Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Analysis Report rufus-3.14p.exe

Overview

General Information

Sample Name:rufus-3.14p.exe
Analysis ID:420143
MD5:c1df434cf15aeb31783e1144b8a30059
SHA1:1c385ec41d5f20ab411bd20e792ad8e7da7feaf9
SHA256:c0ccf4f480545b50169cc1f5bf92b357ce588520cb8534128200ca48fc6ae588
Infos:

Most interesting Screenshot:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Changes autostart functionality of drives
Drops PE files with a suspicious file extension
Modifies Group Policy settings
Tries to delay execution (extensive OutputDebugStringW loop)
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Enables driver privileges
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries device information via Setup API
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • rufus-3.14p.exe (PID: 6836 cmdline: 'C:\Users\user\Desktop\rufus-3.14p.exe' MD5: C1DF434CF15AEB31783E1144B8A30059)
  • rufus-3.14p.exe (PID: 6872 cmdline: 'C:\Users\user\Desktop\rufus-3.14p.exe' MD5: C1DF434CF15AEB31783E1144B8A30059)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

  • Cryptography
  • Compliance
  • Spreading
  • Networking
  • Spam, unwanted Advertisements and Ransom Demands
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection
  • Lowering of HIPS / PFW / Operating System Security Settings

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D3A1E7 CryptAcquireContextW,CryptImportKey,CryptCreateHash,CryptHashData,CryptVerifySignatureW,CryptDestroyHash,CryptReleaseContext,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D393F7 calloc,GetModuleFileNameW,GetLastError,CryptQueryObject,Sleep,CryptMsgGetParam,CryptMsgGetParam,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,calloc,CryptMsgGetParam,CertFindCertificateInStore,CertGetNameStringA,_strcmpi,CertGetNameStringA,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D393F7 calloc,GetModuleFileNameW,GetLastError,CryptQueryObject,Sleep,CryptMsgGetParam,CryptMsgGetParam,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,calloc,CryptMsgGetParam,CertFindCertificateInStore,CertGetNameStringA,_strcmpi,CertGetNameStringA,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D4CBB9 CryptMsgGetParam,GetLastError,_snprintf,strlen,calloc,FormatMessageW,GetLastError,WideCharToMultiByte,??3@YAXPAX@Z,SetLastError,SetLastError,GetLastError,_snprintf,SetLastError,_snprintf,
Source: rufus-3.14p.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED
Source: rufus-3.14p.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 185.199.110.153:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.154:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: rufus-3.14p.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: Binary string: C:\Projects\uefi-ntfs\arm\Release\bootarm.pdb source: rufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmp
Source: Binary string: C:\Projects\uefi-ntfs\aa64\Release\bootaa64.pdb source: rufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmp
Source: Binary string: C:\Projects\uefi-ntfs\ia32\Release\bootia32.pdb source: rufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmp
Source: Binary string: C:\Projects\uefi-ntfs\x64\Release\bootx64.pdb source: rufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmp

Spreading:

barindex
Changes autostart functionality of drives
Source: C:\Users\user\Desktop\rufus-3.14p.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\group policy objects\{ACEF4A73-C5D5-48AF-B032-7CA9414F6868}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutorunJump to behavior
Source: rufus-3.14p.exeBinary or memory string: Using autorun.inf label for drive %c: '%s'
Source: rufus-3.14p.exeBinary or memory string: #:\autorun.inf
Source: rufus-3.14p.exeBinary or memory string: Ignoring autorun.inf label for drive %c: %s
Source: rufus-3.14p.exeBinary or memory string: %sautorun.inf
Source: rufus-3.14p.exeBinary or memory string: [autorun] icon = autorun.ico label = %s
Source: rufus-3.14p.exeBinary or memory string: buat cakera boot" t MSG_165 "Klik untuk memilih atau memuat turun imej..." t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)" t MSG_167 "Memasang MBR yang membenarkan pilihan bo
Source: rufus-3.14p.exeBinary or memory string: autorun.inf
Source: rufus-3.14p.exeBinary or memory string: tellen (maakt een autorun.inf aan)" t MSG_167 "Installeert een MBR die een opstartselectie toestaat en de BIOS USB-drive ID kan verbergen" t MSG_168 "Probeert de eerste opstartbare USB drive (gewoonlijk 0x80) voor te laten doen als een andere schijf.\nDit is
Source: rufus-3.14p.exeBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-3.14p.exeBinary or memory string: autorun.inf
Source: rufus-3.14p.exeBinary or memory string: t perangkat bootable" t MSG_165 "Klik untuk memilih sebuah image..." t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)" t MSG_167 "Menginstal MBR memungkinkan untuk boot dan dapat memanipula
Source: rufus-3.14p.exeBinary or memory string: . (autorun.inf .)" t MSG_167 " MBR BIO
Source: rufus-3.14p.exeBinary or memory string: (creates an autorun.inf)" t MSG_167 "Install an MBR that allows boot selection and can masquerade the BIOS USB drive ID" t MSG_168 "Try to masquerade first bootable USB drive (usually 0x80) as a different disk.\n" "This should only be necessary if you inst
Source: rufus-3.14p.exeBinary or memory string: autorun.inf
Source: rufus-3.14p.exeBinary or memory string: [autorun]icon = autorun.icolabel = %s
Source: rufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)$
Source: rufus-3.14p.exe, 00000000.00000002.928580187.00000000034E0000.00000004.00000001.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)>
Source: rufus-3.14p.exe, 00000000.00000002.927433503.0000000000E1B000.00000040.00020000.sdmpBinary or memory string: Check the device for bad blocks using a test patternUncheck this box to use the "slow" format methodMethod that will be used to make the drive bootableClick to select or download an image...Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)Install an MBR that allows boot selection and can masquerade the BIOS USB drive IDTry to masquerade first bootable USB drive (usually 0x80) as a different disk.
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: "and set a device icon (creates an autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacijonalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: m souboru autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: e un fichier autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: hoz (egy autorun.inf f
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: un file autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: . (autorun.inf
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: (sukuria autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: autorun.inf"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: dzenia (tworzy plik autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: ier autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: uje autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: boru autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: autorun.inf
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: t simgesini belirleyin (autorun.inf olu
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmpBinary or memory string: t autorun.inf)"
Source: rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmpBinary or memory string: NtQueryVolumeInformationFileGetLogicalDriveStrings failed: %sGetLogicalDriveStrings: Buffer too small (required %d vs. %d)\\.\%c:\\.\#:Failed to get a drive letterNo drive letter was assigned...ABORTED: Cannot use an image that is located on the target drive!Failed to delete mountpoint %s: %sNO_LABELNo medialabelIgnoring autorun.inf label for drive %c: %sUsing autorun.inf label for drive %c: '%s'#:\autorun.inf%s does not have a Boot Marker%s has a %s Master Boot Record%s has an unknown Master Boot RecordPartition Boot RecordVolume does not have an x86 %sDrive has a %s %sVolume has an unknown FAT16 or FAT32 %sVolume has an unknown %sCould not unmount drive: %sCould not mount %s as %C:%s was successfully mounted as %C:%s is already mounted, but volume GUID could not be checked: %s%s is mounted, but volume GUID doesn't match:
Source: rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmpBinary or memory string: @FATLarge FAT32Invalid logical volume handleIOCTL_DISK_GET_DRIVE_GEOMETRY error: %sFailed to get device geometry (both regular and _ex)IOCTL_DISK_GET_PARTITION_INFO error: %sFailed to get partition info (both regular and _ex)This drive is too small for FAT32 - there must be at least 64K clustersThis drive is too big for FAT32 - max 2TB supportedFailed to allocate memoryformat_fat32.cSectorsPerCluster > 0This drive has more than 2^28 clusters, try to specify a larger cluster size or use the defaultFAT32 must have at least 65536 clusters, try to specify a smaller cluster size or use the defaultThis drive is too big for large FAT32 formatSize : %s %u sectorsCluster size %d bytes, %d bytes per sectorVolume ID is %x:%x%d Reserved sectors, %d sectors per FAT, %d FATs%d Total clusters%d Free clustersClearing out %d sectors for reserved sectors, FATs and root cluster...Error clearing reserved sectorsInitializing reserved sectors and FATs...FAT #%d sector at address: %dCould not write partition boot record - drive may not boot...Setting label...Could not set label: %sFormat completed.NO NAME iconUnable to create icon '%s': %s.Could not write icon header: %s.Could not write ICONDIRENTRY[%d]: %s.Could not write ICONDIRENTRY[%d] offset: %s.Could not write icon data #%d: %s.Created: %s%sautorun.infr%s already exists - keeping itw, ccs=UTF-16LEUnable to create %sNOTE: This may be caused by a poorly designed security solution. See https://goo.gl/QTobxX.; Created by %s
Source: rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmpBinary or memory string: [autorun]
Source: rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmpBinary or memory string: Error allocating file name%s%s/%srufus_files%s/syslinux-%s/%s Replaced with local version %s Could not replace file: %s File name sanitized to '%s' Unable to create file: %sautorun.inf NOTE: This is usually caused by a poorly designed security solution. See https://goo.gl/QTobxX.
Source: rufus-3.14p.exeBinary or memory string: Using autorun.inf label for drive %c: '%s'
Source: rufus-3.14p.exeBinary or memory string: #:\autorun.inf
Source: rufus-3.14p.exeBinary or memory string: Ignoring autorun.inf label for drive %c: %s
Source: rufus-3.14p.exeBinary or memory string: %sautorun.inf
Source: rufus-3.14p.exeBinary or memory string: [autorun] icon = autorun.ico label = %s
Source: rufus-3.14p.exeBinary or memory string: buat cakera boot" t MSG_165 "Klik untuk memilih atau memuat turun imej..." t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)" t MSG_167 "Memasang MBR yang membenarkan pilihan bo
Source: rufus-3.14p.exeBinary or memory string: autorun.inf
Source: rufus-3.14p.exeBinary or memory string: tellen (maakt een autorun.inf aan)" t MSG_167 "Installeert een MBR die een opstartselectie toestaat en de BIOS USB-drive ID kan verbergen" t MSG_168 "Probeert de eerste opstartbare USB drive (gewoonlijk 0x80) voor te laten doen als een andere schijf.\nDit is
Source: rufus-3.14p.exeBinary or memory string: autorun.inf
Source: rufus-3.14p.exeBinary or memory string: t perangkat bootable" t MSG_165 "Klik untuk memilih sebuah image..." t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)" t MSG_167 "Menginstal MBR memungkinkan untuk boot dan dapat memanipula
Source: rufus-3.14p.exeBinary or memory string: . (autorun.inf .)" t MSG_167 " MBR BIO
Source: rufus-3.14p.exeBinary or memory string: (creates an autorun.inf)" t MSG_167 "Install an MBR that allows boot selection and can masquerade the BIOS USB drive ID" t MSG_168 "Try to masquerade first bootable USB drive (usually 0x80) as a different disk.\n" "This should only be necessary if you inst
Source: rufus-3.14p.exeBinary or memory string: autorun.inf
Source: rufus-3.14p.exeBinary or memory string: [autorun]icon = autorun.icolabel = %s
Source: rufus-3.14p.exe, 00000001.00000002.685637329.0000000003260000.00000004.00000001.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpBinary or memory string: NtQueryVolumeInformationFileGetLogicalDriveStrings failed: %sGetLogicalDriveStrings: Buffer too small (required %d vs. %d)\\.\%c:\\.\#:Failed to get a drive letterNo drive letter was assigned...ABORTED: Cannot use an image that is located on the target drive!Failed to delete mountpoint %s: %sNO_LABELNo medialabelIgnoring autorun.inf label for drive %c: %sUsing autorun.inf label for drive %c: '%s'#:\autorun.inf%s does not have a Boot Marker%s has a %s Master Boot Record%s has an unknown Master Boot RecordPartition Boot RecordVolume does not have an x86 %sDrive has a %s %sVolume has an unknown FAT16 or FAT32 %sVolume has an unknown %sCould not unmount drive: %sCould not mount %s as %C:%s was successfully mounted as %C:%s is already mounted, but volume GUID could not be checked: %s%s is mounted, but volume GUID doesn't match:
Source: rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpBinary or memory string: @FATLarge FAT32Invalid logical volume handleIOCTL_DISK_GET_DRIVE_GEOMETRY error: %sFailed to get device geometry (both regular and _ex)IOCTL_DISK_GET_PARTITION_INFO error: %sFailed to get partition info (both regular and _ex)This drive is too small for FAT32 - there must be at least 64K clustersThis drive is too big for FAT32 - max 2TB supportedFailed to allocate memoryformat_fat32.cSectorsPerCluster > 0This drive has more than 2^28 clusters, try to specify a larger cluster size or use the defaultFAT32 must have at least 65536 clusters, try to specify a smaller cluster size or use the defaultThis drive is too big for large FAT32 formatSize : %s %u sectorsCluster size %d bytes, %d bytes per sectorVolume ID is %x:%x%d Reserved sectors, %d sectors per FAT, %d FATs%d Total clusters%d Free clustersClearing out %d sectors for reserved sectors, FATs and root cluster...Error clearing reserved sectorsInitializing reserved sectors and FATs...FAT #%d sector at address: %dCould not write partition boot record - drive may not boot...Setting label...Could not set label: %sFormat completed.NO NAME iconUnable to create icon '%s': %s.Could not write icon header: %s.Could not write ICONDIRENTRY[%d]: %s.Could not write ICONDIRENTRY[%d] offset: %s.Could not write icon data #%d: %s.Created: %s%sautorun.infr%s already exists - keeping itw, ccs=UTF-16LEUnable to create %sNOTE: This may be caused by a poorly designed security solution. See https://goo.gl/QTobxX.; Created by %s
Source: rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpBinary or memory string: [autorun]
Source: rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpBinary or memory string: Error allocating file name%s%s/%srufus_files%s/syslinux-%s/%s Replaced with local version %s Could not replace file: %s File name sanitized to '%s' Unable to create file: %sautorun.inf NOTE: This is usually caused by a poorly designed security solution. See https://goo.gl/QTobxX.
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: "and set a device icon (creates an autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacijonalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: m souboru autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: e un fichier autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: hoz (egy autorun.inf f
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: un file autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: . (autorun.inf
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: (sukuria autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: autorun.inf"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: dzenia (tworzy plik autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: ier autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: uje autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: boru autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: autorun.inf
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: t simgesini belirleyin (autorun.inf olu
Source: rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpBinary or memory string: t autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: "and set a device icon (creates an autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacijonalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: m souboru autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: Ruf5D27.tmp.0.drBinary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: Ruf5D27.tmp.0.drBinary or memory string: e un fichier autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: hoz (egy autorun.inf f
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: un file autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: autorun.inf
Source: Ruf5D27.tmp.0.drBinary or memory string: . (autorun.inf
Source: Ruf5D27.tmp.0.drBinary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: (sukuria autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: autorun.inf"
Source: Ruf5D27.tmp.0.drBinary or memory string: dzenia (tworzy plik autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: ier autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: uje autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: boru autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: Ruf5D27.tmp.0.drBinary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: Ruf5D27.tmp.0.drBinary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: Ruf5D27.tmp.0.drBinary or memory string: autorun.inf
Source: Ruf5D27.tmp.0.drBinary or memory string: t simgesini belirleyin (autorun.inf olu
Source: Ruf5D27.tmp.0.drBinary or memory string: t autorun.inf)"
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D1FC08 GetLogicalDriveStringsA,strlen,isalpha,toupper,
Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox ViewIP Address: 185.199.109.154 185.199.109.154
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D330C4 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,InternetCrackUrlA,strlen,InternetCrackUrlA,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,HttpQueryInfoA,SetLastError,HttpQueryInfoA,_atoi64,_snprintf,calloc,InternetReadFile,WriteFile,GetLastError,FlushFileBuffers,CloseHandle,??3@YAXPAX@Z,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,SetLastError,
Source: unknownDNS traffic detected: queries for: rufus.ie
Source: rufus-3.14p.exe, 00000000.00000003.926660595.0000000007A3A000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.di
Source: rufus-3.14p.exe, 00000000.00000002.941087603.0000000007A18000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0K
Source: rufus-3.14p.exe, 00000000.00000002.941087603.0000000007A18000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crt0
Source: rufus-3.14p.exe, 00000000.00000003.926699047.0000000007A3D000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt0
Source: rufus-3.14p.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: rufus-3.14p.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: rufus-3.14p.exe, 00000000.00000002.941087603.0000000007A18000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl00
Source: rufus-3.14p.exe, 00000000.00000002.941087603.0000000007A18000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl0Q
Source: rufus-3.14p.exe, 00000000.00000003.926660595.0000000007A3A000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl04
Source: rufus-3.14p.exe, 00000000.00000003.926660595.0000000007A3A000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: rufus-3.14p.exe, 00000000.00000002.941087603.0000000007A18000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl0
Source: rufus-3.14p.exe, 00000000.00000003.926660595.0000000007A3A000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl0L
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: http://e2fsprogs.sourceforge.net/
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpString found in binary or memory: http://freedos.sourceforge.net/freecom
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: http://fsf.org/
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmp, Ruf5D27.tmp.0.drString found in binary or memory: http://halamix2.pl
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: http://ms-sys.sourceforge.net/
Source: rufus-3.14p.exeString found in binary or memory: http://ocsp.comodoca.com0
Source: rufus-3.14p.exe, 00000000.00000002.941087603.0000000007A18000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: rufus-3.14p.exe, 00000000.00000003.926660595.0000000007A3A000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0K
Source: rufus-3.14p.exe, 00000000.00000003.926660595.0000000007A3A000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0M
Source: rufus-3.14p.exe, 00000000.00000002.941087603.0000000007A18000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0Z
Source: rufus-3.14p.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: rufus-3.14p.exeString found in binary or memory: http://s.symcd.com06
Source: rufus-3.14p.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: rufus-3.14p.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: rufus-3.14p.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: rufus-3.14p.exe, 00000000.00000002.941087603.0000000007A18000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://7-zip.org/
Source: rufus-3.14p.exe, 00000000.00000003.926898680.0000000007A22000.00000004.00000001.sdmp, rufus-3.14p.exe, 00000000.00000003.693919903.0000000007A42000.00000004.00000001.sdmpString found in binary or memory: https://api.github.com/_private/browser/errors
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://axialis.com/
Source: rufus-3.14p.exeString found in binary or memory: https://d.symcb.com/cps0%
Source: rufus-3.14p.exeString found in binary or memory: https://d.symcb.com/rpa0
Source: rufus-3.14p.exeString found in binary or memory: https://d.symcb.com/rpa0.
Source: rufus-3.14p.exe, 00000000.00000003.693919903.0000000007A42000.00000004.00000001.sdmp, rufus-3.14p.exe, 00000000.00000002.941100440.0000000007A1B000.00000004.00000001.sdmp, rufus-3.14p.exe, 00000000.00000002.941062881.0000000007A10000.00000004.00000001.sdmpString found in binary or memory: https://github-releases.githubusercontent.com/165325376/fafe6000-62a6-11eb-97b7-11f2cc17770a?X-Amz-A
Source: rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmp, Ruf5D27.tmp.0.drString found in binary or memory: https://github.com/Chocobo1
Source: rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://github.com/chenall/grub4dos
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://github.com/kokke/tiny-regex-c
Source: rufus-3.14p.exeString found in binary or memory: https://github.com/pbatard/Fido
Source: rufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmp, Fido[1].ver.0.drString found in binary or memory: https://github.com/pbatard/Fido/releases/download/v1.11/Fido.ps1
Source: rufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmp, rufus-3.14p.exe, 00000000.00000002.928087831.000000000198B000.00000004.00000040.sdmp, Fido[1].ver.0.drString found in binary or memory: https://github.com/pbatard/Fido/releases/download/v1.18/Fido.ps1.lzma
Source: rufus-3.14p.exe, 00000000.00000002.928087831.000000000198B000.00000004.00000040.sdmpString found in binary or memory: https://github.com/pbatard/Fido/releases/download/v1.18/Fido.ps1.lzma8
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/bled
Source: rufus-3.14p.exeString found in binary or memory: https://github.com/pbatard/rufus/blob/master/res/
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000000.00000002.927433503.0000000000E1B000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684579001.0000000000E24000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/blob/master/res/loc/ChangeLog.txt
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/issues
Source: rufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmp, rufus-3.14p.exe, 00000000.00000002.928087831.000000000198B000.00000004.00000040.sdmp, Rufus_win[1].ver.0.drString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14.exe
Source: rufus-3.14p.exe, 00000000.00000002.928087831.000000000198B000.00000004.00000040.sdmpString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14.exe6
Source: rufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmpString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14.exedownload_url_arm
Source: rufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmp, Rufus_win[1].ver.0.drString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14_arm.exe
Source: rufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmpString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14_arm.exedownload_url_arm64
Source: rufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmp, Rufus_win[1].ver.0.drString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14_arm64.exe
Source: rufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmpString found in binary or memory: https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14_arm64.exerelease_notes
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/wiki/FAQ#BSODs_with_Windows_To_Go_drives_created_from_Windows_10_18
Source: rufus-3.14p.exeString found in binary or memory: https://github.com/pbatard/rufus/wiki/FAQ#Why_do_I_need_to_disable_Secure_Boot_to_use_UEFINTFS
Source: rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/rufus/wiki/FAQ#Why_do_I_need_to_disable_Secure_Boot_to_use_UEFINTFSSecure
Source: rufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/uefi-ntfs.
Source: rufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmpString found in binary or memory: https://github.com/pbatard/uefi-ntfs.MZ
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://github.com/weidai11/cryptopp/
Source: rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://goo.gl/QTobxX.
Source: rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://goo.gl/QTobxX.;
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://kolibrios.org/
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://processhacker.sourceforge.io/
Source: rufus-3.14p.exeString found in binary or memory: https://rufus.ie
Source: rufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmpString found in binary or memory: https://rufus.ie).
Source: rufus-3.14p.exeString found in binary or memory: https://rufus.ie/
Source: rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://rufus.ie/CheckForBetashttps://rufus.ieUsing
Source: rufus-3.14p.exeString found in binary or memory: https://rufus.ie/Fido.ver
Source: rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:
Source: rufus-3.14p.exeString found in binary or memory: https://rufus.ie/files
Source: rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://rufus.ie/files%s/%s-%s/%sGrub2%s
Source: rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://rufus.ie321Failed
Source: rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://sourceforge.net/projects/smartmontools
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://svn.reactos.org/reactos/trunk
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://svn.reactos.org/reactos/trunk/reactos/dll/win32/fmifs
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://syslinux.org/
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://tortoisegit.org/
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://tortoisesvn.net/
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://winscp.net/
Source: rufus-3.14p.exeString found in binary or memory: https://www.7-zip.org
Source: rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://www.7-zip.orgopenESP2.04rufus_filescore.imggrub%s-%s/%srbWill
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://www.busybox.net/
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://www.codeguru.com/forum/showthread.php?p=1951973
Source: rufus-3.14p.exe, 00000000.00000003.926660595.0000000007A3A000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://www.freedos.org/
Source: rufus-3.14p.exeString found in binary or memory: https://www.gnu.org/licenses/gpl-3.0.htmlF
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://www.gnu.org/software/fdisk
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://www.gnu.org/software/grub
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://www.gnu.org/software/libcdio
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://www.gnu.org/software/wget
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://www.gnupg.org/
Source: rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpString found in binary or memory: https://www.reactos.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 185.199.110.153:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.154:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D3A1E7 CryptAcquireContextW,CryptImportKey,CryptCreateHash,CryptHashData,CryptVerifySignatureW,CryptDestroyHash,CryptReleaseContext,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D3BA0A GetProcAddress,GetProcAddress,GetProcAddress,NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,_snprintf,strlen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D1DFC6: CreateFileA,DeviceIoControl,CloseHandle,
Source: C:\Users\user\Desktop\rufus-3.14p.exeFile created: C:\Windows\SysWOW64\GroupPolicy\gpt.iniJump to behavior
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D37278
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D33C45
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D210EE
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D91080
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D7F00C
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D119D5
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D8718D
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D2F287
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D2B20C
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D2ECA4
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D24C5F
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D12FD6
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D12794
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D37278
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D210EE
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D91080
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D2ECA4
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D24C5F
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D7F00C
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D119D5
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D8718D
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D2F287
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D2B20C
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D12794
Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\rufus.com 5F819F6EAE4B5845C082EDF14CB389AB9805BC3C17440F3B5398D4FDD0079FFE
Source: C:\Users\user\Desktop\rufus-3.14p.exeProcess token adjusted: Load Driver
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: String function: 00D4C592 appears 1523 times
Source: rufus-3.14p.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: rufus-3.14p.exe, 00000000.00000002.940474323.00000000071F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamecomdlg32.dll.muij% vs rufus-3.14p.exe
Source: rufus-3.14p.exe, 00000000.00000002.941022311.00000000077C0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs rufus-3.14p.exe
Source: rufus-3.14p.exe, 00000000.00000002.928704808.0000000003720000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameimageres.DLLj% vs rufus-3.14p.exe
Source: rufus-3.14p.exe, 00000000.00000002.927259489.0000000000C80000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs rufus-3.14p.exe
Source: rufus-3.14p.exe, 00000000.00000002.935781734.0000000005040000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameOLEACCRC.DLLj% vs rufus-3.14p.exe
Source: rufus-3.14p.exe, 00000000.00000000.662105062.0000000001057000.00000008.00020000.sdmpBinary or memory string: OriginalFilenamerufus-3.14.exe, vs rufus-3.14p.exe
Source: rufus-3.14p.exe, 00000001.00000002.683961357.00000000003F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs rufus-3.14p.exe
Source: rufus-3.14p.exe, 00000001.00000000.665664079.0000000001057000.00000008.00020000.sdmpBinary or memory string: OriginalFilenamerufus-3.14.exe, vs rufus-3.14p.exe
Source: rufus-3.14p.exeBinary or memory string: OriginalFilenamerufus-3.14.exe, vs rufus-3.14p.exe
Source: rufus-3.14p.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED
Source: rufus-3.14p.exeStatic PE information: Section: UPX1 ZLIB complexity 0.99911067827
Source: classification engineClassification label: mal42.spre.evad.winEXE@2/11@3/3
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D4CBB9 GetLastError,_snprintf,strlen,calloc,FormatMessageW,GetLastError,WideCharToMultiByte,??3@YAXPAX@Z,SetLastError,SetLastError,GetLastError,_snprintf,SetLastError,_snprintf,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D4B7B9 FindResourceA,LoadResource,SizeofResource,calloc,LockResource,LockResource,
Source: C:\Users\user\Desktop\rufus-3.14p.exeFile created: C:\Users\user\Desktop\rufus.comJump to behavior
Source: C:\Users\user\Desktop\rufus-3.14p.exeMutant created: \Sessions\1\BaseNamedObjects\Global/Rufus
Source: C:\Users\user\Desktop\rufus-3.14p.exeMutant created: \Sessions\1\BaseNamedObjects\Global/Rufus_CmdLine
Source: C:\Users\user\Desktop\rufus-3.14p.exeFile created: C:\Users\user\AppData\Local\Temp\Ruf5D27.tmpJump to behavior
Source: C:\Users\user\Desktop\rufus-3.14p.exeFile read: C:\Windows\SysWOW64\GroupPolicy\gpt.iniJump to behavior
Source: C:\Users\user\Desktop\rufus-3.14p.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\rufus-3.14p.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\rufus-3.14p.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: rufus-3.14p.exeString found in binary or memory: gen worden als het bestand al bestaat. Als er geen bestand online wordt gevonden, dan zal de standaard versie worden gebruikt." t MSG_117 "Standaard Windows-installatie" t MSG_119 "Geavanceerde eigenschappen van drive" t MSG_120 "Geavanceerde opties voor fo
Source: rufus-3.14p.exeString found in binary or memory: :size Sets maximum size of line edit buffer (default:128) /MACROS Displays all DOSKey macros /OVERSTRIKE Overwrites new characters onto line when typing (default) /REINSTALL Installs a new copy of DOSKey macroname Specifie
Source: rufus-3.14p.exeString found in binary or memory: the command to carry out for each file. command-parameters Specifies parameters or switches for the specified command. To use the FOR command in a batch program, specify %%variable instead of %variable. For example: FOR %f IN (---start--- a*
Source: rufus-3.14p.exeString found in binary or memory: /boot/x86_64/loader/isolinux.cfg
Source: rufus-3.14p.exeString found in binary or memory: /boot/i386/loader/isolinux.cfg
Source: rufus-3.14p.exeString found in binary or memory: -h, --help
Source: rufus-3.14p.exeString found in binary or memory: -h, --help
Source: rufus-3.14p.exeString found in binary or memory: chten:" t MSG_132 "Ein anderer Prozess bzw. ein anderes Programm verwendet das Laufwerk gerade. Wollen Sie es trotzdem formatieren?" t MSG_133 "Rufus hat erkannt, dass Sie ein 'Windows To Go'-Startmedium, basierend auf Windows 10 Version 1809, erstellen woll
Source: rufus-3.14p.exeString found in binary or memory: gen worden als het bestand al bestaat. Als er geen bestand online wordt gevonden, dan zal de standaard versie worden gebruikt." t MSG_117 "Standaard Windows-installatie" t MSG_119 "Geavanceerde eigenschappen van drive" t MSG_120 "Geavanceerde opties voor fo
Source: rufus-3.14p.exeString found in binary or memory: :size Sets maximum size of line edit buffer (default:128) /MACROS Displays all DOSKey macros /OVERSTRIKE Overwrites new characters onto line when typing (default) /REINSTALL Installs a new copy of DOSKey macroname Specifie
Source: rufus-3.14p.exeString found in binary or memory: the command to carry out for each file. command-parameters Specifies parameters or switches for the specified command. To use the FOR command in a batch program, specify %%variable instead of %variable. For example: FOR %f IN (---start--- a*
Source: rufus-3.14p.exeString found in binary or memory: /boot/x86_64/loader/isolinux.cfg
Source: rufus-3.14p.exeString found in binary or memory: /boot/i386/loader/isolinux.cfg
Source: rufus-3.14p.exeString found in binary or memory: -h, --help
Source: rufus-3.14p.exeString found in binary or memory: -h, --help
Source: rufus-3.14p.exeString found in binary or memory: chten:" t MSG_132 "Ein anderer Prozess bzw. ein anderes Programm verwendet das Laufwerk gerade. Wollen Sie es trotzdem formatieren?" t MSG_133 "Rufus hat erkannt, dass Sie ein 'Windows To Go'-Startmedium, basierend auf Windows 10 Version 1809, erstellen woll
Source: unknownProcess created: C:\Users\user\Desktop\rufus-3.14p.exe 'C:\Users\user\Desktop\rufus-3.14p.exe'
Source: unknownProcess created: C:\Users\user\Desktop\rufus-3.14p.exe 'C:\Users\user\Desktop\rufus-3.14p.exe'
Source: C:\Users\user\Desktop\rufus-3.14p.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA502722-A23D-11D1-A7D3-0000F87571E3}\InProcServer32
Source: C:\Users\user\Desktop\rufus-3.14p.exeFile written: C:\Windows\SysWOW64\GroupPolicy\gpt.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\rufus-3.14p.exeWindow detected: Number of UI elements: 28
Source: C:\Users\user\Desktop\rufus-3.14p.exeWindow detected: Number of UI elements: 33
Source: rufus-3.14p.exeStatic PE information: certificate valid
Source: rufus-3.14p.exeStatic file information: File size 1173560 > 1048576
Source: rufus-3.14p.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x112400
Source: rufus-3.14p.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: Binary string: C:\Projects\uefi-ntfs\arm\Release\bootarm.pdb source: rufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmp
Source: Binary string: C:\Projects\uefi-ntfs\aa64\Release\bootaa64.pdb source: rufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmp
Source: Binary string: C:\Projects\uefi-ntfs\ia32\Release\bootia32.pdb source: rufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmp
Source: Binary string: C:\Projects\uefi-ntfs\x64\Release\bootx64.pdb source: rufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmp
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D114F0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D330C4 push edi; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D36009 push edx; mov dword ptr [esp], edi
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D36009 push ecx; mov dword ptr [esp], esi
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D5515B push eax; mov dword ptr [esp], 00000C4Dh
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D4BDE7 push ecx; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D2C058 push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D291E2 push dword ptr [esp+ebx-18h]; retf
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D2F287 push eax; mov dword ptr [esp], esi
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D2B20C push eax; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D24C5F push ecx; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D24C5F push edx; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D506ED push eax; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D16EB5 push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D16EB5 push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D16EB5 push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D16EB5 push ecx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D16EB5 push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D16EB5 push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D17639 push ecx; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D17639 push edx; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D3B729 push edx; mov dword ptr [esp], 00DA8514h
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D2C058 push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D24C5F push ecx; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D24C5F push edx; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D4BDE7 push ecx; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D5515B push eax; mov dword ptr [esp], 00000C4Dh
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D506ED push eax; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D2F287 push eax; mov dword ptr [esp], esi
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D16EB5 push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D16EB5 push edx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D16EB5 push edx; mov dword ptr [esp], eax
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1

Persistence and Installation Behavior:

barindex
Drops PE files with a suspicious file extension
Source: C:\Users\user\Desktop\rufus-3.14p.exeFile created: C:\Users\user\Desktop\rufus.comJump to dropped file
Source: C:\Users\user\Desktop\rufus-3.14p.exeFile created: C:\Users\user\Desktop\rufus.comJump to dropped file
Source: C:\Users\user\Desktop\rufus-3.14p.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes

Malware Analysis System Evasion:

barindex
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Users\user\Desktop\rufus-3.14p.exeSection loaded: OutputDebugStringW count: 126
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D19332 strstr,_strnicmp,strlen,strlen,strstr,strlen,strstr,SetupDiGetDeviceInstanceIdA,SetupDiGetDeviceRegistryPropertyA,strlen,strlen,strlen,strlen,??3@YAXPAX@Z,SetupDiEnumDeviceInterfaces,GetLastError,
Source: C:\Users\user\Desktop\rufus-3.14p.exeDropped PE file which has not been started: C:\Users\user\Desktop\rufus.comJump to dropped file
Source: C:\Users\user\Desktop\rufus-3.14p.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleep
Source: C:\Users\user\Desktop\rufus-3.14p.exeEvasive API call chain: RegQueryValue,DecisionNodes,Sleep
Source: C:\Users\user\Desktop\rufus-3.14p.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\rufus-3.14p.exeAPI coverage: 4.2 %
Source: C:\Users\user\Desktop\rufus-3.14p.exeAPI coverage: 1.2 %
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D1FC08 GetLogicalDriveStringsA,strlen,isalpha,toupper,
Source: rufus-3.14p.exeBinary or memory string: VMware__VMware_Virtual_S
Source: rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpBinary or memory string: \\?\GLOBALROOTSuper Floppy DiskAndroid Boot PartitionAndroid Bootloader PartitionAndroid Cache PartitionAndroid Config PartitionAndroid Data PartitionAndroid Ext PartitionAndroid Factory PartitionAndroid Fastboot PartitionAndroid Metadata PartitionAndroid Misc PartitionAndroid OEM PartitionAndroid Persistent PartitionAndroid Recovery PartitionAndroid System PartitionAndroid Vendor PartitionApple APFS PartitionApple Boot PartitionApple Filevault PartitionApple HFS+ PartitionApple Label PartitionApple RAID Partition (Offline)Apple RAID PartitionApple RAID Cache PartitionApple RAID Scratch PartitionApple RAID Status PartitionApple RAID Volume PartitionApple Recovery PartitionApple UFS PartitionApple ZFS PartitionAtari Data PartitionBeOS BFS PartitionChrome OS Kernel PartitionChrome OS Reserved PartitionChrome OS Root PartitionCoreOS Raid PartitionCoreOS Reserved PartitionCoreOS Root PartitionCoreOS Usr PartitionFreeBSD Boot PartitionFreeBSD Data PartitionFreeBSD LVM PartitionFreeBSD Swap PartitionFreeBSD UFS PartitionFreeBSD ZFS PartitionBIOS Boot PartitionExtended Boot Loader PartitionEFI System PartitionMBR PartitionUnused PartitionHP-UX Data PartitionHP-UX Service PartitionIBM GPFS PartitionIntel Fast Flash PartitionLenovo Boot PartitionLinux Boot PartitionLinux Data PartitionLinux Encrypted PartitionLinux Home PartitionLinux LUKS PartitionLinux LVM PartitionLinux RAID PartitionLinux Reserved PartitionLinux Boot Partition (ARM)Linux Boot Partition (ARM64)Linux Boot Partition (x86-32)Linux Boot Partition (x86-64)Linux Srv PartitionLinux Swap PartitionMicrosoft Basic Data PartitionMicrosoft LDM Data PartitionMicrosoft LDM Metadata PartitionMicrosoft Recovery PartitionMicrosoft System Reserved PartitionMicrosoft Storage Spaces PartitionNetBSD Concatenated PartitionNetBSD Encrypted PartitionNetBSD FFS PartitionNetBSD LFS PartitionNetBSD RAID PartitionNetBSD Swap PartitionOpenBSD Data PartitionPlan 9 Data PartitionPReP Boot PartitionQNX Data PartitionSolaris Alternate Sector PartitionSolaris Backup PartitionSolaris Boot PartitionSolaris Home PartitionSolaris Reserved PartitionSolaris Root PartitionSolaris Swap PartitionSolaris Var PartitionSony Boot PartitionVeraCrypt Data PartitionVMware Coredump PartitionVMware Reserved PartitionVMware VMFS PartitionEmptyFAT12XENIX rootXENIX usrSmall FAT16ExtendedFAT16NTFS/exFAT/UDFAIXAIX BootableOS/2 Boot ManagerFAT32FAT32 LBAFAT16 LBAExtended LBAOPUSHidden FAT12Compaq DiagnosticsHidden Small FAT16Hidden FAT16Hidden NTFSAST SmartSleepHidden FAT32Hidden FAT32 LBAHidden FAT16 LBAWindows Mobile XIPSpeedStorNEC DOSWindows Mobile IMGFSHidden NTFS WinREPlan 9PMagic RecoveryVenix 80286PPC PReP BootSFSQNX4.xOnTrack DMCP/MEZ DriveGolden BowPriam EDiskGNU HURD/SysVNetwareDiskSecure MultiBootPC/IXNovellXOSLF.I.X.AODPSMinixGNU/Linux SwapGNU/LinuxWindows HibernationGNU/Linux ExtendedNTFS Volume SetGNU/Linux PlaintextFreeDOS Hidden FAT12GNU/Linux LVMFreeDOS Hidden FAT16FreeDOS Hidden ExtendedGNU/Linux HiddenCHRP ISO-9660FreeDOS
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "VMware-Laufwerkserkennung"
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "A detetar disco VMWare"
Source: rufus-3.14p.exeBinary or memory string: dimensione CORRETTA" t MSG_264 "Eliminazione cartella '%s'" t MSG_265 "Rilevamento disco VMWare" t MSG_266 "Modo duale UEFI/BIOS" t MSG_267 "Applicazione immagine Windows: %s" t MSG_268 "Applicazione immagine Windows..." t MSG_269 "Preserva data/ora" t
Source: Ruf5D27.tmp.0.drBinary or memory string: w VMWare"
Source: rufus-3.14p.exeBinary or memory string: VMware Coredump Partition
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "VMWare-levyn havaitseminen"
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "VMWare-schijfdetectie"
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "Deteksi VMWare disk"
Source: rufus-3.14p.exeBinary or memory string: o NTFS" t MSG_261 "A criar imagem: %s" t MSG_262 "Suporte ISO" t MSG_263 "Usar unidade de tamanho APROPRIADO" t MSG_264 "A apagar pasta '%s'" t MSG_265 "A detetar disco VMWare" t MSG_266 "Modo duplo UEFI/BIOS" t MSG_267 "Aplicar imagem Windows: %s" t M
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "Detectare disc VMWare"
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "VMWare disk detection"
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "VMware lemez
Source: Ruf5D27.tmp.0.drBinary or memory string: tection de disque VMWare"
Source: Ruf5D27.tmp.0.drBinary or memory string: o de disco VMWare"
Source: rufus-3.14p.exeBinary or memory string: VMware Reserved Partition
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "VMWare detekce disk"
Source: Ruf5D27.tmp.0.drBinary or memory string: vanie VMWare disku"
Source: rufus-3.14p.exeBinary or memory string: " t MSG_264 " '%s'" t MSG_265 " VMWare" t MSG_266 "
Source: rufus-3.14p.exeBinary or memory string: t MSG_260 "NTFS " t MSG_261 ": %s" t MSG_262 "ISO " t MSG_263 "" t MSG_264 " '%s'" t MSG_265 "VMWare " t MSG_266 "Dual
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "Zaznavanje diskov VMware"
Source: rufus-3.14p.exe, 00000001.00000002.685067045.000000000157B000.00000004.00000040.sdmpBinary or memory string: VMWare disk detection
Source: rufus-3.14p.exeBinary or memory string: okongan Rock Ridge" t MSG_259 "Paksa kemas kini" t MSG_260 "Mampatan NTFS" t MSG_261 "Menulis imej: %s" t MSG_262 "Sokongan ISO" t MSG_263 "Guna saiz seunit yang BETUL" t MSG_264 "Memadam direktori '%s'" t MSG_265 "Pengesanan cakera VMWare" t MSG_266 "
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "Pengesanan cakera VMWare"
Source: Ruf5D27.tmp.0.drBinary or memory string: a VMWare"
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "VMWare
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "VMWare disk detektering"
Source: rufus-3.14p.exeBinary or memory string: rrelsesenhet" t MSG_264 "Sletter mappe '%s'" t MSG_265 "VMWare-disk oppdagelse" t MSG_266 "Dobbel UEFI/BIOS-innstilling" t MSG_267 "Legger til Windows-bilde: %s" t MSG_268 "Legger til Windows-bilde..." t MSG_269 "Bevarer tidskode" t MSG_270 "USB-avkodin
Source: rufus-3.14p.exe, 00000000.00000002.928580187.00000000034E0000.00000004.00000001.sdmpBinary or memory string: VMWare disk detectionDx
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "Rilevamento disco VMWare"
Source: rufus-3.14p.exeBinary or memory string: t MSG_263 "Gunakan unit ukuran PROPER" t MSG_264 "Menghapus direktori '%s'" t MSG_265 "Deteksi VMWare disk" t MSG_266 "Modus Dual UEFI/BIOS" t MSG_267 "Menerapkan image Windows: %s" t MSG_268 "Menerapkan image Windows..." t MSG_269 "Pertahankan timestamp
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "VMWare diskdetekteringen
Source: rufus-3.14p.exeBinary or memory string: VMware VMKCORE
Source: rufus-3.14p.exeBinary or memory string: : %s" t MSG_262 "ISO " t MSG_263 "" t MSG_264 " '%s'" t MSG_265 "VMWare " t MSG_266 " UEFI/BIOS
Source: Ruf5D27.tmp.0.drBinary or memory string: n de discos VMWare"
Source: rufus-3.14p.exeBinary or memory string: VMware VMFS
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "VMWare disk alg
Source: rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpBinary or memory string: USBSTORRTSUERCMIUCREUCRUASPSTORVUSBSTORETRONSTORASUSSTPTSCSISDPCISTORRTSORJMCRJMCFRIMMPTSKRIMSPTSKRISDRIXDPTSKTI21SONYESD7SKESM7SKO2MDO2SDVIACR_SD__SDHC__MMC__MS__MSPro__xDPicture__O2Media_USBUSB 1.0USB 1.1USB 2.0USB 3.0USB 3.1Arsenal_________Virtual_KernSafeVirtual_________Msft____Virtual_Disk____VMware__VMware_Virtual_SYou must wait at least 10 seconds before trying to reset a deviceThe device you are trying to reset does not appear to be a USB device...Could not open %s: %sCycling port %d (reset) on %s Failed to cycle port: %sPlease wait for the device to re-appear...<NULL>Could not get classes for device cycling: %sCould not cycle device (D1): %sCould not cycle device (D2): %sCould not cycle device (E1): %sCould not cycle device (E2): %sCould not find a device to cycle!SetupDiGetClassDevs (Interface) failed: %sSetupDiGetDeviceRegistryProperty (Friendly Name) failed: %sGeneric Optical DriveFound '%s' optical deviceSetupDiEnumDeviceInterfaces failed: %sUnable to allocate data for SP_DEVICE_INTERFACE_DETAIL_DATASetupDiGetDeviceInterfaceDetail (dummy) failed: %sSetupDiGetDeviceInterfaceDetail (dummy) - no data was allocatedSetupDiGetDeviceInterfaceDetail (actual) failed: %s[ID][GP])UAS (disk from which Rufus is runningsystem disk
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "VMWare-disk oppdagelse"
Source: rufus-3.14p.exeBinary or memory string: w VMWare" t MSG_266 "Tryb dual UEFI/BIOS" t MSG_267 "Zastosowywanie obrazu Windows: %s" t MSG_268 "Zastosowywanie obrazu Windows..." t MSG_269 "Zachowaj znaczniki czasu" t MSG_270 "Debugowanie USB" t MSG_271 "Obliczanie sum kontrolnych obrazu: %s" t MSG
Source: Ruf5D27.tmp.0.drBinary or memory string: VMWare"
Source: Ruf5D27.tmp.0.drBinary or memory string: VMWare
Source: rufus-3.14p.exeBinary or memory string: t MSG_261 "Image schrijven: %s" t MSG_262 "ISO-ondersteuning" t MSG_263 "JUISTE grootte-eenheden gebruiken" t MSG_264 "Map '%s' verwijderen" t MSG_265 "VMWare-schijfdetectie" t MSG_266 "Dubbele UEFI/BIOS-modus" t MSG_267 "Windows-image toepassen: %s"
Source: rufus-3.14p.exeBinary or memory string: sche Ordner '%s'" t MSG_265 "VMware-Laufwerkserkennung" t MSG_266 "Dualer UEFI/BIOS-Modus" t MSG_267 "Windows-Abbild aufspielen: %s" t MSG_268 "Windows-Abbild aufspielen..." t MSG_269 "Zeitstempel bewahren" t MSG_270 "USB-Testmodus" t MSG_271 "Berechne
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "Otkrivanje VMware diska"
Source: Ruf5D27.tmp.0.drBinary or memory string: enje VMWare diska"
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "VMWare disko aptikimas"
Source: Ruf5D27.tmp.0.drBinary or memory string: t MSG_265 "Noteikts VMWare disks"
Source: rufus-3.14p.exeBinary or memory string: t MSG_260 "NTFS compression" t MSG_261 "Writing image: %s" t MSG_262 "ISO Support" t MSG_263 "Use PROPER size units" t MSG_264 "Deleting directory '%s'" t MSG_265 "VMWare disk detection" t MSG_266 "Dual UEFI/BIOS mode" t MSG_267 "Applying Windows image
Source: rufus-3.14p.exeBinary or memory string: ttelse" t MSG_263 "MiB notation" t MSG_264 "Sletter mappen '%s'" t MSG_265 "VMWare disk detektering" t MSG_267 "Anvender Windows-image: %s" t MSG_268 "Anvender Windows-image..." t MSG_269 "Bevar tidsstempler" t MSG_271 "Beregner imagechecksumme: %s" t
Source: rufus-3.14p.exeBinary or memory string: VMware VMFS Partition
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D114F0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,
Source: C:\Users\user\Desktop\rufus-3.14p.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D111B3 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,_amsg_exit,_initterm,_cexit,exit,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 1_2_00D111B3 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,_amsg_exit,_initterm,_cexit,exit,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D4C230 GetCurrentProcess,OpenProcessToken,GetTokenInformation,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,CloseHandle,
Source: rufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmpBinary or memory string: Program Manager
Source: rufus-3.14p.exe, 00000000.00000002.928121172.0000000001B90000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: rufus-3.14p.exe, 00000000.00000002.928121172.0000000001B90000.00000002.00000001.sdmpBinary or memory string: Progman
Source: rufus-3.14p.exe, 00000000.00000002.928121172.0000000001B90000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetKeyboardLayoutNameA,sscanf,GetSystemDefaultLangID,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fputs,fprintf,fprintf,fputs,fclose,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fputs,fprintf,fputs,fprintf,fprintf,fprintf,fputs,fclose,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetKeyboardLayoutNameA,sscanf,GetSystemDefaultLangID,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fputs,fprintf,fprintf,fputs,fclose,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fputs,fprintf,fputs,fprintf,fprintf,fprintf,fputs,fclose,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D19332 strstr,_strnicmp,strlen,strlen,strstr,strlen,strstr,SetupDiGetDeviceInstanceIdA,SetupDiGetDeviceRegistryPropertyA,strlen,strlen,strlen,strlen,??3@YAXPAX@Z,SetupDiEnumDeviceInterfaces,GetLastError,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D33C45 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,Sleep,GetVersionExA,InternetCrackUrlA,_snprintf,InternetConnectA,??3@YAXPAX@Z,??3@YAXPAX@Z,_snprintf,strlen,HttpOpenRequestA,HttpSendRequestA,HttpQueryInfoA,InternetCloseHandle,HttpQueryInfoA,SystemTimeToFileTime,_snprintf,HttpQueryInfoA,calloc,InternetReadFile,_snprintf,??3@YAXPAX@Z,??3@YAXPAX@Z,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,Sleep,PostMessageW,RtlExitUserThread,_strtoi64,??3@YAXPAX@Z,_snprintf,GetSystemTime,SystemTimeToFileTime,
Source: C:\Users\user\Desktop\rufus-3.14p.exeCode function: 0_2_00D33C45 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,Sleep,GetVersionExA,InternetCrackUrlA,_snprintf,InternetConnectA,??3@YAXPAX@Z,??3@YAXPAX@Z,_snprintf,strlen,HttpOpenRequestA,HttpSendRequestA,HttpQueryInfoA,InternetCloseHandle,HttpQueryInfoA,SystemTimeToFileTime,_snprintf,HttpQueryInfoA,calloc,InternetReadFile,_snprintf,??3@YAXPAX@Z,??3@YAXPAX@Z,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,Sleep,PostMessageW,RtlExitUserThread,_strtoi64,??3@YAXPAX@Z,_snprintf,GetSystemTime,SystemTimeToFileTime,
Source: C:\Users\user\Desktop\rufus-3.14p.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings:

barindex
Modifies Group Policy settings
Source: C:\Users\user\Desktop\rufus-3.14p.exeFile written: C:\Windows\System32\GroupPolicy\GPT.INIJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Replication Through Removable Media11Command and Scripting Interpreter2LSASS Driver1Process Injection2Masquerading111OS Credential DumpingSystem Time Discovery1Replication Through Removable Media11Archive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel22Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
Default AccountsNative API2Boot or Logon Initialization ScriptsLSASS Driver1Virtualization/Sandbox Evasion1LSASS MemoryQuery Registry2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerSecurity Software Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection2NTDSVirtualization/Sandbox Evasion1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsProcess Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information21Cached Domain CredentialsPeripheral Device Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing11DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemFile and Directory Discovery3Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Information Discovery24Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 420143 Sample: rufus-3.14p.exe Startdate: 21/05/2021 Architecture: WINDOWS Score: 42 4 rufus-3.14p.exe 1 30 2->4         started        9 rufus-3.14p.exe 2 2->9         started        dnsIp3 15 github.com 140.82.121.3, 443, 49746 GITHUBUS United States 4->15 17 github-releases.githubusercontent.com 185.199.109.154, 443, 49748 FASTLYUS Netherlands 4->17 19 rufus.ie 185.199.110.153, 443, 49745 FASTLYUS Netherlands 4->19 11 C:\Users\user\Desktop\rufus.com, PE32 4->11 dropped 13 C:\Windows\System32behaviorgraphroupPolicybehaviorgraphPT.INI, ASCII 4->13 dropped 21 Changes autostart functionality of drives 4->21 23 Drops PE files with a suspicious file extension 4->23 25 Modifies Group Policy settings 4->25 27 Tries to delay execution (extensive OutputDebugStringW loop) 4->27 file4 signatures5

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
rufus-3.14p.exe0%MetadefenderBrowse
rufus-3.14p.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Desktop\rufus.com2%MetadefenderBrowse
C:\Users\user\Desktop\rufus.com0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://kolibrios.org/0%Avira URL Cloudsafe
https://rufus.ie).0%Avira URL Cloudsafe
https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:0%Avira URL Cloudsafe
https://rufus.ie/Fido.ver0%Avira URL Cloudsafe
http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm0%Avira URL Cloudsafe
http://cacerts.di0%Avira URL Cloudsafe
https://rufus.ie/CheckForBetashttps://rufus.ieUsing0%Avira URL Cloudsafe
https://rufus.ie/0%Avira URL Cloudsafe
https://rufus.ie0%Avira URL Cloudsafe
http://halamix2.pl0%Avira URL Cloudsafe
https://rufus.ie/files0%Avira URL Cloudsafe
https://axialis.com/0%Avira URL Cloudsafe
https://syslinux.org/0%Avira URL Cloudsafe
https://rufus.ie/files%s/%s-%s/%sGrub2%s0%Avira URL Cloudsafe
https://rufus.ie321Failed0%Avira URL Cloudsafe
https://www.7-zip.orgopenESP2.04rufus_filescore.imggrub%s-%s/%srbWill0%Avira URL Cloudsafe
https://github-releases.githubusercontent.com/165325376/fafe6000-62a6-11eb-97b7-11f2cc17770a?X-Amz-A0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
github.com
140.82.121.3
truefalse
    		high
    rufus.ie
    		185.199.110.153
    		truefalse
      		unknown
      github-releases.githubusercontent.com
      		185.199.109.154
      		truefalse
        		unknown
        NameSourceMaliciousAntivirus DetectionReputation
        https://github.com/pbatard/rufus/wiki/FAQ#Why_do_I_need_to_disable_Secure_Boot_to_use_UEFINTFSSecurerufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
          		high
          https://tortoisesvn.net/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
            		high
            https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14_arm64.exerufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmp, Rufus_win[1].ver.0.drfalse
              		high
              https://www.gnu.org/software/fdiskrufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                		high
                https://www.gnu.org/software/grubrufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                  		high
                  https://svn.reactos.org/reactos/trunkrufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                    		high
                    https://www.busybox.net/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                      		high
                      https://github.com/pbatard/rufus/blob/master/res/rufus-3.14p.exefalse
                        		high
                        https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14.exe6rufus-3.14p.exe, 00000000.00000002.928087831.000000000198B000.00000004.00000040.sdmpfalse
                          		high
                          https://processhacker.sourceforge.io/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                            		high
                            https://tortoisegit.org/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                              		high
                              https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14_arm64.exerelease_notesrufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmpfalse
                                		high
                                https://kolibrios.org/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://winscp.net/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                  		high
                                  https://svn.reactos.org/reactos/trunk/reactos/dll/win32/fmifsrufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                    		high
                                    https://www.gnu.org/licenses/gpl-3.0.htmlFrufus-3.14p.exefalse
                                      		high
                                      https://rufus.ie).rufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://sourceforge.net/projects/smartmontoolsrufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                        		high
                                        https://github.com/weidai11/cryptopp/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                          		high
                                          http://e2fsprogs.sourceforge.net/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                            		high
                                            https://github.com/pbatard/rufus/issuesrufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                              		high
                                              https://www.gnupg.org/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                		high
                                                http://ms-sys.sourceforge.net/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                  		high
                                                  https://rufus.ie/Fido.verrufus-3.14p.exefalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.reactos.org/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                    		high
                                                    http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htmrufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14_arm.exerufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmp, Rufus_win[1].ver.0.drfalse
                                                      		high
                                                      https://github.com/pbatard/uefi-ntfs.MZrufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmpfalse
                                                        		high
                                                        https://www.7-zip.orgrufus-3.14p.exefalse
                                                          		high
                                                          https://github.com/pbatard/Fido/releases/download/v1.18/Fido.ps1.lzma8rufus-3.14p.exe, 00000000.00000002.928087831.000000000198B000.00000004.00000040.sdmpfalse
                                                            		high
                                                            http://cacerts.dirufus-3.14p.exe, 00000000.00000003.926660595.0000000007A3A000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://rufus.ie/CheckForBetashttps://rufus.ieUsingrufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://github.com/pbatard/rufus/wiki/FAQ#BSODs_with_Windows_To_Go_drives_created_from_Windows_10_18rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                              		high
                                                              https://rufus.ie/rufus-3.14p.exefalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://github.com/kokke/tiny-regex-crufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                		high
                                                                https://rufus.ierufus-3.14p.exefalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://halamix2.plrufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmp, Ruf5D27.tmp.0.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.gnu.org/software/wgetrufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                  		high
                                                                  https://rufus.ie/filesrufus-3.14p.exefalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://goo.gl/QTobxX.;rufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                    		high
                                                                    https://axialis.com/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.freedos.org/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                      		high
                                                                      https://github.com/pbatard/bledrufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                        		high
                                                                        https://github.com/pbatard/rufus/blob/master/res/loc/ChangeLog.txtrufus-3.14p.exe, rufus-3.14p.exe, 00000000.00000002.927433503.0000000000E1B000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684579001.0000000000E24000.00000040.00020000.sdmpfalse
                                                                          		high
                                                                          https://syslinux.org/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://rufus.ie/files%s/%s-%s/%sGrub2%srufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://github.com/pbatard/Fido/releases/download/v1.18/Fido.ps1.lzmarufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmp, rufus-3.14p.exe, 00000000.00000002.928087831.000000000198B000.00000004.00000040.sdmp, Fido[1].ver.0.drfalse
                                                                            		high
                                                                            https://www.codeguru.com/forum/showthread.php?p=1951973rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                              		high
                                                                              https://rufus.ie321Failedrufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14.exerufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmp, rufus-3.14p.exe, 00000000.00000002.928087831.000000000198B000.00000004.00000040.sdmp, Rufus_win[1].ver.0.drfalse
                                                                                		high
                                                                                https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14.exedownload_url_armrufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://www.7-zip.orgopenESP2.04rufus_filescore.imggrub%s-%s/%srbWillrufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		low
                                                                                  https://github.com/pbatard/rufus/wiki/FAQ#Why_do_I_need_to_disable_Secure_Boot_to_use_UEFINTFSrufus-3.14p.exefalse
                                                                                    		high
                                                                                    https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14_arm.exedownload_url_arm64rufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/pbatard/uefi-ntfs.rufus-3.14p.exe, 00000000.00000002.927627582.0000000000FCA000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684900502.0000000000FCA000.00000040.00020000.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/pbatard/Fidorufus-3.14p.exefalse
                                                                                          		high
                                                                                          https://github.com/chenall/grub4dosrufus-3.14p.exe, 00000000.00000002.927385472.0000000000D98000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/Chocobo1rufus-3.14p.exe, 00000000.00000002.927466326.0000000000E37000.00000040.00020000.sdmp, rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmp, Ruf5D27.tmp.0.drfalse
                                                                                              		high
                                                                                              http://fsf.org/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                                                		high
                                                                                                http://freedos.sourceforge.net/freecomrufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684603529.0000000000E37000.00000040.00020000.sdmpfalse
                                                                                                  		high
                                                                                                  https://7-zip.org/rufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/pbatard/Fido/releases/download/v1.11/Fido.ps1rufus-3.14p.exe, 00000000.00000002.928591606.00000000034E8000.00000004.00000001.sdmp, Fido[1].ver.0.drfalse
                                                                                                      		high
                                                                                                      https://goo.gl/QTobxX.rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.gnu.org/software/libcdiorufus-3.14p.exe, rufus-3.14p.exe, 00000001.00000002.684516397.0000000000D98000.00000040.00020000.sdmpfalse
                                                                                                          		high
                                                                                                          https://api.github.com/_private/browser/errorsrufus-3.14p.exe, 00000000.00000003.926898680.0000000007A22000.00000004.00000001.sdmp, rufus-3.14p.exe, 00000000.00000003.693919903.0000000007A42000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://github-releases.githubusercontent.com/165325376/fafe6000-62a6-11eb-97b7-11f2cc17770a?X-Amz-Arufus-3.14p.exe, 00000000.00000003.693919903.0000000007A42000.00000004.00000001.sdmp, rufus-3.14p.exe, 00000000.00000002.941100440.0000000007A1B000.00000004.00000001.sdmp, rufus-3.14p.exe, 00000000.00000002.941062881.0000000007A10000.00000004.00000001.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown

                                                                                                            Contacted IPs

                                                                                                            • No. of IPs < 25%
                                                                                                            • 25% < No. of IPs < 50%
                                                                                                            • 50% < No. of IPs < 75%
                                                                                                            • 75% < No. of IPs

                                                                                                            Public

                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                            140.82.121.3
                                                                                                            		github.comUnited States
                                                                                                            		36459GITHUBUSfalse
                                                                                                            185.199.109.154
                                                                                                            		github-releases.githubusercontent.comNetherlands
                                                                                                            		54113FASTLYUSfalse
                                                                                                            185.199.110.153
                                                                                                            		rufus.ieNetherlands
                                                                                                            		54113FASTLYUSfalse

                                                                                                            General Information

                                                                                                            Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                            Analysis ID:420143
                                                                                                            Start date:21.05.2021
                                                                                                            Start time:23:37:47
                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                            Overall analysis duration:0h 9m 35s
                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                            Report type:light
                                                                                                            Sample file name:rufus-3.14p.exe
                                                                                                            Cookbook file name:default.jbs
                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                            Number of analysed new started processes analysed:18
                                                                                                            Number of new started drivers analysed:0
                                                                                                            Number of existing processes analysed:0
                                                                                                            Number of existing drivers analysed:0
                                                                                                            Number of injected processes analysed:0
                                                                                                            Technologies:
                                                                                                            • HCA enabled
                                                                                                            • EGA enabled
                                                                                                            • HDC enabled
                                                                                                            • AMSI enabled
                                                                                                            Analysis Mode:default
                                                                                                            Analysis stop reason:Timeout
                                                                                                            Detection:MAL
                                                                                                            Classification:mal42.spre.evad.winEXE@2/11@3/3
                                                                                                            EGA Information:
                                                                                                            • Successful, ratio: 100%
                                                                                                            HDC Information:
                                                                                                            • Successful, ratio: 8.1% (good quality ratio 0.8%)
                                                                                                            • Quality average: 4.6%
                                                                                                            • Quality standard deviation: 12.1%
                                                                                                            HCA Information:Failed
                                                                                                            Cookbook Comments:
                                                                                                            • Adjust boot time
                                                                                                            • Enable AMSI
                                                                                                            • Found application associated with file extension: .exe
                                                                                                            Warnings:
                                                                                                            • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                                            • TCP Packets have been reduced to 100
                                                                                                            • Excluded IPs from analysis (whitelisted): 52.184.81.210, 104.42.151.234, 13.64.90.137, 92.122.145.220, 20.82.210.154, 40.127.240.158, 52.155.217.156, 20.54.26.129, 92.122.213.194, 92.122.213.247
                                                                                                            • Excluded domains from analysis (whitelisted): displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, store-images.s-microsoft.com-c.edgekey.net, settings-win.data.microsoft.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, iris-de-prod-azsc-eas-b.eastasia.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, settingsfd-geo.trafficmanager.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                            • VT rate limit hit for: /opt/package/joesandbox/database/analysis/420143/sample/rufus-3.14p.exe

                                                                                                            Simulations

                                                                                                            No simulations

                                                                                                            Joe Sandbox View / Context

                                                                                                            IPs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                            140.82.121.3Secured fILE.jsGet hashmaliciousBrowse
                                                                                                              INVOICE NO 070FT06.exeGet hashmaliciousBrowse
                                                                                                                Quoataion.jarGet hashmaliciousBrowse
                                                                                                                  Remittance-E-MAIL-Layout-11_.jarGet hashmaliciousBrowse
                                                                                                                    Remittance-E-MAIL-Layout-11_.jarGet hashmaliciousBrowse
                                                                                                                      Quotation.jarGet hashmaliciousBrowse
                                                                                                                        Signed Contract.jarGet hashmaliciousBrowse
                                                                                                                          IMG_0124.jarGet hashmaliciousBrowse
                                                                                                                            Signed Contract.jarGet hashmaliciousBrowse
                                                                                                                              IMG_0124.jarGet hashmaliciousBrowse
                                                                                                                                XPBPS2DL.exeGet hashmaliciousBrowse
                                                                                                                                  ATTACHED DRAWING AND SPECIFICATION.jarGet hashmaliciousBrowse
                                                                                                                                    Passport_ID_jpg.jarGet hashmaliciousBrowse
                                                                                                                                      shipment documents.jarGet hashmaliciousBrowse
                                                                                                                                        Ningbo-Bank Details.exe.exeGet hashmaliciousBrowse
                                                                                                                                          Signed Contract.jarGet hashmaliciousBrowse
                                                                                                                                            Remittance E-MAIL Layout - 10_.jarGet hashmaliciousBrowse
                                                                                                                                              F14 PO pdf.jarGet hashmaliciousBrowse
                                                                                                                                                F14 PO pdf.jarGet hashmaliciousBrowse
                                                                                                                                                  Remittance E-MAIL Layout - 10_.jarGet hashmaliciousBrowse
                                                                                                                                                    185.199.109.154ATTACHED DRAWING AND SPECIFICATION.jarGet hashmaliciousBrowse
                                                                                                                                                      ATTACHED DRAWING AND SPECIFICATION.jarGet hashmaliciousBrowse
                                                                                                                                                        Remittance E-MAIL Layout - 10_.jarGet hashmaliciousBrowse
                                                                                                                                                          BANK DETAILS.jarGet hashmaliciousBrowse
                                                                                                                                                            Bank payment copy.jarGet hashmaliciousBrowse
                                                                                                                                                              Bank payment copy.jarGet hashmaliciousBrowse
                                                                                                                                                                PL-REM-40310EMEA02 (0085).jarGet hashmaliciousBrowse
                                                                                                                                                                  DHL Notification.jarGet hashmaliciousBrowse
                                                                                                                                                                    EPC Works for AMAALA AIRFIELD PROJECT - WORK .jarGet hashmaliciousBrowse
                                                                                                                                                                      Payment Advice-BCS_ECS9522020090915390034_3159_952.jarGet hashmaliciousBrowse
                                                                                                                                                                        Purchase Order AMG 4530000463.jarGet hashmaliciousBrowse
                                                                                                                                                                          SecuriteInfo.com.Variant.Cerbu.95336.8410.exeGet hashmaliciousBrowse
                                                                                                                                                                            PO#5200668.jarGet hashmaliciousBrowse
                                                                                                                                                                              DHL SHIPPING DOCUMENT.jarGet hashmaliciousBrowse
                                                                                                                                                                                POM9433T-V_16-04-2021_pdf.zip.jarGet hashmaliciousBrowse
                                                                                                                                                                                  Payment_Inv#0224-15-04-2021_pdf.jarGet hashmaliciousBrowse
                                                                                                                                                                                    Telekom.jarGet hashmaliciousBrowse
                                                                                                                                                                                      Pago 31 Mar 2021 at 2.15PP3343PDF.jarGet hashmaliciousBrowse
                                                                                                                                                                                        ShowKeyPlus.exeGet hashmaliciousBrowse
                                                                                                                                                                                          https://patrickphimr5.github.io/memoaideivozx/dsfriet.html?bbre=dxcfdgoissGet hashmaliciousBrowse

                                                                                                                                                                                            Domains

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                            rufus.ierufus-3.13.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.108.153
                                                                                                                                                                                            rufus_3-4_fr_430321.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.110.153
                                                                                                                                                                                            rufus-3.13.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.109.153
                                                                                                                                                                                            rufus_3-4_fr_430321.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.109.153
                                                                                                                                                                                            rufus-3.13.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.111.153
                                                                                                                                                                                            rufus-3.11.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.109.153
                                                                                                                                                                                            rufus-3.4p.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.111.153
                                                                                                                                                                                            rufus-portable-v3.10.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.111.153
                                                                                                                                                                                            rufus-portable-v3.9.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.111.153
                                                                                                                                                                                            rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.108.153
                                                                                                                                                                                            rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.109.153
                                                                                                                                                                                            https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.108.153
                                                                                                                                                                                            rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.111.153
                                                                                                                                                                                            rufus-3.3p.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 192.159.65.198
                                                                                                                                                                                            http://rufus.akeo.ie/downloads/rufus-3.3.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 192.159.65.198
                                                                                                                                                                                            rufus-3.5.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.108.153
                                                                                                                                                                                            rufus-usb-3-3.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.111.153
                                                                                                                                                                                            rufus-3.5.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.109.153
                                                                                                                                                                                            rufus-3.5.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.108.153
                                                                                                                                                                                            github.comPayment Advice Note from 05202021.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            Payment Advice Note from 05202021.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            Secured fILE.jsGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            INVOICE NO 070FT06.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            VertiPaq Analyzer 2.02.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.5
                                                                                                                                                                                            VertiPaq Analyzer 2.02.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.6
                                                                                                                                                                                            Quoataion.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            Remittance-E-MAIL-Layout-11_.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            Remittance-E-MAIL-Layout-11_.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            Quotation.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            Quotation.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            Signed Contract.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            IMG_0124.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            Signed Contract.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            IMG_0124.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            XPBPS2DL.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            Quotation.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            Quotation.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            ATTACHED DRAWING AND SPECIFICATION.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4

                                                                                                                                                                                            ASN

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                            FASTLYUSf9be348e_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.108.154
                                                                                                                                                                                            2078a047_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            Payment Advice Note from 05202021.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.108.154
                                                                                                                                                                                            Payment Advice Note from 05202021.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.108.154
                                                                                                                                                                                            f8d8164d_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            f8d8164d_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            0085b9f4536d96dafb67cb2293662f607266ae5da53d3.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            be584e9b_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            442a6930_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            442a6930_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            #Ud83d#Udcde(801) 451.htmGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.65.195
                                                                                                                                                                                            4ce7ca7a_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            4ce7ca7a_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            Secured fILE.jsGet hashmaliciousBrowse
                                                                                                                                                                                            • 185.199.108.154
                                                                                                                                                                                            tUCoHhXo.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            tUCoHhXo.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            0e12ea4a_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            0e12ea4a_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            c78db2c6_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            44329,6550195602.dllGet hashmaliciousBrowse
                                                                                                                                                                                            • 151.101.1.44
                                                                                                                                                                                            GITHUBUSf9be348e_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            Payment Advice Note from 05202021.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            Payment Advice Note from 05202021.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            Secured fILE.jsGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            INVOICE NO 070FT06.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            VertiPaq Analyzer 2.02.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.5
                                                                                                                                                                                            VertiPaq Analyzer 2.02.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.6
                                                                                                                                                                                            Quoataion.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            Remittance-E-MAIL-Layout-11_.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            Remittance-E-MAIL-Layout-11_.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            Quotation.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            Quotation.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            Signed Contract.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            IMG_0124.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            Signed Contract.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            IMG_0124.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            XPBPS2DL.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            Quotation.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            Quotation.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4
                                                                                                                                                                                            ATTACHED DRAWING AND SPECIFICATION.jarGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.4

                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                            6271f898ce5be7dd52b0fc260d0662b3rufus-3.13.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 185.199.109.154
                                                                                                                                                                                            • 185.199.110.153
                                                                                                                                                                                            rufus-3.13.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 185.199.109.154
                                                                                                                                                                                            • 185.199.110.153
                                                                                                                                                                                            rufus-3.13.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 185.199.109.154
                                                                                                                                                                                            • 185.199.110.153
                                                                                                                                                                                            rufus-3.11.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 185.199.109.154
                                                                                                                                                                                            • 185.199.110.153
                                                                                                                                                                                            filecoach[1].exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 185.199.109.154
                                                                                                                                                                                            • 185.199.110.153
                                                                                                                                                                                            Invoice_no.-9fwd7-xy0c5zge.pdfGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 185.199.109.154
                                                                                                                                                                                            • 185.199.110.153
                                                                                                                                                                                            Invoice_no.-9fwd7-xy0c5zge.pdfGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 185.199.109.154
                                                                                                                                                                                            • 185.199.110.153
                                                                                                                                                                                            Incoming_Fax-Kknsy vkomlus2.pdfGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 185.199.109.154
                                                                                                                                                                                            • 185.199.110.153
                                                                                                                                                                                            New Fax 8elrb bq7txtl4.pdfGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 185.199.109.154
                                                                                                                                                                                            • 185.199.110.153
                                                                                                                                                                                            https://val.filesconverterpro.com/js/FilesConverterProApp.exeGet hashmaliciousBrowse
                                                                                                                                                                                            • 140.82.121.3
                                                                                                                                                                                            • 185.199.109.154
                                                                                                                                                                                            • 185.199.110.153

                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                            C:\Users\user\Desktop\rufus.comrufus-3.13.exeGet hashmaliciousBrowse
                                                                                                                                                                                              rufus_3-4_fr_430321.exeGet hashmaliciousBrowse
                                                                                                                                                                                                rufus-3.13.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  rufus_3-4_fr_430321.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    rufus-3.13.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      rufus-2.9.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        rufus-3.11.exeGet hashmaliciousBrowse
                                                                                                                                                                                                          rufus-3.4p.exeGet hashmaliciousBrowse
                                                                                                                                                                                                            rufus-portable-v3.10.exeGet hashmaliciousBrowse
                                                                                                                                                                                                              rufus-portable-v3.9.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                    https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                      rufus-3.9.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                        rufus-3.5.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                          rufus-usb-3-3.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                            rufus-3.5.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              rufus-3.5.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                Rufus 2.10.exeGet hashmaliciousBrowse

                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Fido[1].ver
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\rufus-3.14p.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):145
                                                                                                                                                                                                                                  Entropy (8bit):4.553719870222819
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:zNeFEdlHgHMkCmE3K75Lv0FEdlHgHMkCmNKw8pn:U2sssE3K75LM2sssA
                                                                                                                                                                                                                                  MD5:21B6181F364A6F67D6F0B2749775D760
                                                                                                                                                                                                                                  SHA1:47ECAD418DC2AFC7AC43FCD2C20DDF2837496ABF
                                                                                                                                                                                                                                  SHA-256:8D475BE0934C0C7AAA00A441FC9FB6A5040D56AD5F21EC685CF483654D0151AF
                                                                                                                                                                                                                                  SHA-512:009F965D8D336A0B008DDB9B85AF663D760741638199EEABB12AF76AF443A2D7A0A16BC46E1B72033E5DE9B94131B76646A5B874F0E62CAB1F041EE7735DB14C
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Preview: z1 = https://github.com/pbatard/Fido/releases/download/v1.18/Fido.ps1.lzma.v1 = https://github.com/pbatard/Fido/releases/download/v1.11/Fido.ps1.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Rufus_win.ver[1].sig
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\rufus-3.14p.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):256
                                                                                                                                                                                                                                  Entropy (8bit):7.163857935602921
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:t0nc7zQIYmRwL+ARhBSSRdtq4jad4NAMpdC9TuxmLmR3EST:t0nwQWRZARnBTja8AMW9qxOmRFT
                                                                                                                                                                                                                                  MD5:585BD296C1B00D93481BC60597F45574
                                                                                                                                                                                                                                  SHA1:6FC387F8E6B2AE98C13A92F8D17A448DD03666A5
                                                                                                                                                                                                                                  SHA-256:1788F672181B8D45EED3BE00F39CDE88F2633B60B986DA21E4E5A4D4DE2CF6F8
                                                                                                                                                                                                                                  SHA-512:08F4242DCB4E5D9BCED0B280FF49F2C91A240DD7507BE29F8687E81280C2E9AD0514D0F2DCF1D03574100F71EFEC4D3D2B7532FB39915ED02244DED31B8664D2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Preview: Y......[..Q.U)x.......W.*.4...:.]lA2.j..k.C/.ns...m.k.tq..E....yQ.......?..^...?.>....W...{hk.).a<b.TTX{.v! ..m...b"c...Md4..].hCZ73...H.....34.............q._?..h.DC.............K.....L}........1.....#....u.*.t.u.~Q..i.A.z&y0._.......N...x.:@.
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Rufus_win[1].ver
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\rufus-3.14p.exe
                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1398
                                                                                                                                                                                                                                  Entropy (8bit):5.187790638188705
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:24:EzP/wnc3CBn6nTUvaUp1mdcD77HIv9pU1vTyLW3ZqCIfNBno:1UCBnQIvaUfm+/E9aTyLMMCKBno
                                                                                                                                                                                                                                  MD5:842CD37EA696B0772076094C3A51FBDE
                                                                                                                                                                                                                                  SHA1:2F7034AC577BD6FE0A49247393A6296E99C500D2
                                                                                                                                                                                                                                  SHA-256:C94054DE1DEE681D0D9124B0ADCC0FDAC8182CF609D1613CAD5A68F6A1EDAC8E
                                                                                                                                                                                                                                  SHA-512:41F6CBD6E3354BF017565D0EC875ECD46C2C12FFB28AB00F4D6543765651D11767FF91BBBE2596B2077EC0CF71EAB9E8B789A9D434ABC09A6C5C770736B1E90F
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Preview: version = 3.14.1788.platform_min = 6.1.download_url = https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14.exe.download_url_arm = https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14_arm.exe.download_url_arm64 = https://github.com/pbatard/rufus/releases/download/v3.14/rufus-3.14_arm64.exe.release_notes = {\rtf1\fbidis\ansi\ansicpg1252\deff0\deflang1024{\fonttbl{\f0\fnil\fcharset0 Courier New;}{\f1\fnil\fcharset0 Arial Unicode MS;}{\f2\fnil\fcharset2 Symbol;}}..\pard\ltrpar\sl276\slmult1\b\f0\fs22\lang9\tab Rufus 3.14 (2021.04.30)\b0\par\par..\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent0{\pntxtb\'B7}}\ltrpar\fi-360\li720\sl276\slmult1\fs16 Improve DD write speed (uncompressed images only)\par.{\pntext\f2\'B7\tab}Improve checksum computation speed\par.{\pntext\f2\'B7\tab}Improve network connectivity detection\par.{\pntext\f2\'B7\tab}Only prompt for additional GRUB/Syslinux downloads when not writing in DD mode\par.{\pntext\f2\'B7\tab}Fix potential
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Ruf5D27.tmp
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\rufus-3.14p.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1050378
                                                                                                                                                                                                                                  Entropy (8bit):6.380412282872303
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:2leTptPtqLcM6Cb//I2AxptVv0SdPgYRFKzcoeFKFFs3ZDlu/IApsDsiHgzhLcS2:20XM6CsT90SRGzBeFKFFs3ZDlu0anqB
                                                                                                                                                                                                                                  MD5:A5E75F38E202625661BAF5582912583F
                                                                                                                                                                                                                                  SHA1:55D149D862D5A3542883E3706C0A9EE8434DC238
                                                                                                                                                                                                                                  SHA-256:7A4FB90CE7332206F7F7E93055085BB55D5F27E42CE8DD84C5EC3873A0CB375D
                                                                                                                                                                                                                                  SHA-512:8CF6BEC72B32881F105AD6F212B9C7E7392FD49BFEEB97A450E5D055DC75E4FF0B7EAEAD7E67A1A90A8741130B8E1E655E32A33B2AD7CD004F6A38E325F5B07A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Preview: # . v3.14 "ko-KR" "Korean (...)"..l "en-US" "English (English)" 0x0409, 0x0809, 0x0c09, 0x1009, 0x1409, 0x1809, 0x1c09, 0x2009, 0x2409, 0x2809, 0x2c09, 0x3009, 0x3409, 0x3809, 0x3c09, 0x4009, 0x4409, 0x4809..v 3.14..t MSG_001 "Other instance detected"..t MSG_002 "Another Rufus application is running.\n"..."Please close the first application before running another one."..t MSG_003 "WARNING: ALL DATA ON DEVICE '%s' WILL BE DESTROYED.\n"..."To continue with this operation, click OK. To quit click CANCEL."..t MSG_004 "Rufus update policy"..t MSG_005 "Do you want to allow Rufus to check for application updates online?"..t MSG_006 "Close"..t MSG_007 "Cancel"..t MSG_008 "Yes"..t MSG_009 "No"..t MSG_010 "Bad blocks found"..t MSG_011 "Check completed: %d bad block(s) found\n"..." %d read error(s)\n %d write error(s)\n %d corruption error(s)"..t MSG_012 "%s\nA more detailed report can be found in:\n%s"..t MSG_013 "Disabled"..t MSG_014 "Daily"..t MSG_015 "Weekly"..t MSG_016 "Monthly"..
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Ruf62F4.tmp
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\rufus-3.14p.exe
                                                                                                                                                                                                                                  File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):1050378
                                                                                                                                                                                                                                  Entropy (8bit):6.380412282872303
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12288:2leTptPtqLcM6Cb//I2AxptVv0SdPgYRFKzcoeFKFFs3ZDlu/IApsDsiHgzhLcS2:20XM6CsT90SRGzBeFKFFs3ZDlu0anqB
                                                                                                                                                                                                                                  MD5:A5E75F38E202625661BAF5582912583F
                                                                                                                                                                                                                                  SHA1:55D149D862D5A3542883E3706C0A9EE8434DC238
                                                                                                                                                                                                                                  SHA-256:7A4FB90CE7332206F7F7E93055085BB55D5F27E42CE8DD84C5EC3873A0CB375D
                                                                                                                                                                                                                                  SHA-512:8CF6BEC72B32881F105AD6F212B9C7E7392FD49BFEEB97A450E5D055DC75E4FF0B7EAEAD7E67A1A90A8741130B8E1E655E32A33B2AD7CD004F6A38E325F5B07A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Preview: # . v3.14 "ko-KR" "Korean (...)"..l "en-US" "English (English)" 0x0409, 0x0809, 0x0c09, 0x1009, 0x1409, 0x1809, 0x1c09, 0x2009, 0x2409, 0x2809, 0x2c09, 0x3009, 0x3409, 0x3809, 0x3c09, 0x4009, 0x4409, 0x4809..v 3.14..t MSG_001 "Other instance detected"..t MSG_002 "Another Rufus application is running.\n"..."Please close the first application before running another one."..t MSG_003 "WARNING: ALL DATA ON DEVICE '%s' WILL BE DESTROYED.\n"..."To continue with this operation, click OK. To quit click CANCEL."..t MSG_004 "Rufus update policy"..t MSG_005 "Do you want to allow Rufus to check for application updates online?"..t MSG_006 "Close"..t MSG_007 "Cancel"..t MSG_008 "Yes"..t MSG_009 "No"..t MSG_010 "Bad blocks found"..t MSG_011 "Check completed: %d bad block(s) found\n"..." %d read error(s)\n %d write error(s)\n %d corruption error(s)"..t MSG_012 "%s\nA more detailed report can be found in:\n%s"..t MSG_013 "Disabled"..t MSG_014 "Daily"..t MSG_015 "Weekly"..t MSG_016 "Monthly"..
                                                                                                                                                                                                                                  C:\Users\user\Desktop\rufus.com
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\rufus-3.14p.exe
                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):2048
                                                                                                                                                                                                                                  Entropy (8bit):2.0422279901230667
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:12:eFGSG1JCKJy2BstteOlJmU7SGZr4VzBpAOLBv:eFGSsi2aeOlIU7SGR4lBpAWBv
                                                                                                                                                                                                                                  MD5:D7E5D3A09EBFA04C5E2EB9BF6EC9947B
                                                                                                                                                                                                                                  SHA1:3D9EBBDDA068D39033AAE44001EFD8909919458C
                                                                                                                                                                                                                                  SHA-256:5F819F6EAE4B5845C082EDF14CB389AB9805BC3C17440F3B5398D4FDD0079FFE
                                                                                                                                                                                                                                  SHA-512:3D9B13233F1E1A08BEA071524B0B8430240224654A049284E97BB0BCA80C7BC0DAB92EA47D846000E9377CE0D599D64AD600749DF4BB59C925BE177F53FCF3A7
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                  • Antivirus: Metadefender, Detection: 2%, Browse
                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                  • Filename: rufus-3.13.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus_3-4_fr_430321.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-3.13.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus_3-4_fr_430321.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-3.13.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-2.9.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-3.11.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-3.4p.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-portable-v3.10.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-portable-v3.9.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-3.9.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-3.9.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-3.9.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-3.5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-usb-3-3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-3.5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: rufus-3.5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  • Filename: Rufus 2.10.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K.z.K.z.K.z...'.H.z.K.{.N.z.K.z.J.z.B..J.z.RichK.z.................PE..L.....S..................................... ....@..........................0............................................... ..(.................................................................................... ...............................text............................... ..`.rdata....... ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                  C:\Users\user\Desktop\rufus.ini
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\rufus-3.14p.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):222
                                                                                                                                                                                                                                  Entropy (8bit):4.828427586061969
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:56TUBnJm2BnJmpB0jlmdXABnJmpB0jlmdX2rjqZ:DFTjqSTjq6jqZ
                                                                                                                                                                                                                                  MD5:3BDE2B347EA1765FC09C41A3863163FF
                                                                                                                                                                                                                                  SHA1:9CDA1B3BE44B1B8CEB8387037F4FF7FB7D1A9B88
                                                                                                                                                                                                                                  SHA-256:C0B147BC11F04B1034FF6DA7AEC1132EDDF156E63241D909EEB606A41CFBBBBF
                                                                                                                                                                                                                                  SHA-512:C40710A85C8B35189CE8337853F563E53909FA1AC8AD69594D0EA8DA3FDA982B08E4ACEDFBD41DB5DC416E84032E1745E59FC055B76F55EF883F1226666D416A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Preview: Locale = en-US..Locale = en-US..CommCheck64 = 5794515..Locale = en-US..CommCheck64 = 5794515..UpdateCheckInterval = 86400..Locale = en-US..CommCheck64 = 5794515..UpdateCheckInterval = 86400..LastUpdateCheck = 13266106753..
                                                                                                                                                                                                                                  C:\Users\user\Desktop\rufus.ini~
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\rufus-3.14p.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):222
                                                                                                                                                                                                                                  Entropy (8bit):4.828427586061969
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:6:56TUBnJm2BnJmpB0jlmdXABnJmpB0jlmdX2rjqZ:DFTjqSTjq6jqZ
                                                                                                                                                                                                                                  MD5:3BDE2B347EA1765FC09C41A3863163FF
                                                                                                                                                                                                                                  SHA1:9CDA1B3BE44B1B8CEB8387037F4FF7FB7D1A9B88
                                                                                                                                                                                                                                  SHA-256:C0B147BC11F04B1034FF6DA7AEC1132EDDF156E63241D909EEB606A41CFBBBBF
                                                                                                                                                                                                                                  SHA-512:C40710A85C8B35189CE8337853F563E53909FA1AC8AD69594D0EA8DA3FDA982B08E4ACEDFBD41DB5DC416E84032E1745E59FC055B76F55EF883F1226666D416A
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Preview: Locale = en-US..Locale = en-US..CommCheck64 = 5794515..Locale = en-US..CommCheck64 = 5794515..UpdateCheckInterval = 86400..Locale = en-US..CommCheck64 = 5794515..UpdateCheckInterval = 86400..LastUpdateCheck = 13266106753..
                                                                                                                                                                                                                                  C:\Windows\SysWOW64\GroupPolicy\gpt.ini
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\rufus-3.14p.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                  Entropy (8bit):3.9228287372391675
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:1EvdG3y:1AH
                                                                                                                                                                                                                                  MD5:39DFFC602ED934569F26BE44EC645814
                                                                                                                                                                                                                                  SHA1:40D9C2E74B8999AB8404D746E9DD219A58979813
                                                                                                                                                                                                                                  SHA-256:B57A88E5B1ACF3A784BE88B87FA3EE1F0991CB7C1C66DA423F3595FFC6E0C5C2
                                                                                                                                                                                                                                  SHA-512:02FB06F972BD37578B7788A8E8F26FE06C629FFB33A7590ACBD43F180CE2C3C4BA4D05E9047EB0978A3617E77A2EFC97CDBCDCBBFF81172B9D9F6BBED780B1AD
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                  Preview: [General]..AccessCheck=test..
                                                                                                                                                                                                                                  C:\Windows\System32\GroupPolicy\GPT.INI
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\rufus-3.14p.exe
                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):127
                                                                                                                                                                                                                                  Entropy (8bit):5.090003435843543
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:1ELGUAgKLMzY+eWgTckbnnkBfERvI3eovzFLsUov:1WsMzYHxbnKv3eoIv
                                                                                                                                                                                                                                  MD5:F9A49A3E2415016FA85DDFF0B8B38419
                                                                                                                                                                                                                                  SHA1:F8C987119269E58D22A6B17AE2E8ECA7744FB385
                                                                                                                                                                                                                                  SHA-256:14694DBEE3897B6BD5AA596EBFD893E727179B67811920C174DC70E6EEE8E579
                                                                                                                                                                                                                                  SHA-512:91EA129A51D2C3B342287C1250F5B0DA6BA2A61EFF11791D1CFAE1F5C6DD2654C935BE1452F4A681E794FD723A3C295E9BC9E59B9005AA4D8BD55ED36C9AD91C
                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                  Preview: [General]..gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{3D271CFC-2BC6-4AC2-B633-3BDFF5BDAB2A}]..Version=1..
                                                                                                                                                                                                                                  C:\Windows\System32\GroupPolicy\Machine\Registry.pol
                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\rufus-3.14p.exe
                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                  Size (bytes):190
                                                                                                                                                                                                                                  Entropy (8bit):3.2791226694111044
                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                  SSDEEP:3:CFlE3A5loWcNylRjlyWdl+Sli5lm+1XMRpvLZOal7EQlXYlWj0zG+EX8e7lll6zf:CFlEEoWcHWn+SkirHNblPl4Wj0S+fehW
                                                                                                                                                                                                                                  MD5:3679852D86D944EB0A0C1A29DC85E623
                                                                                                                                                                                                                                  SHA1:C8D898775714206A49355D1D7538E42F7235E2D9
                                                                                                                                                                                                                                  SHA-256:0372CB9877228AC59386A962D2E49B51F671E546A7BA112D43D6B2B15165AA7F
                                                                                                                                                                                                                                  SHA-512:6DA335F7F330DD75FED52BAB9A67442BF37AF876026B4C218F00F0264F068CBC865144546F3CFDFCE675DFDB3F2DABEBF55F6468A958AAF12E0396F22004EBD2
                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                  Preview: PReg....[.S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.C.u.r.r.e.n.t.V.e.r.s.i.o.n.\.P.o.l.i.c.i.e.s.\.E.x.p.l.o.r.e.r...;.N.o.D.r.i.v.e.T.y.p.e.A.u.t.o.r.u.n...;.....;.....;.....].

                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                                                                                                                                                                                                  Entropy (8bit):7.961230171156753
                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.66%
                                                                                                                                                                                                                                  • UPX compressed Win32 Executable (30571/9) 0.30%
                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                  File name:rufus-3.14p.exe
                                                                                                                                                                                                                                  File size:1173560
                                                                                                                                                                                                                                  MD5:c1df434cf15aeb31783e1144b8a30059
                                                                                                                                                                                                                                  SHA1:1c385ec41d5f20ab411bd20e792ad8e7da7feaf9
                                                                                                                                                                                                                                  SHA256:c0ccf4f480545b50169cc1f5bf92b357ce588520cb8534128200ca48fc6ae588
                                                                                                                                                                                                                                  SHA512:7dcdd37b831c3e6d54ea5cb74e5308ead0ac3a344a94f40d70b1ad72746a830d0109ed3ddebd4fa6dc8a3cd8352545dd81164a1cff6fdbbcc9ed3312ecbe76f4
                                                                                                                                                                                                                                  SSDEEP:24576:g8wnf/FU0nBI1gbXfrnSuEw239Bwyu+4WVIBjP0q/E8kw2hd27:g5NlBI1gbmHw+BLu+5Il8qpb2hU
                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......................$.0.......0#..V4..@#..p4...@.......................... 5.....39....@... ............................

                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                  Icon Hash:c8a2f0f074bc5e06

                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Entrypoint:0x7456c0
                                                                                                                                                                                                                                  Entrypoint Section:UPX1
                                                                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED
                                                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                                                                                  Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                                                                                                                                                                                  TLS Callbacks:0x7462a2
                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                  File Version Major:4
                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                  Import Hash:7326001be3ced77b153640be93a8dff6

                                                                                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                                                                                  Signature Valid:true
                                                                                                                                                                                                                                  Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                                                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                  Error Number:0
                                                                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                                                                  • 3/16/2018 1:00:00 AM 3/17/2022 12:59:59 AM
                                                                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                                                                  • CN=Akeo Consulting, O=Akeo Consulting, STREET=24 Grey Rock, L=Milford, S=Co. Donegal, PostalCode=F92 D667, C=IE
                                                                                                                                                                                                                                  Version:3
                                                                                                                                                                                                                                  Thumbprint MD5:F9C8FB79581036F731B006B6D27C675B
                                                                                                                                                                                                                                  Thumbprint SHA-1:9CE9A71CCAB3B38A74781B975F1C228222CF7D3B
                                                                                                                                                                                                                                  Thumbprint SHA-256:CBD2B4DD0DB817BDEBF29B54503423F71F4603D2D7309E757DC17C4660E37451
                                                                                                                                                                                                                                  Serial:24692663EF6C0C0A3B23CFA310C3649B
                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                  pushad
                                                                                                                                                                                                                                  mov esi, 00634015h
                                                                                                                                                                                                                                  lea edi, dword ptr [esi-00233015h]
                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                                                  lea ebx, dword ptr [esp-00003E80h]
                                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                  cmp esp, ebx
                                                                                                                                                                                                                                  jne 00007F15D87804BDh
                                                                                                                                                                                                                                  inc esi
                                                                                                                                                                                                                                  inc esi
                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                  push 00343C87h
                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                  add ebx, 04h
                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                  push 001116A1h
                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                  add ebx, 04h
                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                  mov dword ptr [ebx], 00020003h
                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                  sub esp, 7Ch
                                                                                                                                                                                                                                  mov edx, dword ptr [esp+00000090h]
                                                                                                                                                                                                                                  mov dword ptr [esp+74h], 00000000h
                                                                                                                                                                                                                                  mov byte ptr [esp+73h], 00000000h
                                                                                                                                                                                                                                  mov ebp, dword ptr [esp+0000009Ch]
                                                                                                                                                                                                                                  lea eax, dword ptr [edx+04h]
                                                                                                                                                                                                                                  mov dword ptr [esp+78h], eax
                                                                                                                                                                                                                                  mov eax, 00000001h
                                                                                                                                                                                                                                  movzx ecx, byte ptr [edx+02h]
                                                                                                                                                                                                                                  mov ebx, eax
                                                                                                                                                                                                                                  shl ebx, cl
                                                                                                                                                                                                                                  mov ecx, ebx
                                                                                                                                                                                                                                  dec ecx
                                                                                                                                                                                                                                  mov dword ptr [esp+6Ch], ecx
                                                                                                                                                                                                                                  movzx ecx, byte ptr [edx+01h]
                                                                                                                                                                                                                                  shl eax, cl
                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                  mov dword ptr [esp+68h], eax
                                                                                                                                                                                                                                  mov eax, dword ptr [esp+000000A8h]
                                                                                                                                                                                                                                  movzx esi, byte ptr [edx]
                                                                                                                                                                                                                                  mov dword ptr [ebp+00h], 00000000h
                                                                                                                                                                                                                                  mov dword ptr [esp+60h], 00000000h
                                                                                                                                                                                                                                  mov dword ptr [eax], 00000000h
                                                                                                                                                                                                                                  mov eax, 00000300h
                                                                                                                                                                                                                                  mov dword ptr [esp+64h], esi
                                                                                                                                                                                                                                  mov dword ptr [esp+5Ch], 00000001h
                                                                                                                                                                                                                                  mov dword ptr [esp+58h], 00000001h
                                                                                                                                                                                                                                  mov dword ptr [esp+54h], 00000001h
                                                                                                                                                                                                                                  mov dword ptr [esp+50h], 00000001h
                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3511900x304.rsrc
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x3470000xa190.rsrc
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x11cc000x1c38UPX0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x3514940x20.rsrc
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x3462c40x18UPX1
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                  UPX00x10000x2330000x0unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  UPX10x2340000x1130000x112400False0.99911067827data7.99973764367IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  .rsrc0x3470000xb0000xa600False0.295439570783data3.96284445539IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                                  RT_ICON0x347e840x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 4294961151
                                                                                                                                                                                                                                  RT_ICON0x34c0b00x25a8data
                                                                                                                                                                                                                                  RT_ICON0x34e65c0x10a8data
                                                                                                                                                                                                                                  RT_ICON0x34f7080x988data
                                                                                                                                                                                                                                  RT_ICON0x3500940x468GLS_BINARY_LSB_FIRST
                                                                                                                                                                                                                                  RT_DIALOG0x1274e80x95eempty
                                                                                                                                                                                                                                  RT_DIALOG0x127e480x13cempty
                                                                                                                                                                                                                                  RT_DIALOG0x127f880x1d6empty
                                                                                                                                                                                                                                  RT_DIALOG0x1281600x4f4empty
                                                                                                                                                                                                                                  RT_DIALOG0x1286580xacempty
                                                                                                                                                                                                                                  RT_DIALOG0x1287080xeaempty
                                                                                                                                                                                                                                  RT_DIALOG0x1287f80x252empty
                                                                                                                                                                                                                                  RT_DIALOG0x128a500x330empty
                                                                                                                                                                                                                                  RT_DIALOG0x128d800x1b0empty
                                                                                                                                                                                                                                  RT_DIALOG0x128f300x3e2empty
                                                                                                                                                                                                                                  RT_RCDATA0x1293180x26aempty
                                                                                                                                                                                                                                  RT_RCDATA0x1295880x1a5empty
                                                                                                                                                                                                                                  RT_RCDATA0x1297300xcfempty
                                                                                                                                                                                                                                  RT_RCDATA0x1298000x73empty
                                                                                                                                                                                                                                  RT_RCDATA0x1298780xbfempty
                                                                                                                                                                                                                                  RT_RCDATA0x1299380x1f6empty
                                                                                                                                                                                                                                  RT_RCDATA0x129b300x33bempty
                                                                                                                                                                                                                                  RT_RCDATA0x129e700x1f0empty
                                                                                                                                                                                                                                  RT_RCDATA0x12a0600x181empty
                                                                                                                                                                                                                                  RT_RCDATA0x12a1e80xdaempty
                                                                                                                                                                                                                                  RT_RCDATA0x12a2c80x154empty
                                                                                                                                                                                                                                  RT_RCDATA0x12a4200x279empty
                                                                                                                                                                                                                                  RT_RCDATA0x12a6a00x430empty
                                                                                                                                                                                                                                  RT_RCDATA0x12aad00x2dcempty
                                                                                                                                                                                                                                  RT_RCDATA0x12adb00x120empty
                                                                                                                                                                                                                                  RT_RCDATA0x12aed00x7dempty
                                                                                                                                                                                                                                  RT_RCDATA0x12af500x10dempty
                                                                                                                                                                                                                                  RT_RCDATA0x12b0600x366empty
                                                                                                                                                                                                                                  RT_RCDATA0x12b3c80x10581empty
                                                                                                                                                                                                                                  RT_RCDATA0x13b9500xb65dempty
                                                                                                                                                                                                                                  RT_RCDATA0x146fb00xe43empty
                                                                                                                                                                                                                                  RT_RCDATA0x147df80x2cb6empty
                                                                                                                                                                                                                                  RT_RCDATA0x14aab00x3f74empty
                                                                                                                                                                                                                                  RT_RCDATA0x14ea280x9da8empty
                                                                                                                                                                                                                                  RT_RCDATA0x1587d00x7436empty
                                                                                                                                                                                                                                  RT_RCDATA0x15fc080x7db2empty
                                                                                                                                                                                                                                  RT_RCDATA0x1679c00x3331empty
                                                                                                                                                                                                                                  RT_RCDATA0x16acf80x1940empty
                                                                                                                                                                                                                                  RT_RCDATA0x16c6380x1b93empty
                                                                                                                                                                                                                                  RT_RCDATA0x16e1d00x155dempty
                                                                                                                                                                                                                                  RT_RCDATA0x16f7300x114fempty
                                                                                                                                                                                                                                  RT_RCDATA0x1708800x1c31empty
                                                                                                                                                                                                                                  RT_RCDATA0x1724b80x1cf1empty
                                                                                                                                                                                                                                  RT_RCDATA0x1741b00x150bempty
                                                                                                                                                                                                                                  RT_RCDATA0x1756c00x1b3dempty
                                                                                                                                                                                                                                  RT_RCDATA0x1772000x1699empty
                                                                                                                                                                                                                                  RT_RCDATA0x1788a00x15a7empty
                                                                                                                                                                                                                                  RT_RCDATA0x179e480x1c3cempty
                                                                                                                                                                                                                                  RT_RCDATA0x17ba880x1fb7empty
                                                                                                                                                                                                                                  RT_RCDATA0x17da400x1889empty
                                                                                                                                                                                                                                  RT_RCDATA0x17f2d00x1e4eempty
                                                                                                                                                                                                                                  RT_RCDATA0x1811200x193aempty
                                                                                                                                                                                                                                  RT_RCDATA0x182a600x1e71empty
                                                                                                                                                                                                                                  RT_RCDATA0x1848d80x22e1empty
                                                                                                                                                                                                                                  RT_RCDATA0x186bc00x1426empty
                                                                                                                                                                                                                                  RT_RCDATA0x187fe80x200empty
                                                                                                                                                                                                                                  RT_RCDATA0x1881e80x8e88empty
                                                                                                                                                                                                                                  RT_RCDATA0x1910700x200empty
                                                                                                                                                                                                                                  RT_RCDATA0x1912700x10a19empty
                                                                                                                                                                                                                                  RT_RCDATA0x1a1c900x855cempty
                                                                                                                                                                                                                                  RT_RCDATA0x1aa1f00x2000empty
                                                                                                                                                                                                                                  RT_RCDATA0x1ac1f00x7cfeempty
                                                                                                                                                                                                                                  RT_RCDATA0x1b3ef00x4f1empty
                                                                                                                                                                                                                                  RT_RCDATA0x1b43e80x10070aempty
                                                                                                                                                                                                                                  RT_RCDATA0x2b4af80x800data
                                                                                                                                                                                                                                  RT_RCDATA0x2b52f80x80000data
                                                                                                                                                                                                                                  RT_GROUP_ICON0x3505000x4cdata
                                                                                                                                                                                                                                  RT_VERSION0x3505500x37cdata
                                                                                                                                                                                                                                  RT_MANIFEST0x3508d00x8beXML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                  ADVAPI32.dllFreeSid
                                                                                                                                                                                                                                  COMCTL32.DLLImageList_Create
                                                                                                                                                                                                                                  COMDLG32.DLLGetOpenFileNameW
                                                                                                                                                                                                                                  CRYPT32.dllCryptMsgClose
                                                                                                                                                                                                                                  GDI32.dllLineTo
                                                                                                                                                                                                                                  KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                                                                                                                                                                                                                                  msvcrt.dll_iob
                                                                                                                                                                                                                                  ole32.dllCoCreateGuid
                                                                                                                                                                                                                                  SETUPAPI.dllCM_Get_Child
                                                                                                                                                                                                                                  SHELL32.dllShellExecuteA
                                                                                                                                                                                                                                  SHLWAPI.dllwnsprintfW
                                                                                                                                                                                                                                  USER32.dllGetDC
                                                                                                                                                                                                                                  WINTRUST.dllWinVerifyTrustEx
                                                                                                                                                                                                                                  DescriptionData
                                                                                                                                                                                                                                  LegalCopyright 2011-2021 Pete Batard (GPL v3)
                                                                                                                                                                                                                                  InternalNameRufus
                                                                                                                                                                                                                                  FileVersion3.14.1788
                                                                                                                                                                                                                                  CompanyNameAkeo Consulting
                                                                                                                                                                                                                                  LegalTrademarkshttps://www.gnu.org/licenses/gpl-3.0.html
                                                                                                                                                                                                                                  Commentshttps://rufus.ie
                                                                                                                                                                                                                                  ProductNameRufus
                                                                                                                                                                                                                                  ProductVersion3.14.1788
                                                                                                                                                                                                                                  FileDescriptionRufus
                                                                                                                                                                                                                                  OriginalFilenamerufus-3.14.exe
                                                                                                                                                                                                                                  Translation0x0000 0x04b0

                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                  • Total Packets: 92
                                                                                                                                                                                                                                  • 443 (HTTPS)
                                                                                                                                                                                                                                  • 53 (DNS)
                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.020220995 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.064358950 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.064553976 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.093904972 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.137965918 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.139271975 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.139303923 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.139323950 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.139353991 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.139393091 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.280879021 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.325328112 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.325531006 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.544962883 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.547265053 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.589083910 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.589214087 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.591573954 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.592170954 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.592253923 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.679172993 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.717772007 CEST49746443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.759175062 CEST44349746140.82.121.3192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.759278059 CEST49746443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.760317087 CEST49746443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.801884890 CEST44349746140.82.121.3192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.801893950 CEST44349746140.82.121.3192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.801981926 CEST49746443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.824939966 CEST49746443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.868889093 CEST44349746140.82.121.3192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.868972063 CEST49746443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.871081114 CEST49746443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.871191025 CEST49746443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.912444115 CEST44349746140.82.121.3192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.912558079 CEST49746443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.912874937 CEST49746443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.913825989 CEST44349746140.82.121.3192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.913851023 CEST44349746140.82.121.3192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.913867950 CEST44349746140.82.121.3192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.913887024 CEST44349746140.82.121.3192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.913924932 CEST49746443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.913976908 CEST49746443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.000866890 CEST44349746140.82.121.3192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.020771027 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.064757109 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.064883947 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.065583944 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.109559059 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.110976934 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.111013889 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.111035109 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.111068964 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.111099958 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.125333071 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.170111895 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.170269012 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.171787024 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.171849012 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.215816021 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.216094971 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.216223955 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.216474056 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217040062 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217163086 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217179060 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217190027 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217214108 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217225075 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217238903 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217262030 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217262030 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217278004 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217288017 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217294931 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217327118 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.217350960 CEST49748443192.168.2.4185.199.109.154
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.307919979 CEST44349748185.199.109.154192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.350042105 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.394062042 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.395098925 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.395157099 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.395175934 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.395194054 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.395206928 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.395309925 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.395363092 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.395370960 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.397190094 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.456417084 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.456444979 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.456458092 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.456470966 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.456629038 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.456685066 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.458226919 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.458353996 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.458456993 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.458548069 CEST49745443192.168.2.4185.199.110.153
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.503892899 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:13.505064011 CEST44349745185.199.110.153192.168.2.4
                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                  May 21, 2021 23:38:34.876351118 CEST6238953192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:34.952224016 CEST53623898.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:35.053282976 CEST4991053192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:35.107882977 CEST53499108.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:36.169996977 CEST5585453192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:36.222067118 CEST53558548.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:37.259495020 CEST6454953192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:37.309348106 CEST53645498.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:38.337084055 CEST6315353192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:38.395374060 CEST53631538.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:39.017751932 CEST5299153192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:39.077207088 CEST53529918.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:39.956604958 CEST5370053192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:40.006114006 CEST53537008.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:41.151401043 CEST5172653192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:41.202150106 CEST53517268.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:42.362709999 CEST5679453192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:42.415198088 CEST53567948.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:43.924002886 CEST5653453192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:43.977313042 CEST53565348.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:47.336246967 CEST5662753192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:47.385548115 CEST53566278.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:49.179631948 CEST5662153192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:49.229218006 CEST53566218.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:50.777450085 CEST6311653192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:50.826862097 CEST53631168.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:52.261770010 CEST6407853192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:52.319508076 CEST53640788.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:53.415143967 CEST6480153192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:53.473680019 CEST53648018.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:54.596632004 CEST6172153192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:54.650942087 CEST53617218.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:55.877749920 CEST5125553192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:55.928312063 CEST53512558.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:56.938255072 CEST6152253192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.000113010 CEST53615228.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.649425983 CEST5233753192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.713906050 CEST53523378.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.829183102 CEST5504653192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.883619070 CEST53550468.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.956829071 CEST4961253192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.017570019 CEST53496128.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:02.125274897 CEST4928553192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:02.187629938 CEST53492858.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:03.216007948 CEST5060153192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:03.265439987 CEST53506018.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:04.289550066 CEST6087553192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:04.342093945 CEST53608758.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:09.732098103 CEST5644853192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:09.801233053 CEST53564488.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:21.452508926 CEST5917253192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:21.521725893 CEST53591728.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:32.971236944 CEST6242053192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:33.033637047 CEST53624208.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:33.686220884 CEST6057953192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:33.746915102 CEST53605798.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:34.356216908 CEST5018353192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:34.405659914 CEST53501838.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:34.872829914 CEST6153153192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:34.931299925 CEST53615318.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:35.568346024 CEST4922853192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:35.573966026 CEST5979453192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:35.620893002 CEST53492288.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:35.646933079 CEST53597948.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:36.460649967 CEST5591653192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:36.521478891 CEST53559168.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:37.890412092 CEST5275253192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:37.940020084 CEST53527528.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:39.924572945 CEST6054253192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:39.984623909 CEST53605428.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:40.874274015 CEST6068953192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:40.923599958 CEST53606898.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:41.372014999 CEST6420653192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:41.421391010 CEST53642068.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:39:48.552067995 CEST5090453192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:39:48.611100912 CEST53509048.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:40:24.821425915 CEST5752553192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:40:24.882407904 CEST53575258.8.8.8192.168.2.4
                                                                                                                                                                                                                                  May 21, 2021 23:40:26.746659994 CEST5381453192.168.2.48.8.8.8
                                                                                                                                                                                                                                  May 21, 2021 23:40:26.822731972 CEST53538148.8.8.8192.168.2.4

                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                                                  May 21, 2021 23:38:56.938255072 CEST192.168.2.48.8.8.80xa933Standard query (0)rufus.ieA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.649425983 CEST192.168.2.48.8.8.80x802aStandard query (0)github.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.956829071 CEST192.168.2.48.8.8.80x2dc0Standard query (0)github-releases.githubusercontent.comA (IP address)IN (0x0001)

                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.000113010 CEST8.8.8.8192.168.2.40xa933No error (0)rufus.ie185.199.110.153A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.000113010 CEST8.8.8.8192.168.2.40xa933No error (0)rufus.ie185.199.111.153A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.000113010 CEST8.8.8.8192.168.2.40xa933No error (0)rufus.ie185.199.108.153A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.000113010 CEST8.8.8.8192.168.2.40xa933No error (0)rufus.ie185.199.109.153A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.713906050 CEST8.8.8.8192.168.2.40x802aNo error (0)github.com140.82.121.3A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.017570019 CEST8.8.8.8192.168.2.40x2dc0No error (0)github-releases.githubusercontent.com185.199.109.154A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.017570019 CEST8.8.8.8192.168.2.40x2dc0No error (0)github-releases.githubusercontent.com185.199.110.154A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.017570019 CEST8.8.8.8192.168.2.40x2dc0No error (0)github-releases.githubusercontent.com185.199.111.154A (IP address)IN (0x0001)
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.017570019 CEST8.8.8.8192.168.2.40x2dc0No error (0)github-releases.githubusercontent.com185.199.108.154A (IP address)IN (0x0001)

                                                                                                                                                                                                                                  HTTPS Packets

                                                                                                                                                                                                                                  TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.139303923 CEST185.199.110.153443192.168.2.449745CN=rufus.ie CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Sat Apr 03 20:16:10 CEST 2021 Wed Oct 07 21:21:40 CEST 2020Fri Jul 02 20:16:10 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-65281,29-23-24,06271f898ce5be7dd52b0fc260d0662b3
                                                                                                                                                                                                                                  CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                                                                                                                                                  May 21, 2021 23:38:57.801893950 CEST140.82.121.3443192.168.2.449746CN=github.com, O="GitHub, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert High Assurance TLS Hybrid ECC SHA256 2020 CA1, O="DigiCert, Inc.", C=USCN=DigiCert High Assurance TLS Hybrid ECC SHA256 2020 CA1, O="DigiCert, Inc.", C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Mar 25 01:00:00 CET 2021 Thu Dec 17 01:00:00 CET 2020Thu Mar 31 01:59:59 CEST 2022 Tue Dec 17 00:59:59 CET 2030771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-65281,29-23-24,06271f898ce5be7dd52b0fc260d0662b3
                                                                                                                                                                                                                                  CN=DigiCert High Assurance TLS Hybrid ECC SHA256 2020 CA1, O="DigiCert, Inc.", C=USCN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Dec 17 01:00:00 CET 2020Tue Dec 17 00:59:59 CET 2030
                                                                                                                                                                                                                                  May 21, 2021 23:38:58.111035109 CEST185.199.109.154443192.168.2.449748CN=www.github.com, O="GitHub, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USWed May 06 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013Thu Apr 14 14:00:00 CEST 2022 Sun Oct 22 14:00:00 CEST 2028771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-65281,29-23-24,06271f898ce5be7dd52b0fc260d0662b3
                                                                                                                                                                                                                                  CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USTue Oct 22 14:00:00 CEST 2013Sun Oct 22 14:00:00 CEST 2028

                                                                                                                                                                                                                                  Code Manipulations

                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                  Analysis Process: rufus-3.14p.exe PID: 6836 Parent PID: 6044

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:23:38:42
                                                                                                                                                                                                                                  Start date:21/05/2021
                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\rufus-3.14p.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:'C:\Users\user\Desktop\rufus-3.14p.exe'
                                                                                                                                                                                                                                  Imagebase:0xd10000
                                                                                                                                                                                                                                  File size:1173560 bytes
                                                                                                                                                                                                                                  MD5 hash:C1DF434CF15AEB31783E1144B8A30059
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Show Windows behavior

                                                                                                                                                                                                                                  File Activities

                                                                                                                                                                                                                                  Show Windows behavior

                                                                                                                                                                                                                                  Registry Activities

                                                                                                                                                                                                                                  Analysis Process: rufus-3.14p.exe PID: 6872 Parent PID: 3424

                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                  Start time:23:38:43
                                                                                                                                                                                                                                  Start date:21/05/2021
                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\rufus-3.14p.exe
                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                  Commandline:'C:\Users\user\Desktop\rufus-3.14p.exe'
                                                                                                                                                                                                                                  Imagebase:0xd10000
                                                                                                                                                                                                                                  File size:1173560 bytes
                                                                                                                                                                                                                                  MD5 hash:C1DF434CF15AEB31783E1144B8A30059
                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                  Show Windows behavior

                                                                                                                                                                                                                                  File Activities

                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                  Code Analysis