can be found in:\n%s"..t MSG_013 "Disabled"..t MSG_014 "Daily"..t MSG_015 "Weekly"..t MSG_016 "Monthly"..t
                                                                                                                                            C:\Users\user\AppData\Local\Temp\Ruf4206.tmp
                                                                                                                                            Process:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1021440
                                                                                                                                            Entropy (8bit):6.382112084589605
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:ypbTpt2tqLil6Ja//NzqptVv0SwPk/poOF3oMCSEFs3LNDuOIApsDsiHgzhLco6s:yjQl6JmO90SWUF4MCSEFs3LNDuMoCsk
                                                                                                                                            MD5:C262E01725E545CE7CBC44AF500E5A49
                                                                                                                                            SHA1:863D5FF9B27CF0AFA84EB1BD00A1D26770B5DB13
                                                                                                                                            SHA-256:846E6608D48FC86FF22DE70FA5C8C44A0DC12F0826810219713608EAE509E6ED
                                                                                                                                            SHA-512:185913355A8D4166D40B559B66C9BFB44B4D3744850D2AD65981A8F62F606358D9AC9EEAF059BE5ED72FED30B1FA87BB086080BE218E253268A183E2726B7FCD
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: # . v3.5 "ko-KR" "Korean (...)"..l "en-US" "English (English)" 0x0409, 0x0809, 0x0c09, 0x1009, 0x1409, 0x1809, 0x1c09, 0x2009, 0x2409, 0x2809, 0x2c09, 0x3009, 0x3409, 0x3809, 0x3c09, 0x4009, 0x4409, 0x4809..v 3.5..t MSG_001 "Other instance detected"..t MSG_002 "Another Rufus application is running.\n"..."Please close the first application before running another one."..t MSG_003 "WARNING: ALL DATA ON DEVICE '%s' WILL BE DESTROYED.\n"..."To continue with this operation, click OK. To quit click CANCEL."..t MSG_004 "Rufus update policy"..t MSG_005 "Do you want to allow Rufus to check for application updates online?"..t MSG_006 "Close"..t MSG_007 "Cancel"..t MSG_008 "Yes"..t MSG_009 "No"..t MSG_010 "Bad blocks found"..t MSG_011 "Check completed: %d bad block(s) found\n"..." %d read error(s)\n %d write error(s)\n %d corruption error(s)"..t MSG_012 "%s\nA more detailed report can be found in:\n%s"..t MSG_013 "Disabled"..t MSG_014 "Daily"..t MSG_015 "Weekly"..t MSG_016 "Monthly"..t
                                                                                                                                            C:\Users\user\AppData\Local\Temp\Ruf4DCE.tmp
                                                                                                                                            Process:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1021440
                                                                                                                                            Entropy (8bit):6.382112084589605
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:ypbTpt2tqLil6Ja//NzqptVv0SwPk/poOF3oMCSEFs3LNDuOIApsDsiHgzhLco6s:yjQl6JmO90SWUF4MCSEFs3LNDuMoCsk
                                                                                                                                            MD5:C262E01725E545CE7CBC44AF500E5A49
                                                                                                                                            SHA1:863D5FF9B27CF0AFA84EB1BD00A1D26770B5DB13
                                                                                                                                            SHA-256:846E6608D48FC86FF22DE70FA5C8C44A0DC12F0826810219713608EAE509E6ED
                                                                                                                                            SHA-512:185913355A8D4166D40B559B66C9BFB44B4D3744850D2AD65981A8F62F606358D9AC9EEAF059BE5ED72FED30B1FA87BB086080BE218E253268A183E2726B7FCD
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: # . v3.5 "ko-KR" "Korean (...)"..l "en-US" "English (English)" 0x0409, 0x0809, 0x0c09, 0x1009, 0x1409, 0x1809, 0x1c09, 0x2009, 0x2409, 0x2809, 0x2c09, 0x3009, 0x3409, 0x3809, 0x3c09, 0x4009, 0x4409, 0x4809..v 3.5..t MSG_001 "Other instance detected"..t MSG_002 "Another Rufus application is running.\n"..."Please close the first application before running another one."..t MSG_003 "WARNING: ALL DATA ON DEVICE '%s' WILL BE DESTROYED.\n"..."To continue with this operation, click OK. To quit click CANCEL."..t MSG_004 "Rufus update policy"..t MSG_005 "Do you want to allow Rufus to check for application updates online?"..t MSG_006 "Close"..t MSG_007 "Cancel"..t MSG_008 "Yes"..t MSG_009 "No"..t MSG_010 "Bad blocks found"..t MSG_011 "Check completed: %d bad block(s) found\n"..." %d read error(s)\n %d write error(s)\n %d corruption error(s)"..t MSG_012 "%s\nA more detailed report can be found in:\n%s"..t MSG_013 "Disabled"..t MSG_014 "Daily"..t MSG_015 "Weekly"..t MSG_016 "Monthly"..t
                                                                                                                                            C:\Users\user\Desktop\rufus.com
                                                                                                                                            Process:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2048
                                                                                                                                            Entropy (8bit):2.0422279901230667
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:eFGSG1JCKJy2BstteOlJmU7SGZr4VzBpAOLBv:eFGSsi2aeOlIU7SGR4lBpAWBv
                                                                                                                                            MD5:D7E5D3A09EBFA04C5E2EB9BF6EC9947B
                                                                                                                                            SHA1:3D9EBBDDA068D39033AAE44001EFD8909919458C
                                                                                                                                            SHA-256:5F819F6EAE4B5845C082EDF14CB389AB9805BC3C17440F3B5398D4FDD0079FFE
                                                                                                                                            SHA-512:3D9B13233F1E1A08BEA071524B0B8430240224654A049284E97BB0BCA80C7BC0DAB92EA47D846000E9377CE0D599D64AD600749DF4BB59C925BE177F53FCF3A7
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Metadefender, Detection: 2%, Browse
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: rufus-3.11.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: rufus-3.4p.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: rufus-portable-v3.10.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: rufus-portable-v3.9.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: rufus-3.9.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: rufus-3.9.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: , Detection: malicious, Browse
                                                                                                                                            • Filename: rufus-3.9.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: rufus-3.5.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: rufus-usb-3-3.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: rufus-3.5.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: rufus-3.5.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: Rufus 2.10.exe, Detection: malicious, Browse
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K.z.K.z.K.z...'.H.z.K.{.N.z.K.z.J.z.B..J.z.RichK.z.................PE..L.....S..................................... ....@..........................0............................................... ..(.................................................................................... ...............................text............................... ..`.rdata....... ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                            C:\Windows\SysWOW64\GroupPolicy\gpt.ini
                                                                                                                                            Process:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):29
                                                                                                                                            Entropy (8bit):3.9228287372391675
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1EvdG3y:1AH
                                                                                                                                            MD5:39DFFC602ED934569F26BE44EC645814
                                                                                                                                            SHA1:40D9C2E74B8999AB8404D746E9DD219A58979813
                                                                                                                                            SHA-256:B57A88E5B1ACF3A784BE88B87FA3EE1F0991CB7C1C66DA423F3595FFC6E0C5C2
                                                                                                                                            SHA-512:02FB06F972BD37578B7788A8E8F26FE06C629FFB33A7590ACBD43F180CE2C3C4BA4D05E9047EB0978A3617E77A2EFC97CDBCDCBBFF81172B9D9F6BBED780B1AD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview: [General]..AccessCheck=test..
                                                                                                                                            C:\Windows\System32\GroupPolicy\GPT.INI
                                                                                                                                            Process:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):127
                                                                                                                                            Entropy (8bit):5.090003435843543
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:1ELGUAgKLMzY+eWgTckbnnkBfERvI3eovzFLsUov:1WsMzYHxbnKv3eoIv
                                                                                                                                            MD5:F9A49A3E2415016FA85DDFF0B8B38419
                                                                                                                                            SHA1:F8C987119269E58D22A6B17AE2E8ECA7744FB385
                                                                                                                                            SHA-256:14694DBEE3897B6BD5AA596EBFD893E727179B67811920C174DC70E6EEE8E579
                                                                                                                                            SHA-512:91EA129A51D2C3B342287C1250F5B0DA6BA2A61EFF11791D1CFAE1F5C6DD2654C935BE1452F4A681E794FD723A3C295E9BC9E59B9005AA4D8BD55ED36C9AD91C
                                                                                                                                            Malicious:true
                                                                                                                                            Preview: [General]..gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{3D271CFC-2BC6-4AC2-B633-3BDFF5BDAB2A}]..Version=1..
                                                                                                                                            C:\Windows\System32\GroupPolicy\Machine\Registry.pol
                                                                                                                                            Process:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):190
                                                                                                                                            Entropy (8bit):3.2791226694111044
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:CFlE3A5loWcNylRjlyWdl+Sli5lm+1XMRpvLZOal7EQlXYlWj0zG+EX8e7lll6zf:CFlEEoWcHWn+SkirHNblPl4Wj0S+fehW
                                                                                                                                            MD5:3679852D86D944EB0A0C1A29DC85E623
                                                                                                                                            SHA1:C8D898775714206A49355D1D7538E42F7235E2D9
                                                                                                                                            SHA-256:0372CB9877228AC59386A962D2E49B51F671E546A7BA112D43D6B2B15165AA7F
                                                                                                                                            SHA-512:6DA335F7F330DD75FED52BAB9A67442BF37AF876026B4C218F00F0264F068CBC865144546F3CFDFCE675DFDB3F2DABEBF55F6468A958AAF12E0396F22004EBD2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview: PReg....[.S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.C.u.r.r.e.n.t.V.e.r.s.i.o.n.\.P.o.l.i.c.i.e.s.\.E.x.p.l.o.r.e.r...;.N.o.D.r.i.v.e.T.y.p.e.A.u.t.o.r.u.n...;.....;.....;.....].
                                                                                                                                            \Device\ConDrv
                                                                                                                                            Process:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):35
                                                                                                                                            Entropy (8bit):4.183014003266002
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:jM1SCiHCyn:jMeiy
                                                                                                                                            MD5:220E16875D297CA26F526F0FC2249983
                                                                                                                                            SHA1:98F180071019FA0B79001A52104F0CBB12E7ED30
                                                                                                                                            SHA-256:74AD2419BF0A066DB9C031C34F901C3A3BD2D8E5EE970D183CBB97316F81DD93
                                                                                                                                            SHA-512:16AD781173A02661D32BC4B91C1973C2B71D0E529871EE56CADB8AF998D5AEED31FF15749879AB62DE5904CB0010F4534D3B46A0A6CFC8CDDB4FDAEF6B5780C6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview: Could not find ISO image 'nstall'..

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                                                                                                            Entropy (8bit):7.9607766990037305
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.66%
                                                                                                                                            • UPX compressed Win32 Executable (30571/9) 0.30%
                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                            File name:rufus-3.13.exe
                                                                                                                                            File size:1156152
                                                                                                                                            MD5:c844fa688f3aafa80790ecd6a204bbb7
                                                                                                                                            SHA1:da498e3e80186ee16620f56a601e19fbdc1f8551
                                                                                                                                            SHA256:ec3136b053bd1559ad7ec1ea104113898093b886bf519e6117b138ef2e691cbb
                                                                                                                                            SHA512:442ab6f55fe3b9b648290d4f4ff6ac6bd3d3fe906936bbb26f7a9b31b52ff02aab6601cf342d3e11f705260585708aff80b45cf40633daf69d41d691d399a4df
                                                                                                                                            SSDEEP:24576:PakG2227tNDajxxTL6vpBedHlDW5nROQ7X1yBhpzAn:CtRwajxFL6vpwdHlcg01yB/z
                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......................#..........!..t2...!...2...@..........................@3...........@... ............................

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:c8a2f0f074bc5e06

                                                                                                                                            General

                                                                                                                                            Entrypoint:0x7274b0
                                                                                                                                            Entrypoint Section:UPX1
                                                                                                                                            Digitally signed:true
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows gui
                                                                                                                                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED
                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                                                            Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                                                                                            TLS Callbacks:0x728092
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:4
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:4
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:4
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:7326001be3ced77b153640be93a8dff6
                                                                                                                                            Signature Valid:true
                                                                                                                                            Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                                            Error Number:0
                                                                                                                                            Not Before, Not After
                                                                                                                                            • 3/15/2018 5:00:00 PM 3/16/2022 4:59:59 PM
                                                                                                                                            Subject Chain
                                                                                                                                            • CN=Akeo Consulting, O=Akeo Consulting, STREET=24 Grey Rock, L=Milford, S=Co. Donegal, PostalCode=F92 D667, C=IE
                                                                                                                                            Version:3
                                                                                                                                            Thumbprint MD5:F9C8FB79581036F731B006B6D27C675B
                                                                                                                                            Thumbprint SHA-1:9CE9A71CCAB3B38A74781B975F1C228222CF7D3B
                                                                                                                                            Thumbprint SHA-256:CBD2B4DD0DB817BDEBF29B54503423F71F4603D2D7309E757DC17C4660E37451
                                                                                                                                            Serial:24692663EF6C0C0A3B23CFA310C3649B
                                                                                                                                            Instruction
                                                                                                                                            pushad
                                                                                                                                            mov esi, 0061A015h
                                                                                                                                            lea edi, dword ptr [esi-00219015h]
                                                                                                                                            push edi
                                                                                                                                            mov ebp, esp
                                                                                                                                            lea ebx, dword ptr [esp-00003E80h]
                                                                                                                                            xor eax, eax
                                                                                                                                            push eax
                                                                                                                                            cmp esp, ebx
                                                                                                                                            jne 00007F2BE8B5E38Dh
                                                                                                                                            inc esi
                                                                                                                                            inc esi
                                                                                                                                            push ebx
                                                                                                                                            push 00325B8Ah
                                                                                                                                            push edi
                                                                                                                                            add ebx, 04h
                                                                                                                                            push ebx
                                                                                                                                            push 0010D48Eh
                                                                                                                                            push esi
                                                                                                                                            add ebx, 04h
                                                                                                                                            push ebx
                                                                                                                                            push eax
                                                                                                                                            mov dword ptr [ebx], 00020003h
                                                                                                                                            push ebp
                                                                                                                                            push edi
                                                                                                                                            push esi
                                                                                                                                            push ebx
                                                                                                                                            sub esp, 7Ch
                                                                                                                                            mov edx, dword ptr [esp+00000090h]
                                                                                                                                            mov dword ptr [esp+74h], 00000000h
                                                                                                                                            mov byte ptr [esp+73h], 00000000h
                                                                                                                                            mov ebp, dword ptr [esp+0000009Ch]
                                                                                                                                            lea eax, dword ptr [edx+04h]
                                                                                                                                            mov dword ptr [esp+78h], eax
                                                                                                                                            mov eax, 00000001h
                                                                                                                                            movzx ecx, byte ptr [edx+02h]
                                                                                                                                            mov ebx, eax
                                                                                                                                            shl ebx, cl
                                                                                                                                            mov ecx, ebx
                                                                                                                                            dec ecx
                                                                                                                                            mov dword ptr [esp+6Ch], ecx
                                                                                                                                            movzx ecx, byte ptr [edx+01h]
                                                                                                                                            shl eax, cl
                                                                                                                                            dec eax
                                                                                                                                            mov dword ptr [esp+68h], eax
                                                                                                                                            mov eax, dword ptr [esp+000000A8h]
                                                                                                                                            movzx esi, byte ptr [edx]
                                                                                                                                            mov dword ptr [ebp+00h], 00000000h
                                                                                                                                            mov dword ptr [esp+60h], 00000000h
                                                                                                                                            mov dword ptr [eax], 00000000h
                                                                                                                                            mov eax, 00000300h
                                                                                                                                            mov dword ptr [esp+64h], esi
                                                                                                                                            mov dword ptr [esp+5Ch], 00000001h
                                                                                                                                            mov dword ptr [esp+58h], 00000001h
                                                                                                                                            mov dword ptr [esp+54h], 00000001h
                                                                                                                                            mov dword ptr [esp+50h], 00000001h
                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3330380x304.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3290000xa038.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x1188000x1c38UPX0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x33333c0x20.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x3280b40x18UPX1
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            UPX00x10000x2190000x0unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            UPX10x21a0000x10f0000x10e200False0.999062753066data7.99972167039IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                            .rsrc0x3290000xb0000xa400False0.297422827744data3.93708489995IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                                            RT_ICON0x329e840x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 4294961151
                                                                                                                                            RT_ICON0x32e0b00x25a8data
                                                                                                                                            RT_ICON0x33065c0x10a8data
                                                                                                                                            RT_ICON0x3317080x988data
                                                                                                                                            RT_ICON0x3320940x468GLS_BINARY_LSB_FIRST
                                                                                                                                            RT_DIALOG0x1104e80x95eempty
                                                                                                                                            RT_DIALOG0x110e480x13cempty
                                                                                                                                            RT_DIALOG0x110f880x1d6empty
                                                                                                                                            RT_DIALOG0x1111600x4f4empty
                                                                                                                                            RT_DIALOG0x1116580xacempty
                                                                                                                                            RT_DIALOG0x1117080xeaempty
                                                                                                                                            RT_DIALOG0x1117f80x252empty
                                                                                                                                            RT_DIALOG0x111a500x330empty
                                                                                                                                            RT_DIALOG0x111d800x1b0empty
                                                                                                                                            RT_DIALOG0x111f300x3e2empty
                                                                                                                                            RT_RCDATA0x1123180x26aempty
                                                                                                                                            RT_RCDATA0x1125880x1a5empty
                                                                                                                                            RT_RCDATA0x1127300xcfempty
                                                                                                                                            RT_RCDATA0x1128000x73empty
                                                                                                                                            RT_RCDATA0x1128780xbfempty
                                                                                                                                            RT_RCDATA0x1129380x1f6empty
                                                                                                                                            RT_RCDATA0x112b300x33bempty
                                                                                                                                            RT_RCDATA0x112e700x1f0empty
                                                                                                                                            RT_RCDATA0x1130600x181empty
                                                                                                                                            RT_RCDATA0x1131e80xdaempty
                                                                                                                                            RT_RCDATA0x1132c80x154empty
                                                                                                                                            RT_RCDATA0x1134200x279empty
                                                                                                                                            RT_RCDATA0x1136a00x430empty
                                                                                                                                            RT_RCDATA0x113ad00x2dcempty
                                                                                                                                            RT_RCDATA0x113db00x120empty
                                                                                                                                            RT_RCDATA0x113ed00x7dempty
                                                                                                                                            RT_RCDATA0x113f500x10dempty
                                                                                                                                            RT_RCDATA0x1140600x366empty
                                                                                                                                            RT_RCDATA0x1143c80x10581empty
                                                                                                                                            RT_RCDATA0x1249500xb65dempty
                                                                                                                                            RT_RCDATA0x12ffb00xe43empty
                                                                                                                                            RT_RCDATA0x130df80x2cb6empty
                                                                                                                                            RT_RCDATA0x133ab00x3f74empty
                                                                                                                                            RT_RCDATA0x137a280x9da8empty
                                                                                                                                            RT_RCDATA0x1417d00x7436empty
                                                                                                                                            RT_RCDATA0x148c080x7db2empty
                                                                                                                                            RT_RCDATA0x1509c00x3331empty
                                                                                                                                            RT_RCDATA0x153cf80x1940empty
                                                                                                                                            RT_RCDATA0x1556380x1b93empty
                                                                                                                                            RT_RCDATA0x1571d00x155dempty
                                                                                                                                            RT_RCDATA0x1587300x114fempty
                                                                                                                                            RT_RCDATA0x1598800x1c31empty
                                                                                                                                            RT_RCDATA0x15b4b80x1cf1empty
                                                                                                                                            RT_RCDATA0x15d1b00x150bempty
                                                                                                                                            RT_RCDATA0x15e6c00x1b3dempty
                                                                                                                                            RT_RCDATA0x1602000x1699empty
                                                                                                                                            RT_RCDATA0x1618a00x15a7empty
                                                                                                                                            RT_RCDATA0x162e480x1c3cempty
                                                                                                                                            RT_RCDATA0x164a880x1fb7empty
                                                                                                                                            RT_RCDATA0x166a400x1889empty
                                                                                                                                            RT_RCDATA0x1682d00x1e4eempty
                                                                                                                                            RT_RCDATA0x16a1200x193aempty
                                                                                                                                            RT_RCDATA0x16ba600x1e71empty
                                                                                                                                            RT_RCDATA0x16d8d80x22e1empty
                                                                                                                                            RT_RCDATA0x16fbc00x1426empty
                                                                                                                                            RT_RCDATA0x170fe80x200empty
                                                                                                                                            RT_RCDATA0x1711e80x8e88empty
                                                                                                                                            RT_RCDATA0x17a0700x200empty
                                                                                                                                            RT_RCDATA0x17a2700x10a19empty
                                                                                                                                            RT_RCDATA0x18ac900x855cempty
                                                                                                                                            RT_RCDATA0x1931f00x2000empty
                                                                                                                                            RT_RCDATA0x1951f00x7ce6empty
                                                                                                                                            RT_RCDATA0x19ced80x4f1empty
                                                                                                                                            RT_RCDATA0x19d3d00xf9600empty
                                                                                                                                            RT_RCDATA0x2969d00x800data
                                                                                                                                            RT_RCDATA0x2971d00x80000data
                                                                                                                                            RT_GROUP_ICON0x3325000x4cdata
                                                                                                                                            RT_VERSION0x3325500x37cdata
                                                                                                                                            RT_MANIFEST0x3328d00x767XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                            DLLImport
                                                                                                                                            ADVAPI32.dllFreeSid
                                                                                                                                            COMCTL32.DLLImageList_Create
                                                                                                                                            COMDLG32.DLLGetOpenFileNameW
                                                                                                                                            CRYPT32.dllCryptMsgClose
                                                                                                                                            GDI32.dllLineTo
                                                                                                                                            KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                                                                                                                                            msvcrt.dll_iob
                                                                                                                                            ole32.dllCoCreateGuid
                                                                                                                                            SETUPAPI.dllCM_Get_Child
                                                                                                                                            SHELL32.dllShellExecuteA
                                                                                                                                            SHLWAPI.dllwnsprintfW
                                                                                                                                            USER32.dllGetDC
                                                                                                                                            WINTRUST.dllWinVerifyTrustEx
                                                                                                                                            DescriptionData
                                                                                                                                            LegalCopyright 2011-2020 Pete Batard (GPL v3)
                                                                                                                                            InternalNameRufus
                                                                                                                                            FileVersion3.13.1730
                                                                                                                                            CompanyNameAkeo Consulting
                                                                                                                                            LegalTrademarkshttps://www.gnu.org/licenses/gpl-3.0.html
                                                                                                                                            Commentshttps://rufus.ie
                                                                                                                                            ProductNameRufus
                                                                                                                                            ProductVersion3.13.1730
                                                                                                                                            FileDescriptionRufus
                                                                                                                                            OriginalFilenamerufus-3.13.exe
                                                                                                                                            Translation0x0000 0x04b0

                                                                                                                                            Network Behavior

                                                                                                                                            Network Port Distribution

                                                                                                                                            • Total Packets: 86
                                                                                                                                            • 443 (HTTPS)
                                                                                                                                            • 53 (DNS)
                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Dec 6, 2020 08:00:08.418509960 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:08.437859058 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.456113100 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:08.494904995 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:08.514077902 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.515260935 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.515305042 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.515325069 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.516722918 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:08.556288004 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:08.575818062 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.575957060 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:08.579802990 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:08.580653906 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:08.598813057 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.599330902 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:08.600431919 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.600672007 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:08.600795984 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:08.664942026 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.702851057 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:08.719270945 CET44349729140.82.121.3192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.719367981 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:08.719996929 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:08.737333059 CET44349729140.82.121.3192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.737375975 CET44349729140.82.121.3192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.737426996 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:08.737442970 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:08.737487078 CET44349729140.82.121.3192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.737540007 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:09.329925060 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:09.346591949 CET44349729140.82.121.3192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.346689939 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:09.347450018 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:09.369052887 CET44349729140.82.121.3192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.369085073 CET44349729140.82.121.3192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.369132042 CET44349729140.82.121.3192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.369144917 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:09.369157076 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:09.369185925 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:09.369218111 CET44349729140.82.121.3192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.369254112 CET44349729140.82.121.3192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.369271040 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:09.369299889 CET49729443192.168.2.3140.82.121.3
                                                                                                                                            Dec 6, 2020 08:00:09.439620972 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.542108059 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.542270899 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.548129082 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.650696039 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.650743961 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.650782108 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.650830030 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.650862932 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.650878906 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.650933981 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.650940895 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.650944948 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.652434111 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.652462959 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.652514935 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.652550936 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.663687944 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.679416895 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.679548979 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.766509056 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.766535044 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.766560078 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.766665936 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.766714096 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.767446995 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.889662027 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.889727116 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.889775991 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.889812946 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.889816999 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.889842033 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.889847994 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.889862061 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.889883995 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.889899969 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.889935970 CET4434973052.216.207.163192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.889950037 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.889962912 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.889983892 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.892342091 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:09.892388105 CET49730443192.168.2.352.216.207.163
                                                                                                                                            Dec 6, 2020 08:00:23.784565926 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:23.803961039 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:23.804079056 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:23.804124117 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:23.804162025 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:23.804199934 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:23.804224014 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:23.804229975 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:23.804256916 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:23.804263115 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:23.804269075 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:23.804286003 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:23.817295074 CET49728443192.168.2.3185.199.111.153
                                                                                                                                            Dec 6, 2020 08:00:23.837096930 CET44349728185.199.111.153192.168.2.3
                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Dec 6, 2020 07:59:48.371716022 CET5882353192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 07:59:48.399233103 CET53588238.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 07:59:49.423187017 CET5756853192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 07:59:49.450706005 CET53575688.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 07:59:50.046587944 CET5054053192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 07:59:50.073848009 CET53505408.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 07:59:51.255755901 CET5436653192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 07:59:51.283143044 CET53543668.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 07:59:52.009601116 CET5303453192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 07:59:52.037007093 CET53530348.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 07:59:53.552917957 CET5776253192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 07:59:53.580292940 CET53577628.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 07:59:55.076394081 CET5543553192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 07:59:55.103678942 CET53554358.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 07:59:55.997838020 CET5071353192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 07:59:56.025275946 CET53507138.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 07:59:56.706295013 CET5613253192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 07:59:56.741887093 CET53561328.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.347860098 CET5898753192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:00:08.383692026 CET53589878.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:08.663408041 CET5657953192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:00:08.700917006 CET53565798.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:09.392081976 CET6063353192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:00:09.427614927 CET53606338.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:18.473124981 CET6129253192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:00:18.500504017 CET53612928.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:22.898267031 CET6361953192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:00:22.937335014 CET53636198.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:26.390027046 CET6493853192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:00:26.433665037 CET53649388.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:34.854582071 CET6194653192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:00:34.900482893 CET53619468.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:37.719000101 CET6491053192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:00:37.756159067 CET53649108.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:52.375351906 CET5212353192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:00:52.402688980 CET53521238.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:00:55.886312962 CET5613053192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:00:55.923491955 CET53561308.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:01:26.895493031 CET5633853192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:01:26.922782898 CET53563388.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:01:30.760487080 CET5942053192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:01:30.795706034 CET53594208.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:02:39.227703094 CET5878453192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:02:39.290790081 CET53587848.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:02:39.857827902 CET6397853192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:02:39.893503904 CET53639788.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:02:40.570641041 CET6293853192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:02:40.606293917 CET53629388.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:02:41.159045935 CET5570853192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:02:41.194830894 CET53557088.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:02:41.677809954 CET5680353192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:02:41.715696096 CET53568038.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:02:42.232062101 CET5714553192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:02:42.269377947 CET53571458.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:02:43.657180071 CET5535953192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:02:43.693130970 CET53553598.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:02:44.794169903 CET5830653192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:02:44.821456909 CET53583068.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:02:45.898833990 CET6412453192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:02:45.936613083 CET53641248.8.8.8192.168.2.3
                                                                                                                                            Dec 6, 2020 08:02:46.486938953 CET4936153192.168.2.38.8.8.8
                                                                                                                                            Dec 6, 2020 08:02:46.522739887 CET53493618.8.8.8192.168.2.3
                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                            Dec 6, 2020 08:00:08.347860098 CET192.168.2.38.8.8.80xc17dStandard query (0)rufus.ieA (IP address)IN (0x0001)
                                                                                                                                            Dec 6, 2020 08:00:08.663408041 CET192.168.2.38.8.8.80x3e31Standard query (0)github.comA (IP address)IN (0x0001)
                                                                                                                                            Dec 6, 2020 08:00:09.392081976 CET192.168.2.38.8.8.80xb168Standard query (0)github-production-release-asset-2e65be.s3.amazonaws.comA (IP address)IN (0x0001)
                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                            Dec 6, 2020 08:00:08.383692026 CET8.8.8.8192.168.2.30xc17dNo error (0)rufus.ie185.199.111.153A (IP address)IN (0x0001)
                                                                                                                                            Dec 6, 2020 08:00:08.383692026 CET8.8.8.8192.168.2.30xc17dNo error (0)rufus.ie185.199.108.153A (IP address)IN (0x0001)
                                                                                                                                            Dec 6, 2020 08:00:08.383692026 CET8.8.8.8192.168.2.30xc17dNo error (0)rufus.ie185.199.109.153A (IP address)IN (0x0001)
                                                                                                                                            Dec 6, 2020 08:00:08.383692026 CET8.8.8.8192.168.2.30xc17dNo error (0)rufus.ie185.199.110.153A (IP address)IN (0x0001)
                                                                                                                                            Dec 6, 2020 08:00:08.700917006 CET8.8.8.8192.168.2.30x3e31No error (0)github.com140.82.121.3A (IP address)IN (0x0001)
                                                                                                                                            Dec 6, 2020 08:00:09.427614927 CET8.8.8.8192.168.2.30xb168No error (0)github-production-release-asset-2e65be.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                            Dec 6, 2020 08:00:09.427614927 CET8.8.8.8192.168.2.30xb168No error (0)s3-1-w.amazonaws.com52.216.207.163A (IP address)IN (0x0001)
                                                                                                                                            TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                            Dec 6, 2020 08:00:08.515305042 CET185.199.111.153443192.168.2.349728CN=rufus.ie CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Fri Dec 04 15:37:46 CET 2020 Wed Oct 07 21:21:40 CEST 2020Thu Mar 04 15:37:46 CET 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-65281,29-23-24,06271f898ce5be7dd52b0fc260d0662b3
                                                                                                                                            CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                            Dec 6, 2020 08:00:08.737487078 CET140.82.121.3443192.168.2.349729CN=github.com, O="GitHub, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USTue May 05 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013Tue May 10 14:00:00 CEST 2022 Sun Oct 22 14:00:00 CEST 2028771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-65281,29-23-24,06271f898ce5be7dd52b0fc260d0662b3
                                                                                                                                            CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USTue Oct 22 14:00:00 CEST 2013Sun Oct 22 14:00:00 CEST 2028
                                                                                                                                            Dec 6, 2020 08:00:09.650862932 CET52.216.207.163443192.168.2.349730CN=*.s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IESat Nov 09 01:00:00 CET 2019 Tue Dec 08 13:05:07 CET 2015Fri Mar 12 13:00:00 CET 2021 Sat May 10 14:00:00 CEST 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-65281,29-23-24,06271f898ce5be7dd52b0fc260d0662b3
                                                                                                                                            CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Dec 08 13:05:07 CET 2015Sat May 10 14:00:00 CEST 2025

                                                                                                                                            Code Manipulations

                                                                                                                                            Statistics

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            Start time:07:59:51
                                                                                                                                            Start date:06/12/2020
                                                                                                                                            Path:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:'C:\Users\user\Desktop\rufus-3.13.exe' -install
                                                                                                                                            Imagebase:0x1340000
                                                                                                                                            File size:1156152 bytes
                                                                                                                                            MD5 hash:C844FA688F3AAFA80790ECD6A204BBB7
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low
                                                                                                                                            Start time:07:59:52
                                                                                                                                            Start date:06/12/2020
                                                                                                                                            Path:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:'C:\Users\user\Desktop\rufus-3.13.exe'
                                                                                                                                            Imagebase:0x1340000
                                                                                                                                            File size:1156152 bytes
                                                                                                                                            MD5 hash:C844FA688F3AAFA80790ECD6A204BBB7
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low
                                                                                                                                            Start time:07:59:54
                                                                                                                                            Start date:06/12/2020
                                                                                                                                            Path:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:'C:\Users\user\Desktop\rufus-3.13.exe' /install
                                                                                                                                            Imagebase:0x1340000
                                                                                                                                            File size:1156152 bytes
                                                                                                                                            MD5 hash:C844FA688F3AAFA80790ECD6A204BBB7
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low
                                                                                                                                            Start time:07:59:57
                                                                                                                                            Start date:06/12/2020
                                                                                                                                            Path:C:\Users\user\Desktop\rufus-3.13.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:'C:\Users\user\Desktop\rufus-3.13.exe' /load
                                                                                                                                            Imagebase:0x1340000
                                                                                                                                            File size:1156152 bytes
                                                                                                                                            MD5 hash:C844FA688F3AAFA80790ECD6A204BBB7
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low

                                                                                                                                            Disassembly

                                                                                                                                            Code Analysis