Windows Analysis Report
https://therufus.org/download.php

Overview

General Information

Sample URL: https://therufus.org/download.php
Analysis ID: 1431972
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Changes autostart functionality of drives
Disable Windows Defender real time protection (registry)
Modifies Group Policy settings
Contains functionality to communicate with device drivers
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Detected potential crypto function
Drops PE files
Enables debug privileges
Enables driver privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May infect USB drives
PE file contains an invalid checksum
PE file does not import any functions
PE file overlay found
Queries device information via Setup API
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED3FB1F0 RegOpenKeyExA,CryptDecodeObjectEx, 11_2_00007FF6ED3FB1F0
Source: unknown HTTPS traffic detected: 35.186.224.25:443 -> 192.168.11.20:50257 version: TLS 1.2
Source: Binary string: Warning: Could not read file pointer %sCould not set file pointer - AbortingWarning: Possible short writeWrote %d bytes but requested %dWrite error %sRetrying in %d seconds...NtdllNtCreateFileRtlDosPathNameToNtPathNameWRtlFreeHeapRtlSetLastWin32ErrorAndNtStatusFromNtStatusDbgHelpSymInitializeSymLoadModuleExSymUnloadModule64SymEnumSymbolsSymCleanup.pdbCould not find debug info in '%s'%s@%s%x:%sSOFTWAREAkeo Consulting\Rufus%s\%shttp://msdl.microsoft.com/download/symbols/%s/%s%x/%sMicrosoft-Symbol-Server/10.0.22621.755Could not initialize DLL symbol handlerbase_address == DEFAULT_BASE_ADDRESS*!*%dregistry.hstrchr(key_name, '\\') == NULLSOFTWARE\Akeo Consulting\Rufus source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp

Spreading
barindex
Changes autostart functionality of drives
Source: C:\Users\user\Downloads\rufus-4.4.exe Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DE605FE2-09C4-4631-B97D-8938F5DCD9EB}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutorun Jump to behavior
May infect USB drives
Source: rufus-4.4.exe Binary or memory string: autorun.inf
Source: rufus-4.4.exe Binary or memory string: %sautorun.inf
Source: rufus-4.4.exe Binary or memory string: kera boot" t MSG_165 "Klik untuk memilih atau memuat turun imej..." t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)" t MSG_167 "Memasang MBR yang membenarkan pilihan boot dan
Source: rufus-4.4.exe Binary or memory string: [autorun] icon = autorun.ico label = %s
Source: rufus-4.4.exe Binary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-4.4.exe Binary or memory string: autorun.inf
Source: rufus-4.4.exe Binary or memory string: autorun.inf
Source: rufus-4.4.exe Binary or memory string: (autorun.inf )." t MSG_167 " BIOS USB
Source: rufus-4.4.exe Binary or memory string: 164 "Method that will be used to make the drive bootable" t MSG_165 "Click to select or download an image..." t MSG_166 "Check this box to allow the display of international labels " "and set a device icon (creates an autorun.inf)" t MSG_167 "Install an M
Source: rufus-4.4.exe Binary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)" t MSG_167 "Menginstal MBR memungkinkan untuk boot dan dapat memanipulasi ID perangkat USB di BIOS" t MSG_168 "Mencoba menyamarkan perangka
Source: rufus-4.4.exe Binary or memory string: stellen (maakt een autorun.inf aan)" t MSG_167 "Installeert een MBR die een opstartselectie toestaat en de BIOS USB-drive ID kan verbergen" t MSG_168 "Probeert de eerste opstartbare USB drive (gewoonlijk 0x80) voor te laten doen als een andere schijf.\nDit
Source: rufus-4.4.exe Binary or memory string: ( autorun.inf)" t MSG_167 " Rufus MBR BIOS USB ID" t
Source: rufus-4.4.exe Binary or memory string: Ignoring 'autorun.inf' label for drive %c: No media
Source: rufus-4.4.exe Binary or memory string: Using 'autorun.inf' label for drive %c: '%s'
Source: rufus-4.4.exe Binary or memory string: [autorun]icon = autorun.icolabel = %s
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: "and set a device icon (creates an autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacionalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: m souboru autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: e un fichier autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: hoz (egy autorun.inf f
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: un file autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: autorun.inf
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: (autorun.inf
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: (sukuria autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: autorun.inf"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: dzenia (tworzy plik autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: ier autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: uje autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: boru autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: autorun.inf
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: t simgesini belirleyin (autorun.inf olu
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: o autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68343560865.0000026DEC0C5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Ignoring 'autorun.inf' label for drive %c: No media
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Using 'autorun.inf' label for drive %c: '%s'
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Unable to load '%S.dll': %sNtQueryVolumeInformationFileGetLogicalDriveStrings failed: %sGetLogicalDriveStrings: Buffer too small (required %lu vs. %zu)\\.\%c:Warning: Time-out while trying to query drive %cFailed to get a drive letterNo drive letter was assigned...ABORTED: Cannot use an image that is located on the target drive!Failed to delete mountpoint %s: %sNO_LABELlabelIgnoring 'autorun.inf' label for drive %c: No mediaUsing 'autorun.inf' label for drive %c: '%s'%s does not have a Boot Marker%s has a %s Master Boot Record%s has an unknown Master Boot RecordPartition Boot RecordVolume does not have an x86 %sDrive has a %s %sVolume has an unknown FAT16 or FAT32 %sVolume has an unknown %sCould not get layout for drive 0x%02x: %s(Unrecognized)UDFISO9660APFSHFS/HFS+extext2ext3ext4CD001NXSBBEA01exFATNTFSReFSFATFAT12FAT16FAT32Could not unmount drive: %sCould not mount %s as %c:%s was successfully mounted as %c:%s is already mounted, but volume GUID could not be checked: %s%s is mounted, but volume GUID doesn't match:
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: %sautorun.inf
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: ?iconUnable to create icon '%s': %s.Could not write icon header: %s.Could not write ICONDIRENTRY[%d]: %s.Could not write ICONDIRENTRY[%d] offset: %s.Could not write icon data #%d: %s.Created: %s%sautorun.infr%s already exists - keeping itw, ccs=UTF-16LEUnable to create %sNOTE: This may be caused by a poorly designed security solution. See https://goo.gl/QTobxX.; Created by %s
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: [autorun]
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: autorun.inf
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Error allocating file name%s%s/%sRufus%s/syslinux-%s/%s Replaced with local version %s Could not replace file: %s File name sanitized to '%s' Unable to create file: %sautorun.inf NOTE: This is usually caused by a poorly designed security solution. See https://bit.ly/40qDtyF.
Source: rufus-4.4.exe, 0000000B.00000002.68343762638.0000026DEDBDF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)Y*V
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Download ISO Image use the "slow" format methodMethod that will be used to make the drive bootableClick to select or download an image...Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)Install an MBR that allows boot selection and can masquerade the BIOS USB drive IDTry to masquerade first bootable USB drive (usually 0x80) as a different disk.
Source: RufA552.tmp.11.dr Binary or memory string: "and set a device icon (creates an autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacionalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: m souboru autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: RufA552.tmp.11.dr Binary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: RufA552.tmp.11.dr Binary or memory string: e un fichier autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: hoz (egy autorun.inf f
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: un file autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: autorun.inf
Source: RufA552.tmp.11.dr Binary or memory string: (autorun.inf
Source: RufA552.tmp.11.dr Binary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: (sukuria autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: autorun.inf"
Source: RufA552.tmp.11.dr Binary or memory string: dzenia (tworzy plik autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: ier autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: uje autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: boru autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: RufA552.tmp.11.dr Binary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: RufA552.tmp.11.dr Binary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: RufA552.tmp.11.dr Binary or memory string: autorun.inf
Source: RufA552.tmp.11.dr Binary or memory string: t simgesini belirleyin (autorun.inf olu
Source: RufA552.tmp.11.dr Binary or memory string: o autorun.inf)"
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E967D GetLogicalDriveStringsA,strlen,isalpha,toupper, 11_2_00007FF6ED2E967D
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 4x nop then sub rsp, 58h 11_2_00007FF6ED3565D0
Source: unknown TCP traffic detected without corresponding DNS query: 23.34.240.112
Source: unknown TCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknown TCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknown TCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknown TCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknown TCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknown TCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknown TCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknown TCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknown TCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknown TCP traffic detected without corresponding DNS query: 23.34.240.112
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /v1/live-tile-xml?region=GB&language=en-US HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WNS/10.0Host: spclient.wg.spotify.com
Source: global traffic HTTP traffic detected: GET /download.php HTTP/1.1Host: therufus.orgConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pbatard/rufus/releases/download/v4.4/rufus-4.4.exe HTTP/1.1Host: github.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /github-production-release-asset-2e65be/2810292/86098259-c57e-4f5d-acc1-ae1e048249df?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240426%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240426T040419Z&X-Amz-Expires=300&X-Amz-Signature=0a2156a5ca26c205fdafcce2ab334e233c3be06af637278db1f2ef1ee5c54c27&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=2810292&response-content-disposition=attachment%3B%20filename%3Drufus-4.4.exe&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: therufus.org
Source: global traffic DNS traffic detected: DNS query: github.com
Source: global traffic DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic TCP traffic: 192.168.11.20:50401 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:50401 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:50401 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:50401 -> 239.255.255.250:1900
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: http://e2fsprogs.sourceforge.net/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: http://freedos.sourceforge.net/freecom
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: http://fsf.org/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp, RufA552.tmp.11.dr String found in binary or memory: http://halamix2.pl
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: http://ms-sys.sourceforge.net/
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: http://ocsp.comodoca.com0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: http://ocsp.sectigo.com0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: http://ocsp.sectigo.com0$
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: http://s.symcd.com06
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://7-zip.org/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://7-zip.org/openESPWarning:
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://axialis.com/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://bit.ly/40qDtyF.
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: https://d.symcb.com/cps0%
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: https://d.symcb.com/rpa0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: https://d.symcb.com/rpa0.
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://gist.github.com/mattifestation/92e545bf1ee5b68eeb71d254cec2f78e
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp, RufA552.tmp.11.dr String found in binary or memory: https://github.com/Chocobo1
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp, RufA552.tmp.11.dr String found in binary or memory: https://github.com/SiderealArt
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://github.com/chenall/grub4dos
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp, RufA552.tmp.11.dr String found in binary or memory: https://github.com/cupofocha
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://github.com/kokke/tiny-regex-c
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://github.com/libtom/libtomcrypt
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://github.com/pbatard/Fido
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://github.com/pbatard/bled
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://github.com/pbatard/rufus/blob/master/res/loc/ChangeLog.txt
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://github.com/pbatard/rufus/issues
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://github.com/pbatard/rufus/wiki/FAQ#bsods-with-windows-to-go-drives-created-from-windows-10-18
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://github.com/pbatard/uefi-ntfs.
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://github.com/u-boot/u-boot
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://github.com/weidai11/cryptopp/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://goo.gl/QTobxX.
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://goo.gl/QTobxX.;
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://kolibrios.org/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: https://rufus.ie
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://rufus.ie).
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://rufus.ie/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://rufus.ie/CheckForBetashttps://rufus.ieUsing
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://rufus.ie/Fido.ver
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://rufus.ie/files
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://rufus.ie/files%s/%s-%s/%sGrub2%s
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://rufus.ieRufusRunning
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://rufus.ieopen321Failed
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: https://sectigo.com/CPS0
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://sourceforge.net/projects/smartmontools
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://svn.reactos.org/reactos/trunk
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://svn.reactos.org/reactos/trunk/reactos/dll/win32/fmifs
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://syslinux.org/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://systeminformer.sourceforge.io/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://tortoisegit.org/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://tortoisesvn.net/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://un.akeo.ie
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://winscp.net/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://www.busybox.net/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://www.codeguru.com/forum/showthread.php?p=1951973
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://www.freedos.org/
Source: rufus-4.4.exe, 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmp, rufus-4.4.exe, 0000000B.00000000.68277865502.00007FF6ED6B4000.00000008.00000001.01000000.00000006.sdmp, Unconfirmed 379648.crdownload.0.dr String found in binary or memory: https://www.gnu.org/licenses/gpl-3.0.htmlD
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://www.gnu.org/software/fdisk
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://www.gnu.org/software/grub
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://www.gnu.org/software/libcdio
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://www.gnu.org/software/wget
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://www.gnupg.org/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp String found in binary or memory: https://www.reactos.org/
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50820
Source: unknown Network traffic detected: HTTP traffic on port 54944 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50525
Source: unknown Network traffic detected: HTTP traffic on port 61436 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50525 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54944
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50257
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 61436
Source: unknown Network traffic detected: HTTP traffic on port 49316 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 61836
Source: unknown Network traffic detected: HTTP traffic on port 50820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50257 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49316
Source: unknown Network traffic detected: HTTP traffic on port 58808 -> 443
Source: unknown HTTPS traffic detected: 35.186.224.25:443 -> 192.168.11.20:50257 version: TLS 1.2
Contains functionality to communicate with device drivers
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E7B9D: CreateFileA,DeviceIoControl,CloseHandle, 11_2_00007FF6ED2E7B9D
Detected potential crypto function
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E309E 11_2_00007FF6ED2E309E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E2B39 11_2_00007FF6ED2E2B39
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E7E71 11_2_00007FF6ED2E7E71
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E266D 11_2_00007FF6ED2E266D
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2ED664 11_2_00007FF6ED2ED664
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2FC662 11_2_00007FF6ED2FC662
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED32770E 11_2_00007FF6ED32770E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2EBF05 11_2_00007FF6ED2EBF05
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E6D50 11_2_00007FF6ED2E6D50
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED325DE4 11_2_00007FF6ED325DE4
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED329DEC 11_2_00007FF6ED329DEC
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED328092 11_2_00007FF6ED328092
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2EA055 11_2_00007FF6ED2EA055
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2FC041 11_2_00007FF6ED2FC041
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED3040AC 11_2_00007FF6ED3040AC
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2F88A0 11_2_00007FF6ED2F88A0
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2EB09D 11_2_00007FF6ED2EB09D
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED3250DA 11_2_00007FF6ED3250DA
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E98FE 11_2_00007FF6ED2E98FE
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED3278EC 11_2_00007FF6ED3278EC
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E7748 11_2_00007FF6ED2E7748
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2FB828 11_2_00007FF6ED2FB828
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED3FB7C8 11_2_00007FF6ED3FB7C8
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E1A5D 11_2_00007FF6ED2E1A5D
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED32B17D 11_2_00007FF6ED32B17D
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2EA96E 11_2_00007FF6ED2EA96E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E397C 11_2_00007FF6ED2E397C
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED317223 11_2_00007FF6ED317223
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED347235 11_2_00007FF6ED347235
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E9230 11_2_00007FF6ED2E9230
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED303CE5 11_2_00007FF6ED303CE5
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED3034FB 11_2_00007FF6ED3034FB
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2FBB98 11_2_00007FF6ED2FBB98
Enables driver privileges
Source: C:\Users\user\Downloads\rufus-4.4.exe Process token adjusted: Load Driver Jump to behavior
Found potential string decryption / allocating functions
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: String function: 00007FF6ED358E38 appears 262 times
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: String function: 00007FF6ED3FB970 appears 161 times
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: String function: 00007FF6ED2E5980 appears 129 times
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: String function: 00007FF6ED358E28 appears 137 times
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: String function: 00007FF6ED3FB550 appears 120 times
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: String function: 00007FF6ED318339 appears 1068 times
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: String function: 00007FF6ED2E59C9 appears 120 times
PE file does not import any functions
Source: a334bdac-aeb5-4013-986b-f4215f2d5b31.tmp.0.dr Static PE information: No import functions for PE file found
PE file overlay found
Source: a334bdac-aeb5-4013-986b-f4215f2d5b31.tmp.0.dr Static PE information: Data appended to the last section found
Source: a334bdac-aeb5-4013-986b-f4215f2d5b31.tmp.0.dr Static PE information: Section: UPX1 ZLIB complexity 1.0006930443548387
Source: Unconfirmed 379648.crdownload.0.dr Static PE information: Section: UPX1 ZLIB complexity 0.9991053006769288
Source: classification engine Classification label: mal52.spre.evad.win@35/6@6/6
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED317E90 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, 11_2_00007FF6ED317E90
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED3170E1 FindResourceA,LoadResource,SizeofResource,_calloc_dbg,LockResource,LockResource, 11_2_00007FF6ED3170E1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\a334bdac-aeb5-4013-986b-f4215f2d5b31.tmp Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Mutant created: \Sessions\1\BaseNamedObjects\Global/Rufus
Source: C:\Users\user\Downloads\rufus-4.4.exe File created: C:\Users\user\AppData\Local\Temp\RufA552.tmp Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe File read: C:\Windows\System32\GroupPolicy\gpt.ini Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: rufus-4.4.exe String found in binary or memory: /loader/entries
Source: rufus-4.4.exe String found in binary or memory: /boot/i386/loader/isolinux.cfg
Source: rufus-4.4.exe String found in binary or memory: /boot/x86_64/loader/isolinux.cfg
Source: rufus-4.4.exe String found in binary or memory: :size Sets maximum size of line edit buffer (default:128) /MACROS Displays all DOSKey macros /OVERSTRIKE Overwrites new characters onto line when typing (default) /REINSTALL Installs a new copy of DOSKey macroname Specifie
Source: rufus-4.4.exe String found in binary or memory: gen worden als het bestand al bestaat. Als er geen bestand online wordt gevonden, dan zal de standaard versie worden gebruikt." t MSG_117 "Standaard Windows-installatie" t MSG_119 "geavanceerde eigenschappen van drive" t MSG_120 "geavanceerde opties voor fo
Source: rufus-4.4.exe String found in binary or memory: s-installatie aanpassen?" t MSG_329 "Verwijder de vereiste voor 4GB+ RAM, Secure Boot en TPM 2.0" t MSG_330 "Verwijder de vereiste voor een online Microsoft-account" t MSG_331 "Gegevensverzameling uitschakelen (privacy-vragen overslaan)" t MSG_332 "Voorkom
Source: rufus-4.4.exe String found in binary or memory: -install
Source: rufus-4.4.exe String found in binary or memory: -h, --help
Source: rufus-4.4.exe String found in binary or memory: -h, --help
Source: rufus-4.4.exe String found in binary or memory: s the command to carry out for each file. command-parameters Specifies parameters or switches for the specified command. To use the FOR command in a batch program, specify %%%%variable instead of %%variable. For example: FOR %%f IN (---start
Source: rufus-4.4.exe String found in binary or memory: chten:" t MSG_132 "Ein anderer Prozess bzw. ein anderes Programm verwendet das Laufwerk gerade. Wollen Sie es trotzdem formatieren?" t MSG_133 "Rufus hat erkannt, dass Sie ein 'Windows To Go'-Startmedium, basierend auf Windows 10 Version 1809, erstellen woll
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://therufus.org/download.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3444 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2948 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6924 /prefetch:8
Source: unknown Process created: C:\Users\user\Downloads\rufus-4.4.exe "C:\Users\user\Downloads\rufus-4.4.exe"
Source: unknown Process created: C:\Windows\System32\vdsldr.exe C:\Windows\System32\vdsldr.exe -Embedding
Source: unknown Process created: C:\Windows\System32\vds.exe C:\Windows\System32\vds.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3444 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2948 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://therufus.org/download.php" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6924 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: vds_ps.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: gpedit.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: activeds.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: dssec.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: dsuiext.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: adsldpc.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: dsrole.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: authz.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: ntdsapi.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: iconcodecservice.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\System32\vdsldr.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\System32\vdsldr.exe Section loaded: vdsutil.dll Jump to behavior
Source: C:\Windows\System32\vdsldr.exe Section loaded: bcd.dll Jump to behavior
Source: C:\Windows\System32\vdsldr.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Windows\System32\vdsldr.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\vdsldr.exe Section loaded: vds_ps.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: osuninst.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: vdsutil.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: bcd.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: uexfat.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: ulib.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: ifsutil.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: uudf.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: untfs.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: ufat.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: fmifs.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\vds.exe Section loaded: vds_ps.dll Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0393303-90D4-4A97-AB71-E9B671EE2729}\InprocServer32 Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe File written: C:\Windows\System32\GroupPolicy\gpt.ini Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Downloads\rufus-4.4.exe Window detected: Number of UI elements: 28
Source: C:\Users\user\Downloads\rufus-4.4.exe Window detected: Number of UI elements: 33
Source: Binary string: Warning: Could not read file pointer %sCould not set file pointer - AbortingWarning: Possible short writeWrote %d bytes but requested %dWrite error %sRetrying in %d seconds...NtdllNtCreateFileRtlDosPathNameToNtPathNameWRtlFreeHeapRtlSetLastWin32ErrorAndNtStatusFromNtStatusDbgHelpSymInitializeSymLoadModuleExSymUnloadModule64SymEnumSymbolsSymCleanup.pdbCould not find debug info in '%s'%s@%s%x:%sSOFTWAREAkeo Consulting\Rufus%s\%shttp://msdl.microsoft.com/download/symbols/%s/%s%x/%sMicrosoft-Symbol-Server/10.0.22621.755Could not initialize DLL symbol handlerbase_address == DEFAULT_BASE_ADDRESS*!*%dregistry.hstrchr(key_name, '\\') == NULLSOFTWARE\Akeo Consulting\Rufus source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp
PE file contains an invalid checksum
Source: a334bdac-aeb5-4013-986b-f4215f2d5b31.tmp.0.dr Static PE information: real checksum: 0x16acf8 should be: 0x10dc7
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Drops PE files
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\rufus-4.4.exe (copy) Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\a334bdac-aeb5-4013-986b-f4215f2d5b31.tmp Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\Unconfirmed 379648.crdownload Jump to dropped file
Contains functionality to read device registry values (via SetupAPI)
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E309E SetupDiGetClassDevsA,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyA,_strcmpi,_strcmpi,SetupDiGetDeviceRegistryPropertyA,SetupDiGetDeviceInstanceIdA,SetupDiGetDeviceRegistryPropertyA,SetupDiEnumDeviceInterfaces,??3@YAXPEAX@Z,SetupDiEnumDeviceInterfaces,GetLastError,SetupDiGetDeviceInterfaceDetailA,GetLastError,_calloc_dbg,SetupDiGetDeviceInterfaceDetailA,CreateFileA,CloseHandle,SetupDiDestroyDeviceInfoList,IsDlgButtonChecked,IsDlgButtonChecked,GetLastError,??3@YAXPEAX@Z,SetLastError,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,GetDlgItem,IsDlgButtonChecked,??3@YAXPEAX@Z, 11_2_00007FF6ED2E309E
Found large amount of non-executed APIs
Source: C:\Users\user\Downloads\rufus-4.4.exe API coverage: 2.3 %
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E967D GetLogicalDriveStringsA,strlen,isalpha,toupper, 11_2_00007FF6ED2E967D
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: WldpWldpQueryWindowsLockdownModeUnable to locate %s() in '%s.dll': %sCould not detect S Mode: %sServer 2003VistaXP_64Server 2008Server 2008_R2Server 2012Server 2012_R2Server 10 (Preview 1)10Server 202212 or laterServer 2003_R211Server 2019Server 201610 (Preview 1)8.187XPx64x86arm64armunknownNT??Home BasicHome PremiumEnterpriseHome Basic NBusinessServer StandardServer DatacenterSmallbusiness ServerServer EnterpriseStarterServer Datacenter (Core)Server Standard (Core)Server Enterprise (Core)Business NWeb ServerHPC EditionStorage Server (Essentials)Home Premium NEnterprise NUltimate NHome ServerServer Standard without Hyper-VServer Datacenter without Hyper-VServer Enterprise without Hyper-VServer Datacenter without Hyper-V (Core)Server Standard without Hyper-V (Core)Server Enterprise without Hyper-V (Core)Hyper-V ServerStarter NProPro NServer Solutions PremiumServer Solutions Premium (Core)Server Hyper Core VStarter EHome Basic EPremium EPro EEnterprise EUltimate EEnterprise (Eval)Server Standard (Eval)Server Datacenter (Eval)Enterprise N (Eval)Thin PCEmbeddedHome NHome ChinaHome Single LanguageHomePro with Media CenterHome ConnectedPro StudentHome Connected NPro Student NHome Connected Single LanguageHome Connected ChinaEducationEducation NEnterprise LTSBEnterprise LTSB NPro SPro S NEnterprise LTSB (Eval)Enterprise LTSB N (Eval)Pro Single LanguagePro ChinaEnterprise SubscriptionEnterprise Subscription NServer Datacenter SA (Core)Server Standard SA (Core)Utility VMPro for WorkstationsPro for Workstations NPro for EducationPro for Education NEnterprise GEnterprise G NCloudCloud NHome OSCloud EIoT OSCloud E NIoT Edge OSIoT EnterpriseLiteIoT Enterprise SXBoxAzure Server(Unlicensed)Ultimate Kernel32IsWow64Process2Note: Underlying Windows architecture was guessed and may be incorrect...%s %u.%u %s%s SP%u.%u %s%s SP%u %s(Unknown Edition 0x%02X)%s%s%s %sSoftware\Microsoft\Windows NT\CurrentVersion\UBR (Build %lu.%lu) (Build %lu) in S Mode@
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: VMware__VMware_Virtual_S
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "VMware-Laufwerkserkennung"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Processing Hub %d: Hub[%d] = '%s' Found ID[%03d]: %sUASPSTORSDIgnoreUsb%02dSOFTWAREAkeo Consulting\Rufus(uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name))(card_start > 0) && (card_start < ARRAYSIZE(genstor_name))Could not allocate Device ID listProcessing IDs belonging to '%s': %sSetupDiGetDeviceRegistryProperty (Enumerator Name) failed: %sUSBSTORProcessing '%s' device: Unsupported or disabled by policyArsenal_________Virtual_KernSafeVirtual_________Msft____Virtual_Disk____VMware__VMware_Virtual_SSCSI\Diskstrlen(scsi_card_name_copy) > 1 Hardware ID: '%s'SetupDiGetDeviceInstanceId failed: %s<N/A>Could not locate device node for '%s'Could not get children of '%s'NOTE: Matched instance from sibling for '%s' Matched with ID[%03d]: %s Matched with (GP) ID[%03d]: %s Matched with Hub[%d]: '%s'Could not get device instance handle for '%s': CR error %dCould not get port for '%s': CR error %dCould not open hub %s: %sCould not get node connection information for '%s': %sCould not get node connection information (V2) for device '%s': %sFound VHD device '%s'Found card reader device '%s'Found non-USB removable device '%s' => EliminatedIf you *REALLY* need, you can enable listing of this device with <Ctrl><Alt><F>Found non-USB removable device '%s'Found non-USB non-removable device '%s' => Eliminated%04X:%04XIgnoring '%s' (%s), per user settingsFound %s%s%s device '%s' (%s) %sNOTE: This device is a USB 3.%c device operating at lower speed...A device was eliminated because it didn't report itself as a diskCould not open '%s': %sDevice eliminated because it appears to contain no mediaDevice eliminated because it is smaller than %d MBDevice eliminated because it contains a mounted partition that is set as non-removableDevice eliminated because it was detected as a Hard Drive (score %d > 0)If this device is not a Hard Drive, please e-mail the author of this applicationNOTE: You can enable the listing of Hard Drives under 'advanced drive properties'Device eliminated because it was detected as a card larger than %d GBTo use such a card, check 'List USB Hard Drives' under 'advanced drive properties'Device eliminated because it was detected as a Microsoft Dev DrivePortableBaseLayerDevice eliminated because it is a Windows Sandbox VHDDevice eliminated because listing of VHDs is disabled (Alt-G)Removing %c: from the list: This is the %s!%s [%s]Warning: Found more than %d drives - ignoring remaining ones...RTSUERCMIUCREUCRVUSBSTORETRONSTORASUSSTPTSCSIPCISTORRTSORJMCRJMCFRIMMPTSKRIMSPTSKRISDRIXDPTSKTI21SONYESD7SKESM7SKO2MDO2SDVIACRGLREADER_SD__SDHC__SDXC__MMC__MS__MSPro__xDPicture__O2Media_USBUSB 1.0USB 1.1USB 2.0USB 3.0USB 3.1
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "A detetar disco VMWare"
Source: rufus-4.4.exe Binary or memory string: MSG_265 "Pengesanan cakera VMWare" t MSG_266 "Mod dwi UEFI/BIOS" t MSG_267 "Menggunakan imej Windows: %s" t MSG_268 "Menggunakan imej Windows..." t MSG_269 "Mengekalkan cap masa" t MSG_270 "Nyahpijat USB" t MSG_271 "Mengira semak tambah imej: %s" t MSG_
Source: RufA552.tmp.11.dr Binary or memory string: w VMWare"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: VMware Coredump Partition
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "VMWare-levyn havaitseminen"
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "VMWare-schijfdetectie"
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "Deteksi VMWare disk"
Source: rufus-4.4.exe Binary or memory string: o NTFS" t MSG_261 "A criar imagem: %s" t MSG_262 "Suporte ISO" t MSG_263 "Usar unidade de tamanho APROPRIADO" t MSG_264 "A apagar pasta '%s'" t MSG_265 "A detetar disco VMWare" t MSG_266 "Modo duplo UEFI/BIOS" t MSG_267 "Aplicar imagem Windows: %s" t M
Source: rufus-4.4.exe Binary or memory string: G_259 "" t MSG_260 "NTFS " t MSG_261 ": %s" t MSG_262 "ISO " t MSG_263 "" t MSG_264 " '%s'" t MSG_265 "VMWare
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Hyper-V Server
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "Detectare disc VMWare"
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "VMWare disk detection"
Source: rufus-4.4.exe Binary or memory string: dimensione APPROPRIATA" t MSG_264 "Eliminazione cartella '%s'" t MSG_265 "Rilevamento disco VMWare" t MSG_266 "Modo duale UEFI/BIOS" t MSG_267 "Applicazione immagine Windows: %s" t MSG_268 "Applicazione immagine Windows..." t MSG_269 "Preserva data/ora"
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "VMware lemez
Source: RufA552.tmp.11.dr Binary or memory string: tection de disque VMWare"
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Server Datacenter without Hyper-V
Source: RufA552.tmp.11.dr Binary or memory string: o de disco VMWare"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: VMware Reserved Partition
Source: rufus-4.4.exe Binary or memory string: update" t MSG_260 "NTFS compression" t MSG_261 "Writing image: %s" t MSG_262 "ISO Support" t MSG_263 "Use PROPER size units" t MSG_264 "Deleting directory '%s'" t MSG_265 "VMWare disk detection" t MSG_266 "Dual UEFI/BIOS mode" t MSG_267 "Applying Windo
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "VMWare detekce disk"
Source: RufA552.tmp.11.dr Binary or memory string: vanie VMWare disku"
Source: rufus-4.4.exe Binary or memory string: " t MSG_264 " '%s'" t MSG_265 " VMWare" t MSG_266 "
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "Zaznavanje diskov VMware"
Source: rufus-4.4.exe, 0000000B.00000002.68343762638.0000026DEDBD6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMWare disk detection
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Server Datacenter without Hyper-V (Core)
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Server Enterprise without Hyper-V (Core)
Source: rufus-4.4.exe Binary or memory string: Gunakan unit ukuran PROPER" t MSG_264 "Menghapus direktori '%s'" t MSG_265 "Deteksi VMWare disk" t MSG_266 "Modus Dual UEFI/BIOS" t MSG_267 "Menerapkan image Windows: %s" t MSG_268 "Menerapkan image Windows..." t MSG_269 "Pertahankan timestamps" t MSG_2
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "Pengesanan cakera VMWare"
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Server Enterprise without Hyper-V
Source: RufA552.tmp.11.dr Binary or memory string: a VMWare"
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "VMWare
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "VMWare disk detektering"
Source: rufus-4.4.exe Binary or memory string: rrelsesenhet" t MSG_264 "Sletter mappe '%s'" t MSG_265 "VMWare-disk oppdagelse" t MSG_266 "Dobbel UEFI/BIOS-innstilling" t MSG_267 "Legger til Windows-bilde: %s" t MSG_268 "Legger til Windows-bilde..." t MSG_269 "Bevarer tidskode" t MSG_270 "USB-avkodin
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "Rilevamento disco VMWare"
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "VMWare diskdetekteringen
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: VMware VMKCORE
Source: rufus-4.4.exe Binary or memory string: : %s" t MSG_262 "ISO " t MSG_263 "" t MSG_264 " '%s'" t MSG_265 "VMWare " t MSG_266 " UEFI/BIOS
Source: RufA552.tmp.11.dr Binary or memory string: n de discos VMWare"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: VMware VMFS
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "VMWare disk alg
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Server Standard without Hyper-V
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: \\?\GLOBALROOTSuper Floppy DiskAndroid Boot PartitionAndroid Bootloader PartitionAndroid Cache PartitionAndroid Config PartitionAndroid Data PartitionAndroid Ext PartitionAndroid Factory PartitionAndroid Fastboot PartitionAndroid Metadata PartitionAndroid Misc PartitionAndroid OEM PartitionAndroid Persistent PartitionAndroid Recovery PartitionAndroid System PartitionAndroid Vendor PartitionApple APFS PartitionApple Boot PartitionApple Filevault PartitionApple HFS+ PartitionApple Label PartitionApple RAID Partition (Offline)Apple RAID PartitionApple RAID Cache PartitionApple RAID Scratch PartitionApple RAID Status PartitionApple RAID Volume PartitionApple Recovery PartitionApple UFS PartitionApple ZFS PartitionAtari Data PartitionBeOS BFS PartitionChrome OS Kernel PartitionChrome OS Reserved PartitionChrome OS Root PartitionCoreOS Raid PartitionCoreOS Reserved PartitionCoreOS Root PartitionCoreOS Usr PartitionFreeBSD Boot PartitionFreeBSD Data PartitionFreeBSD LVM PartitionFreeBSD Swap PartitionFreeBSD UFS PartitionFreeBSD ZFS PartitionBIOS Boot PartitionExtended Boot Loader PartitionEFI System PartitionMBR PartitionUnused PartitionHP-UX Data PartitionHP-UX Service PartitionIBM GPFS PartitionIntel Fast Flash PartitionLenovo Boot PartitionLinux Boot PartitionLinux Data PartitionLinux Encrypted PartitionLinux Home PartitionLinux LUKS PartitionLinux LVM PartitionLinux RAID PartitionLinux Reserved PartitionLinux Boot Partition (ARM)Linux Boot Partition (ARM64)Linux Boot Partition (x86-32)Linux Boot Partition (x86-64)Linux Srv PartitionLinux Swap PartitionMicrosoft Basic Data PartitionMicrosoft LDM Data PartitionMicrosoft LDM Metadata PartitionMicrosoft Recovery PartitionMicrosoft System Reserved PartitionMicrosoft Storage Spaces PartitionNetBSD Concatenated PartitionNetBSD Encrypted PartitionNetBSD FFS PartitionNetBSD LFS PartitionNetBSD RAID PartitionNetBSD Swap PartitionOpenBSD Data PartitionPlan 9 Data PartitionPReP Boot PartitionQNX Data PartitionSolaris Alternate Sector PartitionSolaris Backup PartitionSolaris Boot PartitionSolaris Home PartitionSolaris Reserved PartitionSolaris Root PartitionSolaris Swap PartitionSolaris Var PartitionSony Boot PartitionVeraCrypt Data PartitionVMware Coredump PartitionVMware Reserved PartitionVMware VMFS PartitionEmptyXENIX rootXENIX usrSmall FAT16ExtendedNTFS/exFAT/UDFAIXAIX BootableOS/2 Boot ManagerFAT32 LBAFAT16 LBAExtended LBAOPUSHidden FAT12Compaq DiagnosticsHidden Small FAT16Hidden FAT16Hidden NTFSAST SmartSleepHidden FAT32Hidden FAT32 LBAHidden FAT16 LBAWindows Mobile XIPSpeedStorNEC DOSWindows Mobile IMGFSHidden NTFS WinREPlan 9PMagic RecoveryVenix 80286PPC PReP BootSFSQNX4.xOnTrack DMCP/MEZ DriveGolden BowPriam EDiskGNU HURD/SysVNetwareDiskSecure MultiBootPC/IXNovellXOSLF.I.X.AODPSMinixGNU/Linux SwapGNU/LinuxWindows HibernationGNU/Linux ExtendedNTFS Volume SetGNU/Linux PlaintextFreeDOS Hidden FAT12GNU/Linux LVMFreeDOS Hidden FAT16FreeDOS Hidden ExtendedGNU/Linux HiddenCHRP ISO-9660FreeDOS Hidden FAT32BSD
Source: rufus-4.4.exe Binary or memory string: G_265 "VMWare " t MSG_266 " UEFI/BIOS " t MSG_267 "Windows : %s" t MSG_268 "Windows
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "VMWare-disk oppdagelse"
Source: rufus-4.4.exe Binary or memory string: sche Ordner '%s'" t MSG_265 "VMware-Laufwerkserkennung" t MSG_266 "Dualer UEFI/BIOS-Modus" t MSG_267 "Windows-Image aufspielen: %s" t MSG_268 "Windows-Image aufspielen..." t MSG_269 "Zeitstempel bewahren" t MSG_270 "USB-Testmodus" t MSG_271 "Berechne Im
Source: rufus-4.4.exe Binary or memory string: w VMWare" t MSG_266 "Tryb dual UEFI/BIOS" t MSG_267 "Zastosowywanie obrazu Windows: %s" t MSG_268 "Zastosowywanie obrazu Windows..." t MSG_269 "Zachowaj znaczniki czasu" t MSG_270 "Debugowanie USB" t MSG_271 "Obliczanie sum kontrolnych obrazu: %s" t MSG
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: Server Standard without Hyper-V (Core)
Source: RufA552.tmp.11.dr Binary or memory string: VMWare"
Source: rufus-4.4.exe Binary or memory string: t MSG_261 "Image schrijven: %s" t MSG_262 "ISO-ondersteuning" t MSG_263 "JUISTE grootte-eenheden gebruiken" t MSG_264 "Map '%s' verwijderen" t MSG_265 "VMWare-schijfdetectie" t MSG_266 "Dubbele UEFI/BIOS-modus" t MSG_267 "Windows-image toepassen: %s"
Source: RufA552.tmp.11.dr Binary or memory string: VMWare
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "Otkrivanje VMware diska"
Source: RufA552.tmp.11.dr Binary or memory string: enje VMWare diska"
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "VMWare disko aptikimas"
Source: RufA552.tmp.11.dr Binary or memory string: t MSG_265 "Noteikts VMWare disks"
Source: rufus-4.4.exe Binary or memory string: ttelse" t MSG_263 "MiB notation" t MSG_264 "Sletter mappen '%s'" t MSG_265 "VMWare disk detektering" t MSG_267 "Anvender Windows-image: %s" t MSG_268 "Anvender Windows-image..." t MSG_269 "Bevar tidsstempler" t MSG_271 "Beregner imagechecksumme: %s" t
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp Binary or memory string: VMware VMFS Partition
Enables debug privileges
Source: C:\Users\user\Downloads\rufus-4.4.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E11B9 SetUnhandledExceptionFilter,_malloc_dbg,strlen,_malloc_dbg,memcpy,_initterm, 11_2_00007FF6ED2E11B9
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5E4E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5E42
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5E36
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5EB3
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5EA7
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5E9B
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5E8F
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5EEF
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5EE3
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5ED7
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5ECB
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5EBF
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5F2B
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5F1F
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5F13
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5F07
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5EFB
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5D6A
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5D5E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5D52
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5D46
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5D3A
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5DB2
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5DA6
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5D9A
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5D8E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5D82
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5D76
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5DEE
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5DE2
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5DD6
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5DCA
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5DBE
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5E2A
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5E1E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5E12
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5E06
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5DFA
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E60EA
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E60DE
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E60D2
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5F73
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5F67
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5F5B
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5F4F
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5F43
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5F37
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5F7F
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5FE7
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5FDB
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5FCF
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5FC3
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5FB7
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E6274
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E6268
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E625C
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E6250
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: GetKeyboardLayoutNameA,GetSystemDefaultLangID,_wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fputs,fprintf,fprintf,fputs,fclose,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fputs,fprintf,fputs,fprintf,fprintf,fprintf,fputs,fclose, 11_2_00007FF6ED2E5A4D
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E6244
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E6238
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E628C
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E6280
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E62F3
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5B32
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5B26
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E6323
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5B1A
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E6317
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E630B
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E62FF
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E61F0
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E61E4
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E61D8
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E61CC
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E622C
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E6220
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E6214
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E6208
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E61FC
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5C6E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5C62
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5C56
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5C4A
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5C3E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5CAA
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5C9E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5C92
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5C86
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5C7A
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5CF2
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5CE6
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5CDA
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5CCE
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5CC2
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5CB6
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5D2E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5D22
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5D16
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5D0A
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5CFE
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5B6E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5B62
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5B56
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5B4A
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5B3E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5BAA
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5B9E
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5B92
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5B86
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5B7A
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5BF2
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5BE6
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5BDA
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5BCE
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5BC2
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5BB6
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5C32
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5C16
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5C0A
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose, 11_2_00007FF6ED2E5BFE
Queries device information via Setup API
Source: C:\Users\user\Downloads\rufus-4.4.exe Code function: 11_2_00007FF6ED2E309E SetupDiGetClassDevsA,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyA,_strcmpi,_strcmpi,SetupDiGetDeviceRegistryPropertyA,SetupDiGetDeviceInstanceIdA,SetupDiGetDeviceRegistryPropertyA,SetupDiEnumDeviceInterfaces,??3@YAXPEAX@Z,SetupDiEnumDeviceInterfaces,GetLastError,SetupDiGetDeviceInterfaceDetailA,GetLastError,_calloc_dbg,SetupDiGetDeviceInterfaceDetailA,CreateFileA,CloseHandle,SetupDiDestroyDeviceInfoList,IsDlgButtonChecked,IsDlgButtonChecked,GetLastError,??3@YAXPEAX@Z,SetLastError,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,GetDlgItem,IsDlgButtonChecked,??3@YAXPEAX@Z, 11_2_00007FF6ED2E309E
Source: C:\Users\user\Downloads\rufus-4.4.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender real time protection (registry)
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DE605FE2-09C4-4631-B97D-8938F5DCD9EB}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Modifies Group Policy settings
Source: C:\Users\user\Downloads\rufus-4.4.exe File written: C:\Windows\System32\GroupPolicy\gpt.ini Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431972 URL: https://therufus.org/download.php Startdate: 26/04/2024 Architecture: WINDOWS Score: 52 40 www.google.com 2->40 42 therufus.org 2->42 44 2 other IPs or domains 2->44 6 rufus-4.4.exe 5 2 2->6         started        10 chrome.exe 12 2->10         started        13 vdsldr.exe 2->13         started        15 2 other processes 2->15 process3 dnsIp4 26 C:\Windows\System32behaviorgraphroupPolicy\gpt.ini, ASCII 6->26 dropped 50 Changes autostart functionality of drives 6->50 52 Modifies Group Policy settings 6->52 54 Disable Windows Defender real time protection (registry) 6->54 46 192.168.11.20, 137, 1900, 443 unknown unknown 10->46 48 239.255.255.250, 1900 unknown Reserved 10->48 28 C:\Users\user\...\rufus-4.4.exe (copy), PE32+ 10->28 dropped 30 a334bdac-aeb5-4013-986b-f4215f2d5b31.tmp, PE32+ 10->30 dropped 32 C:\Users\...\Unconfirmed 379648.crdownload, PE32+ 10->32 dropped 17 chrome.exe 10->17         started        20 chrome.exe 10->20         started        22 chrome.exe 10->22         started        24 2 other processes 10->24 file5 signatures6 process7 dnsIp8 34 www.google.com 142.251.16.99, 443, 49874, 50820 GOOGLEUS United States 17->34 36 github.com 140.82.113.3, 443, 50525 GITHUBUS United States 17->36 38 2 other IPs or domains 17->38
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
140.82.113.3
 github.com United States
36459 GITHUBUS false
239.255.255.250
 unknown Reserved
unknown unknown false
104.21.65.18
 therufus.org United States
13335 CLOUDFLARENETUS false
142.251.16.99
 www.google.com United States
15169 GOOGLEUS false
185.199.110.133
 objects.githubusercontent.com Netherlands
54113 FASTLYUS false

Private

IP
192.168.11.20

Contacted Domains

Name IP Active
github.com 140.82.113.3 true
therufus.org 104.21.65.18 true
www.google.com 142.251.16.99 true
objects.githubusercontent.com 185.199.110.133 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://spclient.wg.spotify.com/v1/live-tile-xml?region=GB&language=en-US false
    		high
    https://therufus.org/download.php false
      		unknown
      https://github.com/pbatard/rufus/releases/download/v4.4/rufus-4.4.exe false
        		high