Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://therufus.org/download.php

Overview

General Information

Sample URL:https://therufus.org/download.php
Analysis ID:1431972
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Changes autostart functionality of drives
Disable Windows Defender real time protection (registry)
Modifies Group Policy settings
Contains functionality to communicate with device drivers
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Detected potential crypto function
Drops PE files
Enables debug privileges
Enables driver privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May infect USB drives
PE file contains an invalid checksum
PE file does not import any functions
PE file overlay found
Queries device information via Setup API
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64native
  • chrome.exe (PID: 5912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 464953824E644F10FFDC9E093FD18F94)
    • chrome.exe (PID: 1992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)
    • chrome.exe (PID: 6760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3444 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)
    • chrome.exe (PID: 6532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2948 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)
    • chrome.exe (PID: 6904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6864 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)
    • chrome.exe (PID: 6832 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6924 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)
  • chrome.exe (PID: 6904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://therufus.org/download.php" MD5: 464953824E644F10FFDC9E093FD18F94)
  • rufus-4.4.exe (PID: 6460 cmdline: "C:\Users\user\Downloads\rufus-4.4.exe" MD5: 7A4662BB7F331D2252F3D949657D821D)
  • vdsldr.exe (PID: 6240 cmdline: C:\Windows\System32\vdsldr.exe -Embedding MD5: 3CFFFEE43D8B6FEC842423BBF731F35A)
  • vds.exe (PID: 6704 cmdline: C:\Windows\System32\vds.exe MD5: D28FB8A8DD61CFA35B6DE838E0A3978A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED3FB1F0 RegOpenKeyExA,CryptDecodeObjectEx,11_2_00007FF6ED3FB1F0
Source: unknownHTTPS traffic detected: 35.186.224.25:443 -> 192.168.11.20:50257 version: TLS 1.2
Source: Binary string: Warning: Could not read file pointer %sCould not set file pointer - AbortingWarning: Possible short writeWrote %d bytes but requested %dWrite error %sRetrying in %d seconds...NtdllNtCreateFileRtlDosPathNameToNtPathNameWRtlFreeHeapRtlSetLastWin32ErrorAndNtStatusFromNtStatusDbgHelpSymInitializeSymLoadModuleExSymUnloadModule64SymEnumSymbolsSymCleanup.pdbCould not find debug info in '%s'%s@%s%x:%sSOFTWAREAkeo Consulting\Rufus%s\%shttp://msdl.microsoft.com/download/symbols/%s/%s%x/%sMicrosoft-Symbol-Server/10.0.22621.755Could not initialize DLL symbol handlerbase_address == DEFAULT_BASE_ADDRESS*!*%dregistry.hstrchr(key_name, '\\') == NULLSOFTWARE\Akeo Consulting\Rufus source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp

Spreading

barindex
Changes autostart functionality of drives
Source: C:\Users\user\Downloads\rufus-4.4.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DE605FE2-09C4-4631-B97D-8938F5DCD9EB}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutorunJump to behavior
Source: rufus-4.4.exeBinary or memory string: autorun.inf
Source: rufus-4.4.exeBinary or memory string: %sautorun.inf
Source: rufus-4.4.exeBinary or memory string: kera boot" t MSG_165 "Klik untuk memilih atau memuat turun imej..." t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)" t MSG_167 "Memasang MBR yang membenarkan pilihan boot dan
Source: rufus-4.4.exeBinary or memory string: [autorun] icon = autorun.ico label = %s
Source: rufus-4.4.exeBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-4.4.exeBinary or memory string: autorun.inf
Source: rufus-4.4.exeBinary or memory string: autorun.inf
Source: rufus-4.4.exeBinary or memory string: (autorun.inf )." t MSG_167 " BIOS USB
Source: rufus-4.4.exeBinary or memory string: 164 "Method that will be used to make the drive bootable" t MSG_165 "Click to select or download an image..." t MSG_166 "Check this box to allow the display of international labels " "and set a device icon (creates an autorun.inf)" t MSG_167 "Install an M
Source: rufus-4.4.exeBinary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)" t MSG_167 "Menginstal MBR memungkinkan untuk boot dan dapat memanipulasi ID perangkat USB di BIOS" t MSG_168 "Mencoba menyamarkan perangka
Source: rufus-4.4.exeBinary or memory string: stellen (maakt een autorun.inf aan)" t MSG_167 "Installeert een MBR die een opstartselectie toestaat en de BIOS USB-drive ID kan verbergen" t MSG_168 "Probeert de eerste opstartbare USB drive (gewoonlijk 0x80) voor te laten doen als een andere schijf.\nDit
Source: rufus-4.4.exeBinary or memory string: ( autorun.inf)" t MSG_167 " Rufus MBR BIOS USB ID" t
Source: rufus-4.4.exeBinary or memory string: Ignoring 'autorun.inf' label for drive %c: No media
Source: rufus-4.4.exeBinary or memory string: Using 'autorun.inf' label for drive %c: '%s'
Source: rufus-4.4.exeBinary or memory string: [autorun]icon = autorun.icolabel = %s
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: "and set a device icon (creates an autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacionalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: m souboru autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: e un fichier autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: hoz (egy autorun.inf f
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: un file autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: autorun.inf
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: (autorun.inf
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: (sukuria autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: autorun.inf"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: dzenia (tworzy plik autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: ier autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: uje autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: boru autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: autorun.inf
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: t simgesini belirleyin (autorun.inf olu
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: o autorun.inf)"
Source: rufus-4.4.exe, 0000000B.00000002.68343560865.0000026DEC0C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Ignoring 'autorun.inf' label for drive %c: No media
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Using 'autorun.inf' label for drive %c: '%s'
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Unable to load '%S.dll': %sNtQueryVolumeInformationFileGetLogicalDriveStrings failed: %sGetLogicalDriveStrings: Buffer too small (required %lu vs. %zu)\\.\%c:Warning: Time-out while trying to query drive %cFailed to get a drive letterNo drive letter was assigned...ABORTED: Cannot use an image that is located on the target drive!Failed to delete mountpoint %s: %sNO_LABELlabelIgnoring 'autorun.inf' label for drive %c: No mediaUsing 'autorun.inf' label for drive %c: '%s'%s does not have a Boot Marker%s has a %s Master Boot Record%s has an unknown Master Boot RecordPartition Boot RecordVolume does not have an x86 %sDrive has a %s %sVolume has an unknown FAT16 or FAT32 %sVolume has an unknown %sCould not get layout for drive 0x%02x: %s(Unrecognized)UDFISO9660APFSHFS/HFS+extext2ext3ext4CD001NXSBBEA01exFATNTFSReFSFATFAT12FAT16FAT32Could not unmount drive: %sCould not mount %s as %c:%s was successfully mounted as %c:%s is already mounted, but volume GUID could not be checked: %s%s is mounted, but volume GUID doesn't match:
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: %sautorun.inf
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: ?iconUnable to create icon '%s': %s.Could not write icon header: %s.Could not write ICONDIRENTRY[%d]: %s.Could not write ICONDIRENTRY[%d] offset: %s.Could not write icon data #%d: %s.Created: %s%sautorun.infr%s already exists - keeping itw, ccs=UTF-16LEUnable to create %sNOTE: This may be caused by a poorly designed security solution. See https://goo.gl/QTobxX.; Created by %s
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: [autorun]
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: autorun.inf
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Error allocating file name%s%s/%sRufus%s/syslinux-%s/%s Replaced with local version %s Could not replace file: %s File name sanitized to '%s' Unable to create file: %sautorun.inf NOTE: This is usually caused by a poorly designed security solution. See https://bit.ly/40qDtyF.
Source: rufus-4.4.exe, 0000000B.00000002.68343762638.0000026DEDBDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)Y*V
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Download ISO Image use the "slow" format methodMethod that will be used to make the drive bootableClick to select or download an image...Check this box to allow the display of international labels and set a device icon (creates an autorun.inf)Install an MBR that allows boot selection and can masquerade the BIOS USB drive IDTry to masquerade first bootable USB drive (usually 0x80) as a different disk.
Source: RufA552.tmp.11.drBinary or memory string: "and set a device icon (creates an autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: t MSG_166 "Potvrdite ovo da dozvolite prikaz internacionalnih oznaka i napravite ikonu (stvara autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: m souboru autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: lg denne mulighed for at tillade visning af internationale etiketter og skabe et enheds-ikon (opretter en autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: t MSG_166 "Aanvinken om weergave van internationale labels toe te laten en een apparaat-pictogram in te stellen (maakt een autorun.inf aan)"
Source: RufA552.tmp.11.drBinary or memory string: misen ja asettaaksesi laitekuvakkeen (luo autorun.inf-tiedoston)"
Source: RufA552.tmp.11.drBinary or memory string: e un fichier autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: tesymbol zu erzeugen (autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: hoz (egy autorun.inf f
Source: RufA552.tmp.11.drBinary or memory string: t MSG_166 "Centang kotak ini untuk menampilkan label internasional dan menyetel ikon perangkat (membuat autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: un file autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: autorun.inf
Source: RufA552.tmp.11.drBinary or memory string: (autorun.inf
Source: RufA552.tmp.11.drBinary or memory string: ces ikonas izveidei (tiek izveidots fails autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: (sukuria autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: t MSG_166 "Klik kotak ini untuk membenarkan paparan label antarabangsa dan menetapkan ikon cakera (akan membuat fail autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: tillate visning av internasjonal merkelapp og lage et stasjonsikon (lager en autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: autorun.inf"
Source: RufA552.tmp.11.drBinary or memory string: dzenia (tworzy plik autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: cone para a unidade (cria um arquivo autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: cone para a unidade (cria um ficheiro autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: ier autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: uje autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: boru autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: iti prikaz \"mednarodnih\" oznak nosilca in nastaviti ikono za napravo (to ustvari datoteko autorun.inf)."
Source: RufA552.tmp.11.drBinary or memory string: n para permitir que se muestren caracteres internacionales y establecer un icono para la unidad (crea un archivo autorun.inf)"
Source: RufA552.tmp.11.drBinary or memory string: tta en enhetsikon (en autorun.inf skapas)"
Source: RufA552.tmp.11.drBinary or memory string: autorun.inf
Source: RufA552.tmp.11.drBinary or memory string: t simgesini belirleyin (autorun.inf olu
Source: RufA552.tmp.11.drBinary or memory string: o autorun.inf)"
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E967D GetLogicalDriveStringsA,strlen,isalpha,toupper,11_2_00007FF6ED2E967D
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 4x nop then sub rsp, 58h11_2_00007FF6ED3565D0
Source: unknownTCP traffic detected without corresponding DNS query: 23.34.240.112
Source: unknownTCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknownTCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknownTCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknownTCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknownTCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknownTCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknownTCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknownTCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknownTCP traffic detected without corresponding DNS query: 35.186.224.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.34.240.112
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /v1/live-tile-xml?region=GB&language=en-US HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WNS/10.0Host: spclient.wg.spotify.com
Source: global trafficHTTP traffic detected: GET /download.php HTTP/1.1Host: therufus.orgConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pbatard/rufus/releases/download/v4.4/rufus-4.4.exe HTTP/1.1Host: github.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/2810292/86098259-c57e-4f5d-acc1-ae1e048249df?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240426%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240426T040419Z&X-Amz-Expires=300&X-Amz-Signature=0a2156a5ca26c205fdafcce2ab334e233c3be06af637278db1f2ef1ee5c54c27&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=2810292&response-content-disposition=attachment%3B%20filename%3Drufus-4.4.exe&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: therufus.org
Source: global trafficDNS traffic detected: DNS query: github.com
Source: global trafficDNS traffic detected: DNS query: objects.githubusercontent.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficTCP traffic: 192.168.11.20:50401 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:50401 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:50401 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:50401 -> 239.255.255.250:1900
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: http://e2fsprogs.sourceforge.net/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: http://freedos.sourceforge.net/freecom
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: http://fsf.org/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp, RufA552.tmp.11.drString found in binary or memory: http://halamix2.pl
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: http://ms-sys.sourceforge.net/
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: http://ocsp.comodoca.com0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: http://ocsp.sectigo.com0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: http://ocsp.sectigo.com0$
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: http://s.symcd.com06
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://7-zip.org/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://7-zip.org/openESPWarning:
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://axialis.com/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://bit.ly/40qDtyF.
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: https://d.symcb.com/cps0%
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: https://d.symcb.com/rpa0
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: https://d.symcb.com/rpa0.
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://gist.github.com/mattifestation/92e545bf1ee5b68eeb71d254cec2f78e
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp, RufA552.tmp.11.drString found in binary or memory: https://github.com/Chocobo1
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp, RufA552.tmp.11.drString found in binary or memory: https://github.com/SiderealArt
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/chenall/grub4dos
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp, RufA552.tmp.11.drString found in binary or memory: https://github.com/cupofocha
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/kokke/tiny-regex-c
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/libtom/libtomcrypt
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/pbatard/Fido
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/pbatard/bled
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/pbatard/rufus/blob/master/res/loc/ChangeLog.txt
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/pbatard/rufus/issues
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/pbatard/rufus/wiki/FAQ#bsods-with-windows-to-go-drives-created-from-windows-10-18
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/pbatard/uefi-ntfs.
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/u-boot/u-boot
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/weidai11/cryptopp/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://goo.gl/QTobxX.
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://goo.gl/QTobxX.;
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://kolibrios.org/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: https://rufus.ie
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://rufus.ie).
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://rufus.ie/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://rufus.ie/CheckForBetashttps://rufus.ieUsing
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://rufus.ie/Fido.ver
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://rufus.ie/files
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://rufus.ie/files%s/%s-%s/%sGrub2%s
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://rufus.ieRufusRunning
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://rufus.ieopen321Failed
Source: rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: https://sectigo.com/CPS0
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://sourceforge.net/projects/smartmontools
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://svn.reactos.org/reactos/trunk
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://svn.reactos.org/reactos/trunk/reactos/dll/win32/fmifs
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://syslinux.org/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://systeminformer.sourceforge.io/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://tortoisegit.org/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://tortoisesvn.net/
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://un.akeo.ie
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://winscp.net/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.busybox.net/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.codeguru.com/forum/showthread.php?p=1951973
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.freedos.org/
Source: rufus-4.4.exe, 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmp, rufus-4.4.exe, 0000000B.00000000.68277865502.00007FF6ED6B4000.00000008.00000001.01000000.00000006.sdmp, Unconfirmed 379648.crdownload.0.drString found in binary or memory: https://www.gnu.org/licenses/gpl-3.0.htmlD
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.gnu.org/software/fdisk
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.gnu.org/software/grub
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.gnu.org/software/libcdio
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.gnu.org/software/wget
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.gnupg.org/
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.reactos.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50820
Source: unknownNetwork traffic detected: HTTP traffic on port 54944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50525
Source: unknownNetwork traffic detected: HTTP traffic on port 61436 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50525 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54944
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50257
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61436
Source: unknownNetwork traffic detected: HTTP traffic on port 49316 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61836
Source: unknownNetwork traffic detected: HTTP traffic on port 50820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50257 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49316
Source: unknownNetwork traffic detected: HTTP traffic on port 58808 -> 443
Source: unknownHTTPS traffic detected: 35.186.224.25:443 -> 192.168.11.20:50257 version: TLS 1.2
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E7B9D: CreateFileA,DeviceIoControl,CloseHandle,11_2_00007FF6ED2E7B9D
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E309E11_2_00007FF6ED2E309E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E2B3911_2_00007FF6ED2E2B39
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E7E7111_2_00007FF6ED2E7E71
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E266D11_2_00007FF6ED2E266D
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2ED66411_2_00007FF6ED2ED664
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2FC66211_2_00007FF6ED2FC662
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED32770E11_2_00007FF6ED32770E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2EBF0511_2_00007FF6ED2EBF05
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E6D5011_2_00007FF6ED2E6D50
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED325DE411_2_00007FF6ED325DE4
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED329DEC11_2_00007FF6ED329DEC
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED32809211_2_00007FF6ED328092
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2EA05511_2_00007FF6ED2EA055
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2FC04111_2_00007FF6ED2FC041
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED3040AC11_2_00007FF6ED3040AC
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2F88A011_2_00007FF6ED2F88A0
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2EB09D11_2_00007FF6ED2EB09D
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED3250DA11_2_00007FF6ED3250DA
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E98FE11_2_00007FF6ED2E98FE
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED3278EC11_2_00007FF6ED3278EC
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E774811_2_00007FF6ED2E7748
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2FB82811_2_00007FF6ED2FB828
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED3FB7C811_2_00007FF6ED3FB7C8
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E1A5D11_2_00007FF6ED2E1A5D
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED32B17D11_2_00007FF6ED32B17D
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2EA96E11_2_00007FF6ED2EA96E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E397C11_2_00007FF6ED2E397C
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED31722311_2_00007FF6ED317223
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED34723511_2_00007FF6ED347235
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E923011_2_00007FF6ED2E9230
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED303CE511_2_00007FF6ED303CE5
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED3034FB11_2_00007FF6ED3034FB
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2FBB9811_2_00007FF6ED2FBB98
Source: C:\Users\user\Downloads\rufus-4.4.exeProcess token adjusted: Load DriverJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: String function: 00007FF6ED358E38 appears 262 times
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: String function: 00007FF6ED3FB970 appears 161 times
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: String function: 00007FF6ED2E5980 appears 129 times
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: String function: 00007FF6ED358E28 appears 137 times
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: String function: 00007FF6ED3FB550 appears 120 times
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: String function: 00007FF6ED318339 appears 1068 times
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: String function: 00007FF6ED2E59C9 appears 120 times
Source: a334bdac-aeb5-4013-986b-f4215f2d5b31.tmp.0.drStatic PE information: No import functions for PE file found
Source: a334bdac-aeb5-4013-986b-f4215f2d5b31.tmp.0.drStatic PE information: Data appended to the last section found
Source: a334bdac-aeb5-4013-986b-f4215f2d5b31.tmp.0.drStatic PE information: Section: UPX1 ZLIB complexity 1.0006930443548387
Source: Unconfirmed 379648.crdownload.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9991053006769288
Source: classification engineClassification label: mal52.spre.evad.win@35/6@6/6
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED317E90 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,11_2_00007FF6ED317E90
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED3170E1 FindResourceA,LoadResource,SizeofResource,_calloc_dbg,LockResource,LockResource,11_2_00007FF6ED3170E1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\a334bdac-aeb5-4013-986b-f4215f2d5b31.tmpJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeMutant created: \Sessions\1\BaseNamedObjects\Global/Rufus
Source: C:\Users\user\Downloads\rufus-4.4.exeFile created: C:\Users\user\AppData\Local\Temp\RufA552.tmpJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeFile read: C:\Windows\System32\GroupPolicy\gpt.iniJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: rufus-4.4.exeString found in binary or memory: /loader/entries
Source: rufus-4.4.exeString found in binary or memory: /boot/i386/loader/isolinux.cfg
Source: rufus-4.4.exeString found in binary or memory: /boot/x86_64/loader/isolinux.cfg
Source: rufus-4.4.exeString found in binary or memory: :size Sets maximum size of line edit buffer (default:128) /MACROS Displays all DOSKey macros /OVERSTRIKE Overwrites new characters onto line when typing (default) /REINSTALL Installs a new copy of DOSKey macroname Specifie
Source: rufus-4.4.exeString found in binary or memory: gen worden als het bestand al bestaat. Als er geen bestand online wordt gevonden, dan zal de standaard versie worden gebruikt." t MSG_117 "Standaard Windows-installatie" t MSG_119 "geavanceerde eigenschappen van drive" t MSG_120 "geavanceerde opties voor fo
Source: rufus-4.4.exeString found in binary or memory: s-installatie aanpassen?" t MSG_329 "Verwijder de vereiste voor 4GB+ RAM, Secure Boot en TPM 2.0" t MSG_330 "Verwijder de vereiste voor een online Microsoft-account" t MSG_331 "Gegevensverzameling uitschakelen (privacy-vragen overslaan)" t MSG_332 "Voorkom
Source: rufus-4.4.exeString found in binary or memory: -install
Source: rufus-4.4.exeString found in binary or memory: -h, --help
Source: rufus-4.4.exeString found in binary or memory: -h, --help
Source: rufus-4.4.exeString found in binary or memory: s the command to carry out for each file. command-parameters Specifies parameters or switches for the specified command. To use the FOR command in a batch program, specify %%%%variable instead of %%variable. For example: FOR %%f IN (---start
Source: rufus-4.4.exeString found in binary or memory: chten:" t MSG_132 "Ein anderer Prozess bzw. ein anderes Programm verwendet das Laufwerk gerade. Wollen Sie es trotzdem formatieren?" t MSG_133 "Rufus hat erkannt, dass Sie ein 'Windows To Go'-Startmedium, basierend auf Windows 10 Version 1809, erstellen woll
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://therufus.org/download.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3444 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2948 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6924 /prefetch:8
Source: unknownProcess created: C:\Users\user\Downloads\rufus-4.4.exe "C:\Users\user\Downloads\rufus-4.4.exe"
Source: unknownProcess created: C:\Windows\System32\vdsldr.exe C:\Windows\System32\vdsldr.exe -Embedding
Source: unknownProcess created: C:\Windows\System32\vds.exe C:\Windows\System32\vds.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3444 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2948 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://therufus.org/download.php"Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6924 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: vds_ps.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: gpedit.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: activeds.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: dssec.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: dsuiext.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: authz.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: ntdsapi.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: vdsutil.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: bcd.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\vdsldr.exeSection loaded: vds_ps.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: osuninst.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: vdsutil.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: bcd.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: uexfat.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: ifsutil.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: uudf.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: untfs.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: ufat.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: fmifs.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\vds.exeSection loaded: vds_ps.dllJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0393303-90D4-4A97-AB71-E9B671EE2729}\InprocServer32Jump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeFile written: C:\Windows\System32\GroupPolicy\gpt.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Downloads\rufus-4.4.exeWindow detected: Number of UI elements: 28
Source: C:\Users\user\Downloads\rufus-4.4.exeWindow detected: Number of UI elements: 33
Source: Binary string: Warning: Could not read file pointer %sCould not set file pointer - AbortingWarning: Possible short writeWrote %d bytes but requested %dWrite error %sRetrying in %d seconds...NtdllNtCreateFileRtlDosPathNameToNtPathNameWRtlFreeHeapRtlSetLastWin32ErrorAndNtStatusFromNtStatusDbgHelpSymInitializeSymLoadModuleExSymUnloadModule64SymEnumSymbolsSymCleanup.pdbCould not find debug info in '%s'%s@%s%x:%sSOFTWAREAkeo Consulting\Rufus%s\%shttp://msdl.microsoft.com/download/symbols/%s/%s%x/%sMicrosoft-Symbol-Server/10.0.22621.755Could not initialize DLL symbol handlerbase_address == DEFAULT_BASE_ADDRESS*!*%dregistry.hstrchr(key_name, '\\') == NULLSOFTWARE\Akeo Consulting\Rufus source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp
Source: a334bdac-aeb5-4013-986b-f4215f2d5b31.tmp.0.drStatic PE information: real checksum: 0x16acf8 should be: 0x10dc7
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\rufus-4.4.exe (copy)Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\a334bdac-aeb5-4013-986b-f4215f2d5b31.tmpJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 379648.crdownloadJump to dropped file
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E309E SetupDiGetClassDevsA,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyA,_strcmpi,_strcmpi,SetupDiGetDeviceRegistryPropertyA,SetupDiGetDeviceInstanceIdA,SetupDiGetDeviceRegistryPropertyA,SetupDiEnumDeviceInterfaces,??3@YAXPEAX@Z,SetupDiEnumDeviceInterfaces,GetLastError,SetupDiGetDeviceInterfaceDetailA,GetLastError,_calloc_dbg,SetupDiGetDeviceInterfaceDetailA,CreateFileA,CloseHandle,SetupDiDestroyDeviceInfoList,IsDlgButtonChecked,IsDlgButtonChecked,GetLastError,??3@YAXPEAX@Z,SetLastError,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,GetDlgItem,IsDlgButtonChecked,??3@YAXPEAX@Z,11_2_00007FF6ED2E309E
Source: C:\Users\user\Downloads\rufus-4.4.exeAPI coverage: 2.3 %
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E967D GetLogicalDriveStringsA,strlen,isalpha,toupper,11_2_00007FF6ED2E967D
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: WldpWldpQueryWindowsLockdownModeUnable to locate %s() in '%s.dll': %sCould not detect S Mode: %sServer 2003VistaXP_64Server 2008Server 2008_R2Server 2012Server 2012_R2Server 10 (Preview 1)10Server 202212 or laterServer 2003_R211Server 2019Server 201610 (Preview 1)8.187XPx64x86arm64armunknownNT??Home BasicHome PremiumEnterpriseHome Basic NBusinessServer StandardServer DatacenterSmallbusiness ServerServer EnterpriseStarterServer Datacenter (Core)Server Standard (Core)Server Enterprise (Core)Business NWeb ServerHPC EditionStorage Server (Essentials)Home Premium NEnterprise NUltimate NHome ServerServer Standard without Hyper-VServer Datacenter without Hyper-VServer Enterprise without Hyper-VServer Datacenter without Hyper-V (Core)Server Standard without Hyper-V (Core)Server Enterprise without Hyper-V (Core)Hyper-V ServerStarter NProPro NServer Solutions PremiumServer Solutions Premium (Core)Server Hyper Core VStarter EHome Basic EPremium EPro EEnterprise EUltimate EEnterprise (Eval)Server Standard (Eval)Server Datacenter (Eval)Enterprise N (Eval)Thin PCEmbeddedHome NHome ChinaHome Single LanguageHomePro with Media CenterHome ConnectedPro StudentHome Connected NPro Student NHome Connected Single LanguageHome Connected ChinaEducationEducation NEnterprise LTSBEnterprise LTSB NPro SPro S NEnterprise LTSB (Eval)Enterprise LTSB N (Eval)Pro Single LanguagePro ChinaEnterprise SubscriptionEnterprise Subscription NServer Datacenter SA (Core)Server Standard SA (Core)Utility VMPro for WorkstationsPro for Workstations NPro for EducationPro for Education NEnterprise GEnterprise G NCloudCloud NHome OSCloud EIoT OSCloud E NIoT Edge OSIoT EnterpriseLiteIoT Enterprise SXBoxAzure Server(Unlicensed)Ultimate Kernel32IsWow64Process2Note: Underlying Windows architecture was guessed and may be incorrect...%s %u.%u %s%s SP%u.%u %s%s SP%u %s(Unknown Edition 0x%02X)%s%s%s %sSoftware\Microsoft\Windows NT\CurrentVersion\UBR (Build %lu.%lu) (Build %lu) in S Mode@
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: VMware__VMware_Virtual_S
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "VMware-Laufwerkserkennung"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Processing Hub %d: Hub[%d] = '%s' Found ID[%03d]: %sUASPSTORSDIgnoreUsb%02dSOFTWAREAkeo Consulting\Rufus(uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name))(card_start > 0) && (card_start < ARRAYSIZE(genstor_name))Could not allocate Device ID listProcessing IDs belonging to '%s': %sSetupDiGetDeviceRegistryProperty (Enumerator Name) failed: %sUSBSTORProcessing '%s' device: Unsupported or disabled by policyArsenal_________Virtual_KernSafeVirtual_________Msft____Virtual_Disk____VMware__VMware_Virtual_SSCSI\Diskstrlen(scsi_card_name_copy) > 1 Hardware ID: '%s'SetupDiGetDeviceInstanceId failed: %s<N/A>Could not locate device node for '%s'Could not get children of '%s'NOTE: Matched instance from sibling for '%s' Matched with ID[%03d]: %s Matched with (GP) ID[%03d]: %s Matched with Hub[%d]: '%s'Could not get device instance handle for '%s': CR error %dCould not get port for '%s': CR error %dCould not open hub %s: %sCould not get node connection information for '%s': %sCould not get node connection information (V2) for device '%s': %sFound VHD device '%s'Found card reader device '%s'Found non-USB removable device '%s' => EliminatedIf you *REALLY* need, you can enable listing of this device with <Ctrl><Alt><F>Found non-USB removable device '%s'Found non-USB non-removable device '%s' => Eliminated%04X:%04XIgnoring '%s' (%s), per user settingsFound %s%s%s device '%s' (%s) %sNOTE: This device is a USB 3.%c device operating at lower speed...A device was eliminated because it didn't report itself as a diskCould not open '%s': %sDevice eliminated because it appears to contain no mediaDevice eliminated because it is smaller than %d MBDevice eliminated because it contains a mounted partition that is set as non-removableDevice eliminated because it was detected as a Hard Drive (score %d > 0)If this device is not a Hard Drive, please e-mail the author of this applicationNOTE: You can enable the listing of Hard Drives under 'advanced drive properties'Device eliminated because it was detected as a card larger than %d GBTo use such a card, check 'List USB Hard Drives' under 'advanced drive properties'Device eliminated because it was detected as a Microsoft Dev DrivePortableBaseLayerDevice eliminated because it is a Windows Sandbox VHDDevice eliminated because listing of VHDs is disabled (Alt-G)Removing %c: from the list: This is the %s!%s [%s]Warning: Found more than %d drives - ignoring remaining ones...RTSUERCMIUCREUCRVUSBSTORETRONSTORASUSSTPTSCSIPCISTORRTSORJMCRJMCFRIMMPTSKRIMSPTSKRISDRIXDPTSKTI21SONYESD7SKESM7SKO2MDO2SDVIACRGLREADER_SD__SDHC__SDXC__MMC__MS__MSPro__xDPicture__O2Media_USBUSB 1.0USB 1.1USB 2.0USB 3.0USB 3.1
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "A detetar disco VMWare"
Source: rufus-4.4.exeBinary or memory string: MSG_265 "Pengesanan cakera VMWare" t MSG_266 "Mod dwi UEFI/BIOS" t MSG_267 "Menggunakan imej Windows: %s" t MSG_268 "Menggunakan imej Windows..." t MSG_269 "Mengekalkan cap masa" t MSG_270 "Nyahpijat USB" t MSG_271 "Mengira semak tambah imej: %s" t MSG_
Source: RufA552.tmp.11.drBinary or memory string: w VMWare"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: VMware Coredump Partition
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "VMWare-levyn havaitseminen"
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "VMWare-schijfdetectie"
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "Deteksi VMWare disk"
Source: rufus-4.4.exeBinary or memory string: o NTFS" t MSG_261 "A criar imagem: %s" t MSG_262 "Suporte ISO" t MSG_263 "Usar unidade de tamanho APROPRIADO" t MSG_264 "A apagar pasta '%s'" t MSG_265 "A detetar disco VMWare" t MSG_266 "Modo duplo UEFI/BIOS" t MSG_267 "Aplicar imagem Windows: %s" t M
Source: rufus-4.4.exeBinary or memory string: G_259 "" t MSG_260 "NTFS " t MSG_261 ": %s" t MSG_262 "ISO " t MSG_263 "" t MSG_264 " '%s'" t MSG_265 "VMWare
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Hyper-V Server
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "Detectare disc VMWare"
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "VMWare disk detection"
Source: rufus-4.4.exeBinary or memory string: dimensione APPROPRIATA" t MSG_264 "Eliminazione cartella '%s'" t MSG_265 "Rilevamento disco VMWare" t MSG_266 "Modo duale UEFI/BIOS" t MSG_267 "Applicazione immagine Windows: %s" t MSG_268 "Applicazione immagine Windows..." t MSG_269 "Preserva data/ora"
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "VMware lemez
Source: RufA552.tmp.11.drBinary or memory string: tection de disque VMWare"
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Server Datacenter without Hyper-V
Source: RufA552.tmp.11.drBinary or memory string: o de disco VMWare"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: VMware Reserved Partition
Source: rufus-4.4.exeBinary or memory string: update" t MSG_260 "NTFS compression" t MSG_261 "Writing image: %s" t MSG_262 "ISO Support" t MSG_263 "Use PROPER size units" t MSG_264 "Deleting directory '%s'" t MSG_265 "VMWare disk detection" t MSG_266 "Dual UEFI/BIOS mode" t MSG_267 "Applying Windo
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "VMWare detekce disk"
Source: RufA552.tmp.11.drBinary or memory string: vanie VMWare disku"
Source: rufus-4.4.exeBinary or memory string: " t MSG_264 " '%s'" t MSG_265 " VMWare" t MSG_266 "
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "Zaznavanje diskov VMware"
Source: rufus-4.4.exe, 0000000B.00000002.68343762638.0000026DEDBD6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMWare disk detection
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Server Datacenter without Hyper-V (Core)
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Server Enterprise without Hyper-V (Core)
Source: rufus-4.4.exeBinary or memory string: Gunakan unit ukuran PROPER" t MSG_264 "Menghapus direktori '%s'" t MSG_265 "Deteksi VMWare disk" t MSG_266 "Modus Dual UEFI/BIOS" t MSG_267 "Menerapkan image Windows: %s" t MSG_268 "Menerapkan image Windows..." t MSG_269 "Pertahankan timestamps" t MSG_2
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "Pengesanan cakera VMWare"
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Server Enterprise without Hyper-V
Source: RufA552.tmp.11.drBinary or memory string: a VMWare"
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "VMWare
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "VMWare disk detektering"
Source: rufus-4.4.exeBinary or memory string: rrelsesenhet" t MSG_264 "Sletter mappe '%s'" t MSG_265 "VMWare-disk oppdagelse" t MSG_266 "Dobbel UEFI/BIOS-innstilling" t MSG_267 "Legger til Windows-bilde: %s" t MSG_268 "Legger til Windows-bilde..." t MSG_269 "Bevarer tidskode" t MSG_270 "USB-avkodin
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "Rilevamento disco VMWare"
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "VMWare diskdetekteringen
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: VMware VMKCORE
Source: rufus-4.4.exeBinary or memory string: : %s" t MSG_262 "ISO " t MSG_263 "" t MSG_264 " '%s'" t MSG_265 "VMWare " t MSG_266 " UEFI/BIOS
Source: RufA552.tmp.11.drBinary or memory string: n de discos VMWare"
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: VMware VMFS
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "VMWare disk alg
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Server Standard without Hyper-V
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: \\?\GLOBALROOTSuper Floppy DiskAndroid Boot PartitionAndroid Bootloader PartitionAndroid Cache PartitionAndroid Config PartitionAndroid Data PartitionAndroid Ext PartitionAndroid Factory PartitionAndroid Fastboot PartitionAndroid Metadata PartitionAndroid Misc PartitionAndroid OEM PartitionAndroid Persistent PartitionAndroid Recovery PartitionAndroid System PartitionAndroid Vendor PartitionApple APFS PartitionApple Boot PartitionApple Filevault PartitionApple HFS+ PartitionApple Label PartitionApple RAID Partition (Offline)Apple RAID PartitionApple RAID Cache PartitionApple RAID Scratch PartitionApple RAID Status PartitionApple RAID Volume PartitionApple Recovery PartitionApple UFS PartitionApple ZFS PartitionAtari Data PartitionBeOS BFS PartitionChrome OS Kernel PartitionChrome OS Reserved PartitionChrome OS Root PartitionCoreOS Raid PartitionCoreOS Reserved PartitionCoreOS Root PartitionCoreOS Usr PartitionFreeBSD Boot PartitionFreeBSD Data PartitionFreeBSD LVM PartitionFreeBSD Swap PartitionFreeBSD UFS PartitionFreeBSD ZFS PartitionBIOS Boot PartitionExtended Boot Loader PartitionEFI System PartitionMBR PartitionUnused PartitionHP-UX Data PartitionHP-UX Service PartitionIBM GPFS PartitionIntel Fast Flash PartitionLenovo Boot PartitionLinux Boot PartitionLinux Data PartitionLinux Encrypted PartitionLinux Home PartitionLinux LUKS PartitionLinux LVM PartitionLinux RAID PartitionLinux Reserved PartitionLinux Boot Partition (ARM)Linux Boot Partition (ARM64)Linux Boot Partition (x86-32)Linux Boot Partition (x86-64)Linux Srv PartitionLinux Swap PartitionMicrosoft Basic Data PartitionMicrosoft LDM Data PartitionMicrosoft LDM Metadata PartitionMicrosoft Recovery PartitionMicrosoft System Reserved PartitionMicrosoft Storage Spaces PartitionNetBSD Concatenated PartitionNetBSD Encrypted PartitionNetBSD FFS PartitionNetBSD LFS PartitionNetBSD RAID PartitionNetBSD Swap PartitionOpenBSD Data PartitionPlan 9 Data PartitionPReP Boot PartitionQNX Data PartitionSolaris Alternate Sector PartitionSolaris Backup PartitionSolaris Boot PartitionSolaris Home PartitionSolaris Reserved PartitionSolaris Root PartitionSolaris Swap PartitionSolaris Var PartitionSony Boot PartitionVeraCrypt Data PartitionVMware Coredump PartitionVMware Reserved PartitionVMware VMFS PartitionEmptyXENIX rootXENIX usrSmall FAT16ExtendedNTFS/exFAT/UDFAIXAIX BootableOS/2 Boot ManagerFAT32 LBAFAT16 LBAExtended LBAOPUSHidden FAT12Compaq DiagnosticsHidden Small FAT16Hidden FAT16Hidden NTFSAST SmartSleepHidden FAT32Hidden FAT32 LBAHidden FAT16 LBAWindows Mobile XIPSpeedStorNEC DOSWindows Mobile IMGFSHidden NTFS WinREPlan 9PMagic RecoveryVenix 80286PPC PReP BootSFSQNX4.xOnTrack DMCP/MEZ DriveGolden BowPriam EDiskGNU HURD/SysVNetwareDiskSecure MultiBootPC/IXNovellXOSLF.I.X.AODPSMinixGNU/Linux SwapGNU/LinuxWindows HibernationGNU/Linux ExtendedNTFS Volume SetGNU/Linux PlaintextFreeDOS Hidden FAT12GNU/Linux LVMFreeDOS Hidden FAT16FreeDOS Hidden ExtendedGNU/Linux HiddenCHRP ISO-9660FreeDOS Hidden FAT32BSD
Source: rufus-4.4.exeBinary or memory string: G_265 "VMWare " t MSG_266 " UEFI/BIOS " t MSG_267 "Windows : %s" t MSG_268 "Windows
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "VMWare-disk oppdagelse"
Source: rufus-4.4.exeBinary or memory string: sche Ordner '%s'" t MSG_265 "VMware-Laufwerkserkennung" t MSG_266 "Dualer UEFI/BIOS-Modus" t MSG_267 "Windows-Image aufspielen: %s" t MSG_268 "Windows-Image aufspielen..." t MSG_269 "Zeitstempel bewahren" t MSG_270 "USB-Testmodus" t MSG_271 "Berechne Im
Source: rufus-4.4.exeBinary or memory string: w VMWare" t MSG_266 "Tryb dual UEFI/BIOS" t MSG_267 "Zastosowywanie obrazu Windows: %s" t MSG_268 "Zastosowywanie obrazu Windows..." t MSG_269 "Zachowaj znaczniki czasu" t MSG_270 "Debugowanie USB" t MSG_271 "Obliczanie sum kontrolnych obrazu: %s" t MSG
Source: rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Server Standard without Hyper-V (Core)
Source: RufA552.tmp.11.drBinary or memory string: VMWare"
Source: rufus-4.4.exeBinary or memory string: t MSG_261 "Image schrijven: %s" t MSG_262 "ISO-ondersteuning" t MSG_263 "JUISTE grootte-eenheden gebruiken" t MSG_264 "Map '%s' verwijderen" t MSG_265 "VMWare-schijfdetectie" t MSG_266 "Dubbele UEFI/BIOS-modus" t MSG_267 "Windows-image toepassen: %s"
Source: RufA552.tmp.11.drBinary or memory string: VMWare
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "Otkrivanje VMware diska"
Source: RufA552.tmp.11.drBinary or memory string: enje VMWare diska"
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "VMWare disko aptikimas"
Source: RufA552.tmp.11.drBinary or memory string: t MSG_265 "Noteikts VMWare disks"
Source: rufus-4.4.exeBinary or memory string: ttelse" t MSG_263 "MiB notation" t MSG_264 "Sletter mappen '%s'" t MSG_265 "VMWare disk detektering" t MSG_267 "Anvender Windows-image: %s" t MSG_268 "Anvender Windows-image..." t MSG_269 "Bevar tidsstempler" t MSG_271 "Beregner imagechecksumme: %s" t
Source: rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: VMware VMFS Partition
Source: C:\Users\user\Downloads\rufus-4.4.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E11B9 SetUnhandledExceptionFilter,_malloc_dbg,strlen,_malloc_dbg,memcpy,_initterm,11_2_00007FF6ED2E11B9
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5E4E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5E42
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5E36
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5EB3
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5EA7
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5E9B
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5E8F
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5EEF
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5EE3
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5ED7
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5ECB
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5EBF
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5F2B
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5F1F
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5F13
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5F07
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5EFB
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5D6A
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5D5E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5D52
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5D46
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5D3A
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5DB2
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5DA6
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5D9A
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5D8E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5D82
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5D76
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5DEE
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5DE2
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5DD6
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5DCA
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5DBE
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5E2A
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5E1E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5E12
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5E06
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5DFA
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E60EA
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E60DE
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E60D2
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5F73
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5F67
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5F5B
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5F4F
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5F43
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5F37
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5F7F
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5FE7
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5FDB
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5FCF
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5FC3
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5FB7
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E6274
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E6268
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E625C
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E6250
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: GetKeyboardLayoutNameA,GetSystemDefaultLangID,_wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fputs,fprintf,fprintf,fputs,fclose,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fputs,fprintf,fputs,fprintf,fprintf,fprintf,fputs,fclose,11_2_00007FF6ED2E5A4D
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E6244
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E6238
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E628C
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E6280
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E62F3
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5B32
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5B26
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E6323
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5B1A
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E6317
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E630B
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E62FF
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E61F0
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E61E4
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E61D8
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E61CC
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E622C
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E6220
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E6214
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E6208
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E61FC
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5C6E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5C62
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5C56
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5C4A
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5C3E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5CAA
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5C9E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5C92
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5C86
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5C7A
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5CF2
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5CE6
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5CDA
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5CCE
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5CC2
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5CB6
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5D2E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5D22
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5D16
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5D0A
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5CFE
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5B6E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5B62
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5B56
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5B4A
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5B3E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5BAA
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5B9E
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5B92
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5B86
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5B7A
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5BF2
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5BE6
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5BDA
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5BCE
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5BC2
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5BB6
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5C32
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5C16
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5C0A
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: _wassert,GetOEMCP,GetUserDefaultUILanguage,GetLocaleInfoA,strcmp,strlen,strlen,strlen,strncat,fopen,fputs,fputs,fprintf,fclose,11_2_00007FF6ED2E5BFE
Source: C:\Users\user\Downloads\rufus-4.4.exeCode function: 11_2_00007FF6ED2E309E SetupDiGetClassDevsA,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyA,_strcmpi,_strcmpi,SetupDiGetDeviceRegistryPropertyA,SetupDiGetDeviceInstanceIdA,SetupDiGetDeviceRegistryPropertyA,SetupDiEnumDeviceInterfaces,??3@YAXPEAX@Z,SetupDiEnumDeviceInterfaces,GetLastError,SetupDiGetDeviceInterfaceDetailA,GetLastError,_calloc_dbg,SetupDiGetDeviceInterfaceDetailA,CreateFileA,CloseHandle,SetupDiDestroyDeviceInfoList,IsDlgButtonChecked,IsDlgButtonChecked,GetLastError,??3@YAXPEAX@Z,SetLastError,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,IsDlgButtonChecked,GetDlgItem,IsDlgButtonChecked,??3@YAXPEAX@Z,11_2_00007FF6ED2E309E
Source: C:\Users\user\Downloads\rufus-4.4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Disable Windows Defender real time protection (registry)
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DE605FE2-09C4-4631-B97D-8938F5DCD9EB}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableRealtimeMonitoring 1Jump to behavior
Modifies Group Policy settings
Source: C:\Users\user\Downloads\rufus-4.4.exeFile written: C:\Windows\System32\GroupPolicy\gpt.iniJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure11
Replication Through Removable Media		2
Command and Scripting Interpreter		1
LSASS Driver		1
Access Token Manipulation		1
Masquerading		OS Credential Dumping1
Query Registry		Remote Services1
Archive Collected Data		21
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Process Injection		2
Disable or Modify Tools		LSASS Memory1
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
LSASS Driver		1
Access Token Manipulation		Security Account Manager1
Network Service Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		1
Process Injection		NTDS1
Peripheral Device Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Bypass User Account Control		1
Deobfuscate/Decode Files or Information		LSA Secrets3
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
Obfuscated Files or Information		Cached Domain Credentials22
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Software Packing		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Bypass User Account Control		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://therufus.org/download.php0%Avira URL Cloudsafe
https://therufus.org/download.php0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Downloads\Unconfirmed 379648.crdownload0%ReversingLabs
C:\Users\user\Downloads\Unconfirmed 379648.crdownload0%VirustotalBrowse
C:\Users\user\Downloads\rufus-4.4.exe (copy)0%ReversingLabs
C:\Users\user\Downloads\rufus-4.4.exe (copy)0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
objects.githubusercontent.com2%VirustotalBrowse
therufus.org0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#0%Avira URL Cloudsafe
http://ocsp.sectigo.com00%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%Avira URL Cloudsafe
https://kolibrios.org/0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%VirustotalBrowse
https://kolibrios.org/1%VirustotalBrowse
https://rufus.ie).0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#0%VirustotalBrowse
https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:0%Avira URL Cloudsafe
https://rufus.ie/Fido.ver0%Avira URL Cloudsafe
http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm0%Avira URL Cloudsafe
https://rufus.ieopen321Failed0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%VirustotalBrowse
https://rufus.ieRufusRunning0%Avira URL Cloudsafe
http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm0%VirustotalBrowse
https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:0%VirustotalBrowse
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl00%Avira URL Cloudsafe
https://rufus.ie/CheckForBetashttps://rufus.ieUsing0%Avira URL Cloudsafe
https://rufus.ie/0%Avira URL Cloudsafe
https://rufus.ie/Fido.ver0%VirustotalBrowse
https://sectigo.com/CPS00%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl00%VirustotalBrowse
https://rufus.ie0%Avira URL Cloudsafe
http://halamix2.pl0%Avira URL Cloudsafe
https://rufus.ie/0%VirustotalBrowse
https://rufus.ie/files0%Avira URL Cloudsafe
https://rufus.ie/CheckForBetashttps://rufus.ieUsing0%VirustotalBrowse
https://axialis.com/0%Avira URL Cloudsafe
https://sectigo.com/CPS00%VirustotalBrowse
https://syslinux.org/0%Avira URL Cloudsafe
https://rufus.ie/files0%VirustotalBrowse
https://rufus.ie/files%s/%s-%s/%sGrub2%s0%Avira URL Cloudsafe
https://axialis.com/0%VirustotalBrowse
https://rufus.ie/files%s/%s-%s/%sGrub2%s0%VirustotalBrowse
http://halamix2.pl0%VirustotalBrowse
https://syslinux.org/1%VirustotalBrowse
http://ocsp.sectigo.com0$0%Avira URL Cloudsafe
https://rufus.ie0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
github.com
140.82.113.3
truefalse
    		high
    therufus.org
    		104.21.65.18
    		truefalseunknown
    www.google.com
    		142.251.16.99
    		truefalse
      		high
      objects.githubusercontent.com
      		185.199.110.133
      		truefalseunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://spclient.wg.spotify.com/v1/live-tile-xml?region=GB&language=en-USfalse
        		high
        https://therufus.org/download.phpfalse
          		unknown
          https://github.com/pbatard/rufus/releases/download/v4.4/rufus-4.4.exefalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://tortoisesvn.net/rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
              		high
              https://github.com/libtom/libtomcryptrufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                		high
                https://www.gnu.org/software/fdiskrufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                  		high
                  https://www.gnu.org/software/grubrufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                    		high
                    http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ocsp.sectigo.com0rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://systeminformer.sourceforge.io/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                      		high
                      https://svn.reactos.org/reactos/trunkrufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                        		high
                        http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://github.com/cupofocharufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp, RufA552.tmp.11.drfalse
                          		high
                          https://www.busybox.net/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                            		high
                            https://bit.ly/40qDtyF.rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                              		high
                              https://tortoisegit.org/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                		high
                                https://kolibrios.org/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                • 1%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://winscp.net/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                  		high
                                  http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://svn.reactos.org/reactos/trunk/reactos/dll/win32/fmifsrufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                    		high
                                    https://rufus.ie).rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://sourceforge.net/projects/smartmontoolsrufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                      		high
                                      https://www.gnu.org/licenses/gpl-3.0.htmlDrufus-4.4.exe, 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmp, rufus-4.4.exe, 0000000B.00000000.68277865502.00007FF6ED6B4000.00000008.00000001.01000000.00000006.sdmp, Unconfirmed 379648.crdownload.0.drfalse
                                        		high
                                        https://github.com/weidai11/cryptopp/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                          		high
                                          http://e2fsprogs.sourceforge.net/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                            		high
                                            https://github.com/pbatard/rufus/issuesrufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                              		high
                                              https://7-zip.org/openESPWarning:rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                		high
                                                https://www.gnupg.org/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                  		high
                                                  https://gist.github.com/mattifestation/92e545bf1ee5b68eeb71d254cec2f78erufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                    		high
                                                    http://ms-sys.sourceforge.net/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                      		high
                                                      https://rufus.ie/Fido.verrufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://github.com/SiderealArtrufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp, RufA552.tmp.11.drfalse
                                                        		high
                                                        https://www.reactos.org/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                          		high
                                                          http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htmrufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                          • 0%, Virustotal, Browse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://rufus.ieopen321Failedrufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://rufus.ieRufusRunningrufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drfalse
                                                          • 0%, Virustotal, Browse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://rufus.ie/CheckForBetashttps://rufus.ieUsingrufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                          • 0%, Virustotal, Browse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://rufus.ie/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                          • 0%, Virustotal, Browse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://sectigo.com/CPS0rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drfalse
                                                          • 0%, Virustotal, Browse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://github.com/kokke/tiny-regex-crufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                            		high
                                                            https://rufus.ierufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Unconfirmed 379648.crdownload.0.drfalse
                                                            • 0%, Virustotal, Browse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://halamix2.plrufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp, RufA552.tmp.11.drfalse
                                                            • 0%, Virustotal, Browse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.gnu.org/software/wgetrufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                              		high
                                                              https://github.com/pbatard/rufus/wiki/FAQ#bsods-with-windows-to-go-drives-created-from-windows-10-18rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                		high
                                                                https://rufus.ie/filesrufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                • 0%, Virustotal, Browse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://goo.gl/QTobxX.;rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                  		high
                                                                  https://axialis.com/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                  • 0%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.freedos.org/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                    		high
                                                                    https://github.com/pbatard/bledrufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                      		high
                                                                      https://github.com/pbatard/rufus/blob/master/res/loc/ChangeLog.txtrufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                        		high
                                                                        https://syslinux.org/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                        • 1%, Virustotal, Browse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://rufus.ie/files%s/%s-%s/%sGrub2%srufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                        • 0%, Virustotal, Browse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.codeguru.com/forum/showthread.php?p=1951973rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                          		high
                                                                          http://ocsp.sectigo.com0$rufus-4.4.exe, 0000000B.00000002.68342609287.0000026DEBE97000.00000004.00000020.00020000.00000000.sdmp, Unconfirmed 379648.crdownload.0.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		low
                                                                          https://github.com/pbatard/uefi-ntfs.rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                            		high
                                                                            https://github.com/u-boot/u-bootrufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                              		high
                                                                              https://github.com/pbatard/Fidorufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                                		high
                                                                                https://github.com/chenall/grub4dosrufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/Chocobo1rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmp, RufA552.tmp.11.drfalse
                                                                                    		high
                                                                                    https://un.akeo.ierufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                                      		high
                                                                                      http://fsf.org/rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                                        		high
                                                                                        http://freedos.sourceforge.net/freecomrufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                                          		high
                                                                                          https://7-zip.org/rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                                            		high
                                                                                            https://goo.gl/QTobxX.rufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                                              		high
                                                                                              https://www.gnu.org/software/libcdiorufus-4.4.exe, rufus-4.4.exe, 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpfalse
                                                                                                		high

                                                                                                World Map of Contacted IPs

                                                                                                • No. of IPs < 25%
                                                                                                • 25% < No. of IPs < 50%
                                                                                                • 50% < No. of IPs < 75%
                                                                                                • 75% < No. of IPs

                                                                                                Public IPs

                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                140.82.113.3
                                                                                                		github.comUnited States
                                                                                                		36459GITHUBUSfalse
                                                                                                239.255.255.250
                                                                                                		unknownReserved
                                                                                                		unknownunknownfalse
                                                                                                104.21.65.18
                                                                                                		therufus.orgUnited States
                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                142.251.16.99
                                                                                                		www.google.comUnited States
                                                                                                		15169GOOGLEUSfalse
                                                                                                185.199.110.133
                                                                                                		objects.githubusercontent.comNetherlands
                                                                                                		54113FASTLYUSfalse

                                                                                                Private

                                                                                                IP
                                                                                                192.168.11.20

                                                                                                General Information

                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                Analysis ID:1431972
                                                                                                Start date and time:2024-04-26 06:02:13 +02:00
                                                                                                Joe Sandbox product:CloudBasic
                                                                                                Overall analysis duration:0h 6m 11s
                                                                                                Hypervisor based Inspection enabled:false
                                                                                                Report type:full
                                                                                                Cookbook file name:browseurl.jbs
                                                                                                Sample URL:https://therufus.org/download.php
                                                                                                Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                Run name:Potential for more IOCs and behavior
                                                                                                Number of analysed new started processes analysed:20
                                                                                                Number of new started drivers analysed:0
                                                                                                Number of existing processes analysed:0
                                                                                                Number of existing drivers analysed:0
                                                                                                Number of injected processes analysed:0
                                                                                                Technologies:
                                                                                                • HCA enabled
                                                                                                • EGA enabled
                                                                                                • AMSI enabled
                                                                                                Analysis Mode:default
                                                                                                Analysis stop reason:Timeout
                                                                                                Detection:MAL
                                                                                                Classification:mal52.spre.evad.win@35/6@6/6
                                                                                                EGA Information:
                                                                                                • Successful, ratio: 100%
                                                                                                HCA Information:Failed

                                                                                                Warnings

                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, CompPkgSrv.exe, svchost.exe
                                                                                                • Excluded IPs from analysis (whitelisted): 142.251.167.94, 172.253.63.84, 64.233.180.102, 64.233.180.100, 64.233.180.139, 64.233.180.101, 64.233.180.113, 64.233.180.138, 34.104.35.123, 142.250.31.94, 142.251.163.94, 142.251.16.94, 20.190.9.86, 23.222.201.247, 23.222.201.169, 52.143.80.209, 40.91.80.89
                                                                                                • Excluded domains from analysis (whitelisted): spclient.wg.spotify.com, e12437.d.akamaiedge.net, geover.prod.do.dsp.mp.microsoft.com, geo.prod.do.dsp.trafficmanager.net, accounts.google.com, geo.prod.do.dsp.mp.microsoft.com, cp801.prod.do.dsp.mp.microsoft.com, clientservices.googleapis.com, cp801.prod.do.dsp.mp.microsoft.com.edgekey.net, disc801.prod.do.dsp.mp.microsoft.com, e10370.d.akamaiedge.net, disc801.prod.do.dsp.mp.microsoft.com.edgekey.net, clients2.google.com, array801.prod.do.dsp.mp.microsoft.com, edgedl.me.gvt1.com, array810.prod.do.dsp.mp.microsoft.com, update.googleapis.com, array805.prod.do.dsp.mp.microsoft.com, clients.l.google.com, www.gstatic.com, geover.prod.do.dsp.mp.microsoft.com.edgekey.net
                                                                                                • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.

                                                                                                Simulations

                                                                                                Behavior and APIs

                                                                                                No simulations

                                                                                                Joe Sandbox View / Context

                                                                                                IPs

                                                                                                No context

                                                                                                Domains

                                                                                                No context

                                                                                                ASNs

                                                                                                No context

                                                                                                JA3 Fingerprints

                                                                                                No context

                                                                                                Dropped Files

                                                                                                No context

                                                                                                Created / dropped Files

                                                                                                C:\Users\user\AppData\Local\Temp\RufA552.tmp

                                                                                                Download File
                                                                                                Process:C:\Users\user\Downloads\rufus-4.4.exe
                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (555), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1110340
                                                                                                Entropy (8bit):6.377687204868055
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:6sOjPHrtqzy96KTFpNIu/1/VvjIWjzYRpoeJoiWzFhYnUt35IApsS3siHgi0Lcyt:6se96Kl7PjIQne2iWzFhYUt3qGGnj
                                                                                                MD5:F7204FBC5D78282AA1BF46EF1A806D46
                                                                                                SHA1:6C46D3EDE01A03CB6D1184C804E561187B4FBF70
                                                                                                SHA-256:8DDC928624AB5B4AFC2D26E27BD224959FF1318F9494372DF7780C4A95D3DB16
                                                                                                SHA-512:E9003D08F48BEC0CB115C816BE984745F939938A00308E4FBAAD60F9A3C227DDA2D858D0129157BC09D910DD041D0F8ECEA527959257DFE641A79975744C6437
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:l "en-US" "English (English)" 0x0409, 0x0809, 0x0c09, 0x1009, 0x1409, 0x1809, 0x1c09, 0x2009, 0x2409, 0x2809, 0x2c09, 0x3009, 0x3409, 0x3809, 0x3c09, 0x4009, 0x4409, 0x4809..v 3.22..t MSG_001 "Other instance detected"..t MSG_002 "Another Rufus application is running.\n"..."Please close the first application before running another one."..t MSG_003 "WARNING: ALL DATA ON DEVICE '%s' WILL BE DESTROYED.\n"..."To continue with this operation, click OK. To quit click CANCEL."..t MSG_004 "Rufus update policy"..t MSG_005 "Do you want to allow Rufus to check for application updates online?"..t MSG_006 "Close"..t MSG_007 "Cancel"..t MSG_008 "Yes"..t MSG_009 "No"..t MSG_010 "Bad blocks found"..t MSG_011 "Check completed: %d bad block(s) found\n"..." %d read error(s)\n %d write error(s)\n %d corruption error(s)"..t MSG_012 "%s\nA more detailed report can be found in:\n%s"..t MSG_013 "Disabled"..t MSG_014 "Daily"..t MSG_015 "Weekly"..t MSG_016 "Monthly"..t MSG_017 "Custom"..t MSG_018 "Your versio

                                                                                                C:\Users\user\Downloads\Unconfirmed 379648.crdownload

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):1432648
                                                                                                Entropy (8bit):7.97162156729447
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:wOyBSB04yZT5Z6iqUbVEMs6MrhXlPrBnr/TwcEgzXIdVWLpuL94q:XgZT5ZSU1fUhXhrBnbTbaAIt
                                                                                                MD5:7A4662BB7F331D2252F3D949657D821D
                                                                                                SHA1:AD53FDDFBCEAD7B3E6C322C0AAD8C4A826BD4967
                                                                                                SHA-256:42CDB16F6DD64C4FEC30C7A71960FE4D0015862C37E7B02C8DBA5C0D68384C74
                                                                                                SHA-512:A1D111FC91CD470D36BD4640884B3550C6A4035E8C5BC5176DC9F67AA2EF8BE6FC12956D0B351C272D8BB89646546DAC868B32D1D1985DEE86FFB6E971B14F3F
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                Reputation:low
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...:.e...............)......... (.p2=..0(....@..............................=...........`... ...............................................=......@=......@..@J......H$..|.=..............................>=.(...................................................UPX0..... (.............................UPX1.........0(.....................@....rsrc........@=.....................@...4.22.UPX!.$....9'.....=.C.....7.I......a..\.."...,J=.Q&*.d.........6.;2......R.w!...Y..2haM|?...;w^.]...6C;..{...I.3.<rb.g...J....g.~..F'xB.".=.~SE[|.'>z.....B/~..[.u....-...D....J0..PKbN.F..`.R+.....>.f=.....GB+..:.Y,.+.A.b^..D'.!.f..I..h...E.2.....If....y...v..?.x..5,..{..K...<.........S....$...."v.N@....\."...:.6...Fv.d+.x..y,...V......8......z....(U.-Y......A..9)F.Z..!M.fm.q..+....{A.t.k..Y:..y.I..|...N.....4..z....j.2..WB.....2q..M....4.5.Z9....;.y

                                                                                                C:\Users\user\Downloads\a334bdac-aeb5-4013-986b-f4215f2d5b31.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):16384
                                                                                                Entropy (8bit):7.952074021819274
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:Fiy8iU5mJNaQl8PR5zxZwLsJ8trqv7c9u5tiRpl:Fg88Ql81we7+eovl
                                                                                                MD5:A183D7113ABFD26EBC6870AABEB2A3D2
                                                                                                SHA1:07702037F633335B9F259137993C7072FF8532A9
                                                                                                SHA-256:4D821BBD48B527EDC1E7B788CD5424D46747117866A4C27D06E500F09814993B
                                                                                                SHA-512:4992D016773AE56B44C949C56EC84AB15B1648F9CE30E7D83FBD77333B1F255F4815710CA3654C70432A9D15AB8DDB259779F7C73F5EC674383E788258855A39
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...:.e...............)......... (.p2=..0(....@..............................=...........`... ...............................................=......@=......@..@J......H$..|.=..............................>=.(...................................................UPX0..... (.............................UPX1.........0(.....................@....rsrc........@=.....................@...4.22.UPX!.$....9'.....=.C.....7.I......a..\.."...,J=.Q&*.d.........6.;2......R.w!...Y..2haM|?...;w^.]...6C;..{...I.3.<rb.g...J....g.~..F'xB.".=.~SE[|.'>z.....B/~..[.u....-...D....J0..PKbN.F..`.R+.....>.f=.....GB+..:.Y,.+.A.b^..D'.!.f..I..h...E.2.....If....y...v..?.x..5,..{..K...<.........S....$...."v.N@....\."...:.6...Fv.d+.x..y,...V......8......z....(U.-Y......A..9)F.Z..!M.fm.q..+....{A.t.k..Y:..y.I..|...N.....4..z....j.2..WB.....2q..M....4.5.Z9....;.y

                                                                                                C:\Users\user\Downloads\rufus-4.4.exe (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):1432648
                                                                                                Entropy (8bit):7.97162156729447
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:wOyBSB04yZT5Z6iqUbVEMs6MrhXlPrBnr/TwcEgzXIdVWLpuL94q:XgZT5ZSU1fUhXhrBnbTbaAIt
                                                                                                MD5:7A4662BB7F331D2252F3D949657D821D
                                                                                                SHA1:AD53FDDFBCEAD7B3E6C322C0AAD8C4A826BD4967
                                                                                                SHA-256:42CDB16F6DD64C4FEC30C7A71960FE4D0015862C37E7B02C8DBA5C0D68384C74
                                                                                                SHA-512:A1D111FC91CD470D36BD4640884B3550C6A4035E8C5BC5176DC9F67AA2EF8BE6FC12956D0B351C272D8BB89646546DAC868B32D1D1985DEE86FFB6E971B14F3F
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                Reputation:low
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...:.e...............)......... (.p2=..0(....@..............................=...........`... ...............................................=......@=......@..@J......H$..|.=..............................>=.(...................................................UPX0..... (.............................UPX1.........0(.....................@....rsrc........@=.....................@...4.22.UPX!.$....9'.....=.C.....7.I......a..\.."...,J=.Q&*.d.........6.;2......R.w!...Y..2haM|?...;w^.]...6C;..{...I.3.<rb.g...J....g.~..F'xB.".=.~SE[|.'>z.....B/~..[.u....-...D....J0..PKbN.F..`.R+.....>.f=.....GB+..:.Y,.+.A.b^..D'.!.f..I..h...E.2.....If....y...v..?.x..5,..{..K...<.........S....$...."v.N@....\."...:.6...Fv.d+.x..y,...V......8......z....(U.-Y......A..9)F.Z..!M.fm.q..+....{A.t.k..Y:..y.I..|...N.....4..z....j.2..WB.....2q..M....4.5.Z9....;.y

                                                                                                C:\Windows\System32\GroupPolicy\Machine\Registry.pol

                                                                                                Download File
                                                                                                Process:C:\Users\user\Downloads\rufus-4.4.exe
                                                                                                File Type:RAGE Package Format (RPF),
                                                                                                Category:dropped
                                                                                                Size (bytes):398
                                                                                                Entropy (8bit):3.28196439949633
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:CfEEaW+ANbV67GmFA+EEbEW+ojWr+feSbMltBOhme:wElANp67K+EncdeRtBu
                                                                                                MD5:4946398D5DBA961441333377D045E156
                                                                                                SHA1:050DA342B48580A5F780BF4E4A98FEE9624EDFA4
                                                                                                SHA-256:A011BC1C63779352610B61588500CF64E84F4C1AFF961CB6AADEA66E15F0C386
                                                                                                SHA-512:315A46300A9EE9DC448DE8F635465D1CB62286720FB89DF6EF95175DBF46F99E937E4563AC3357A95192D0FA009C9C6CD0EA5856F7BE21D06F41F15D09469531
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:PReg....[.S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.C.u.r.r.e.n.t.V.e.r.s.i.o.n.\.P.o.l.i.c.i.e.s.\.E.x.p.l.o.r.e.r...;.N.o.D.r.i.v.e.T.y.p.e.A.u.t.o.r.u.n...;.....;.....;.....].[.S.o.f.t.w.a.r.e.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.R.e.a.l.-.T.i.m.e. .P.r.o.t.e.c.t.i.o.n...;.D.i.s.a.b.l.e.R.e.a.l.t.i.m.e.M.o.n.i.t.o.r.i.n.g...;.....;.....;.....].

                                                                                                C:\Windows\System32\GroupPolicy\gpt.ini

                                                                                                Download File
                                                                                                Process:C:\Users\user\Downloads\rufus-4.4.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:modified
                                                                                                Size (bytes):203
                                                                                                Entropy (8bit):4.729218757631926
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:1ELGUAgKLMzY+eWgTckbnnnVdO/ididid/V7WRERvI3o5a1gaEdpkSTtorFLsRov:1WsMzYHxbnnXO/GGG/W3o5Rnn3zy
                                                                                                MD5:0F35BDCD9B50950D25FD19017EB9B2E1
                                                                                                SHA1:C0DAD132E532240C4CC77FCB221C4762D65B6A0D
                                                                                                SHA-256:A48720ECD059CFF958590401B6942A93E3B9C20394194F283D3C4E4AED0A4A6F
                                                                                                SHA-512:E466E9ED763632063D07B85860B55F33A66C91DA28774AB8771911F99817D080226833284B5EAF9F7EDBEED982B1B675543C79FE1BC0433F2513D6B550D0DC90
                                                                                                Malicious:true
                                                                                                Reputation:low
                                                                                                Preview:[General]..gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{00000000-0000-0000-0000-000000000000}{3D271CFC-2BC6-4AC2-B633-3BDFF5BDAB2A}{D02B1F72-3407-48AE-BA88-E8213C6761F1}]..Version=4..

                                                                                                Static File Info

                                                                                                No static file info

                                                                                                File Icon

                                                                                                Icon Hash:b29a8a8e86868381

                                                                                                Network Behavior

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Apr 26, 2024 06:04:06.971437931 CEST49821443192.168.11.2023.34.240.112
                                                                                                Apr 26, 2024 06:04:14.943449974 CEST50257443192.168.11.2035.186.224.25
                                                                                                Apr 26, 2024 06:04:14.943541050 CEST4435025735.186.224.25192.168.11.20
                                                                                                Apr 26, 2024 06:04:14.943820953 CEST50257443192.168.11.2035.186.224.25
                                                                                                Apr 26, 2024 06:04:14.944004059 CEST50257443192.168.11.2035.186.224.25
                                                                                                Apr 26, 2024 06:04:14.944058895 CEST4435025735.186.224.25192.168.11.20
                                                                                                Apr 26, 2024 06:04:15.166431904 CEST4435025735.186.224.25192.168.11.20
                                                                                                Apr 26, 2024 06:04:15.166696072 CEST50257443192.168.11.2035.186.224.25
                                                                                                Apr 26, 2024 06:04:15.168318987 CEST50257443192.168.11.2035.186.224.25
                                                                                                Apr 26, 2024 06:04:15.168333054 CEST4435025735.186.224.25192.168.11.20
                                                                                                Apr 26, 2024 06:04:15.168628931 CEST4435025735.186.224.25192.168.11.20
                                                                                                Apr 26, 2024 06:04:15.179470062 CEST50257443192.168.11.2035.186.224.25
                                                                                                Apr 26, 2024 06:04:15.220249891 CEST4435025735.186.224.25192.168.11.20
                                                                                                Apr 26, 2024 06:04:15.395382881 CEST4435025735.186.224.25192.168.11.20
                                                                                                Apr 26, 2024 06:04:15.395576000 CEST4435025735.186.224.25192.168.11.20
                                                                                                Apr 26, 2024 06:04:15.395725965 CEST50257443192.168.11.2035.186.224.25
                                                                                                Apr 26, 2024 06:04:15.395840883 CEST50257443192.168.11.2035.186.224.25
                                                                                                Apr 26, 2024 06:04:15.395842075 CEST50257443192.168.11.2035.186.224.25
                                                                                                Apr 26, 2024 06:04:15.395859003 CEST4435025735.186.224.25192.168.11.20
                                                                                                Apr 26, 2024 06:04:15.395864964 CEST4435025735.186.224.25192.168.11.20
                                                                                                Apr 26, 2024 06:04:16.572799921 CEST49821443192.168.11.2023.34.240.112
                                                                                                Apr 26, 2024 06:04:18.135221004 CEST54944443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.135241032 CEST44354944104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.135428905 CEST54944443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.135428905 CEST49316443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.135442019 CEST44349316104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.135574102 CEST54944443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.135581970 CEST44354944104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.135611057 CEST49316443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.135796070 CEST49316443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.135809898 CEST44349316104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.344088078 CEST44349316104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.344214916 CEST44354944104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.344412088 CEST49316443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.344420910 CEST44349316104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.344501972 CEST54944443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.344511032 CEST44354944104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.345390081 CEST44349316104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.345587969 CEST49316443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.345830917 CEST44354944104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.346179008 CEST54944443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.346668959 CEST49316443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.346781015 CEST49316443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.346787930 CEST44349316104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.347074986 CEST54944443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.347199917 CEST44354944104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.388184071 CEST44349316104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.400002956 CEST54944443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.400012970 CEST44354944104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.400058985 CEST49316443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.400074959 CEST44349316104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.446892023 CEST54944443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:18.446917057 CEST49316443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:19.016737938 CEST44349316104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.016891956 CEST44349316104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.017016888 CEST49316443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:19.017359018 CEST49316443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:19.017359972 CEST49316443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:19.017400026 CEST44349316104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.017704010 CEST49316443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:19.118904114 CEST50525443192.168.11.20140.82.113.3
                                                                                                Apr 26, 2024 06:04:19.118946075 CEST44350525140.82.113.3192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.119189978 CEST50525443192.168.11.20140.82.113.3
                                                                                                Apr 26, 2024 06:04:19.119240046 CEST50525443192.168.11.20140.82.113.3
                                                                                                Apr 26, 2024 06:04:19.119262934 CEST44350525140.82.113.3192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.333700895 CEST44350525140.82.113.3192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.334017038 CEST50525443192.168.11.20140.82.113.3
                                                                                                Apr 26, 2024 06:04:19.334034920 CEST44350525140.82.113.3192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.335464001 CEST44350525140.82.113.3192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.335747957 CEST50525443192.168.11.20140.82.113.3
                                                                                                Apr 26, 2024 06:04:19.336741924 CEST50525443192.168.11.20140.82.113.3
                                                                                                Apr 26, 2024 06:04:19.336841106 CEST50525443192.168.11.20140.82.113.3
                                                                                                Apr 26, 2024 06:04:19.336853027 CEST44350525140.82.113.3192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.336895943 CEST44350525140.82.113.3192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.387784958 CEST50525443192.168.11.20140.82.113.3
                                                                                                Apr 26, 2024 06:04:19.387804031 CEST44350525140.82.113.3192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.435630083 CEST50525443192.168.11.20140.82.113.3
                                                                                                Apr 26, 2024 06:04:19.563728094 CEST44350525140.82.113.3192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.564012051 CEST44350525140.82.113.3192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.564122915 CEST44350525140.82.113.3192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.564142942 CEST50525443192.168.11.20140.82.113.3
                                                                                                Apr 26, 2024 06:04:19.564233065 CEST50525443192.168.11.20140.82.113.3
                                                                                                Apr 26, 2024 06:04:19.564569950 CEST50525443192.168.11.20140.82.113.3
                                                                                                Apr 26, 2024 06:04:19.564591885 CEST44350525140.82.113.3192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.666807890 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:19.666835070 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.667000055 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:19.667192936 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:19.667210102 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.884969950 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.885314941 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:19.885323048 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.886280060 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.886455059 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:19.887636900 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:19.887742996 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.887777090 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:19.932179928 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.937366962 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:19.937376022 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.983319998 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.127680063 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.142095089 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.142101049 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.142191887 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.142198086 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.142200947 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.142290115 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.142334938 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.142355919 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.142430067 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.142441034 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.142643929 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.163170099 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.163176060 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.163264990 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.163269043 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.163336039 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.163520098 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.163530111 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.204708099 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.243355989 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.243361950 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.243473053 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.243542910 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.243654013 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.243664980 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.243720055 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.243861914 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.260752916 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.260772943 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.260958910 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.261127949 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.261137962 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.261310101 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.273994923 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.274017096 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.274192095 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.274348021 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.274358988 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.274561882 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.285093069 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.285113096 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.285345078 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.285356045 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.285429001 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.285589933 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.343945980 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.343966961 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.344207048 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.344232082 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.344378948 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.344454050 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.353792906 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.353812933 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.353986979 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.354070902 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.354080915 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.354259014 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.354351997 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.362782001 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.362802029 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.363023996 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.363049030 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.363079071 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.363384962 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.371562958 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.371582985 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.371745110 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.371822119 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.371831894 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.371990919 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.372037888 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.379264116 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.379285097 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.379467010 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.379533052 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.379543066 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.379662037 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.379817963 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.385843992 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.385864019 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.386013031 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.386096001 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.386106014 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.386182070 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.386305094 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.392806053 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.392826080 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.393048048 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.393223047 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.393233061 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.393532991 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.398475885 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.398514032 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.398652077 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.398809910 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.398833990 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.399127960 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.441406012 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.441426992 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.441725969 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.441736937 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.442091942 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.444998026 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.445152044 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.445154905 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.445312977 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.445323944 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.445524931 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.451183081 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.451220989 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.451500893 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.451510906 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.451581001 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.451658010 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.456245899 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.456293106 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.456461906 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.456471920 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.456538916 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.456693888 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.461460114 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.461478949 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.461625099 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.461685896 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.461685896 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.461693048 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.461869955 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.466123104 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.466140985 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.466404915 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.466413021 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.466614008 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.470417023 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.470434904 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.470591068 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.470659018 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.470659018 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.470665932 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.470838070 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.474797964 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.474816084 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.474989891 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.475035906 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.475042105 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.475128889 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.475274086 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.479059935 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.479077101 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.479305029 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.479314089 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.479397058 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.479543924 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.482836008 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.482852936 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.483175039 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.483184099 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.483411074 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.487142086 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.487159014 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.487466097 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.487473965 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.487651110 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.490789890 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.490807056 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.491018057 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.491018057 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.491040945 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.491143942 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.491247892 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.494083881 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.494102001 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.494335890 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.494343996 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.494473934 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.494580030 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.497419119 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.497437954 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.497597933 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.497644901 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.497665882 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.497826099 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.497876883 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.501070976 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.501089096 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.501302004 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.501308918 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.501351118 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.501429081 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.501518011 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.504285097 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.504302979 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.504533052 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.504601002 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.504607916 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.504820108 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.507451057 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.507468939 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.507668018 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.507675886 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.507734060 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.507858992 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.536750078 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.536771059 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.537069082 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.537080050 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.537406921 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.546308041 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.546349049 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.546502113 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.546502113 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.546514988 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.546601057 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.546821117 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.549880981 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.549901009 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.550069094 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.550069094 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.550193071 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.550203085 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.550421000 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.552731037 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.552751064 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.552962065 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.553047895 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.553057909 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.553308010 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.555392981 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.555409908 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.555607080 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.555607080 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.555619955 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.555742979 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.555892944 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.557979107 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.557996035 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.558255911 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.558267117 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.558325052 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.558481932 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.560729027 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.560745001 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.560904026 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.560920954 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.560928106 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.561042070 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.561206102 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.563141108 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.563153028 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.563473940 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.563498974 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.563810110 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.565967083 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.565983057 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.566133022 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.566262007 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.566272974 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.566406965 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.568074942 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.568092108 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.568295002 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.568305969 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.568424940 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.568528891 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.570782900 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.570811033 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.570949078 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.571016073 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.571022987 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.571141005 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.571316957 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.572839975 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.572856903 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.573003054 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.573080063 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.573086023 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.573178053 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.573268890 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.575170994 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.575200081 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.575402021 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.575409889 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.575582981 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.577204943 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.577222109 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.577435017 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.577456951 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.577543020 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.577661991 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.579751968 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.579767942 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.579983950 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.580005884 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.580158949 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.580250025 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.581422091 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.581433058 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.581676006 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.581682920 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.581859112 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.581943989 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.583759069 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.583791018 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.583981037 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.583992004 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.584177971 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.585984945 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.586000919 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.586205006 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.586225986 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.586308002 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.586486101 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.587999105 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.588015079 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.588243961 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.588267088 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.588335037 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.588507891 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.589821100 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.589837074 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.590066910 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.590075970 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.590193987 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.590286016 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.591811895 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.591840982 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.592015982 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.592025042 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.592149019 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.592262030 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.593580008 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.593611002 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.593837976 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.593846083 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.593903065 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.594037056 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.595699072 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.595715046 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.595858097 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.595916033 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.595922947 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.596085072 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.597389936 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.597407103 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.597713947 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.597722054 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.597903967 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.599083900 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.599112034 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.599303007 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.599309921 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.599360943 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.599489927 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.601129055 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.601145983 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.601299047 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.601358891 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.601378918 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.601419926 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.601593971 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.602693081 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.602721930 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.602866888 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.602909088 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.602914095 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.602999926 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.603183031 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.604266882 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.604279995 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.604509115 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.604517937 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.604703903 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.605808020 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.605823040 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.606133938 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.606141090 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.606184959 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.606353998 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.607640982 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.607652903 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.607810974 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.607875109 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.607880116 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.607991934 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.608175039 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.609273911 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.609291077 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.609538078 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.609546900 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.609580040 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.609716892 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.610596895 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.610608101 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.610749006 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.610891104 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.610898018 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.611078978 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.612489939 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.612518072 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.612713099 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.612721920 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.612854958 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.612974882 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.614078999 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.614094973 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.614243984 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.614324093 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.614331007 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.614473104 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.641743898 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.641766071 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.642085075 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.642095089 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.642102957 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.642268896 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.649926901 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.649946928 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.650192976 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.650243998 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.650265932 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.650333881 CEST50820443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.650350094 CEST44350820142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.650413036 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.650418997 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.650425911 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.650502920 CEST61836443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.650517941 CEST44361836142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.650585890 CEST50820443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.650633097 CEST61836443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.650635004 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.650806904 CEST50820443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.650815010 CEST44350820142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.650883913 CEST61836443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.650893927 CEST44361836142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.651750088 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.651762009 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.651961088 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.652009964 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.652017117 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.652254105 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.653290033 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.653300047 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.653481007 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.653558969 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.653569937 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.653805971 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.654848099 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.654859066 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.655092955 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.655117035 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.655174017 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.655348063 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.656297922 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.656315088 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.656549931 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.656574965 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.656699896 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.656761885 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.657763958 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.657778025 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.657957077 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.657979012 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.657984972 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.658061028 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.658212900 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.659277916 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.659293890 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.659652948 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.659672976 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.659986973 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.660537004 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.660551071 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.660741091 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.660834074 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.660856962 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.661109924 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.662035942 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.662050009 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.662296057 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.662306070 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.662375927 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.662477016 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.663188934 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.663203001 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.663433075 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.663443089 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.663611889 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.663705111 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.665210962 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.665222883 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.665415049 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.665426016 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.665569067 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.665713072 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.669847012 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.669859886 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.670144081 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.670166969 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.670346975 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.673592091 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.673608065 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.673825026 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.673825026 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.673837900 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.673950911 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.674015045 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.679152012 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.679167986 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.679332972 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.679408073 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.679419041 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.679495096 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.679651976 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.680586100 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.680600882 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.680825949 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.680836916 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.680978060 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.681085110 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.682121992 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.682137012 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.682307005 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.682399988 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.682424068 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.682614088 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.683247089 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.683262110 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.683607101 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.683617115 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.683788061 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.686397076 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.686413050 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.686604023 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.686628103 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.686635971 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.686801910 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.688009977 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.688024998 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.688222885 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.688251019 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.688338995 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.688508034 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.792999983 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.793013096 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.793067932 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.793171883 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.793312073 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.793375015 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.793533087 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.793730021 CEST61436443192.168.11.20185.199.110.133
                                                                                                Apr 26, 2024 06:04:20.793742895 CEST44361436185.199.110.133192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.868091106 CEST44350820142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.868464947 CEST50820443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.868469000 CEST44350820142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.869220972 CEST44361836142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.869602919 CEST44350820142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.869613886 CEST61836443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.869621992 CEST44361836142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.869801044 CEST50820443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.870620966 CEST44361836142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.870779037 CEST61836443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.871129036 CEST50820443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.871228933 CEST44350820142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.871741056 CEST61836443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.871828079 CEST44361836142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.911339045 CEST61836443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.911346912 CEST44361836142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.911376953 CEST50820443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.911385059 CEST44350820142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.957148075 CEST61836443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:20.957149982 CEST50820443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:30.890014887 CEST44350820142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:30.890070915 CEST44350820142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:30.890260935 CEST50820443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:30.933490038 CEST44361836142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:30.933525085 CEST44361836142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:30.933653116 CEST61836443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:32.058577061 CEST61836443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:32.058593988 CEST44361836142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:32.058598995 CEST50820443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:04:32.058610916 CEST44350820142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:04:33.334516048 CEST44354944104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:33.334590912 CEST44354944104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:04:33.334688902 CEST54944443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:34.339009047 CEST54944443192.168.11.20104.21.65.18
                                                                                                Apr 26, 2024 06:04:34.339035034 CEST44354944104.21.65.18192.168.11.20
                                                                                                Apr 26, 2024 06:05:20.600831985 CEST49874443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:20.600855112 CEST44349874142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:20.600979090 CEST58808443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:20.600994110 CEST44358808142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:20.601035118 CEST49874443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:20.601109028 CEST58808443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:20.601214886 CEST49874443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:20.601223946 CEST44349874142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:20.601301908 CEST58808443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:20.601315975 CEST44358808142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:20.815869093 CEST44358808142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:20.816121101 CEST44349874142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:20.816215038 CEST58808443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:20.816232920 CEST44358808142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:20.816422939 CEST49874443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:20.816451073 CEST44349874142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:20.817137003 CEST44358808142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:20.817295074 CEST44349874142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:20.817564011 CEST58808443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:20.817735910 CEST44358808142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:20.817799091 CEST49874443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:20.817965984 CEST44349874142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:20.859355927 CEST58808443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:20.859416008 CEST49874443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:30.815655947 CEST44358808142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:30.815705061 CEST44358808142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:30.815913916 CEST58808443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:30.846848011 CEST44349874142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:30.846915007 CEST44349874142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:30.847043991 CEST49874443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:33.806406021 CEST49874443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:33.806408882 CEST58808443192.168.11.20142.251.16.99
                                                                                                Apr 26, 2024 06:05:33.806420088 CEST44349874142.251.16.99192.168.11.20
                                                                                                Apr 26, 2024 06:05:33.806427956 CEST44358808142.251.16.99192.168.11.20

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Apr 26, 2024 06:04:15.790103912 CEST504011900192.168.11.20239.255.255.250
                                                                                                Apr 26, 2024 06:04:16.791593075 CEST504011900192.168.11.20239.255.255.250
                                                                                                Apr 26, 2024 06:04:17.807027102 CEST504011900192.168.11.20239.255.255.250
                                                                                                Apr 26, 2024 06:04:17.863023043 CEST5298953192.168.11.201.1.1.1
                                                                                                Apr 26, 2024 06:04:18.134624004 CEST53529891.1.1.1192.168.11.20
                                                                                                Apr 26, 2024 06:04:18.808012009 CEST504011900192.168.11.20239.255.255.250
                                                                                                Apr 26, 2024 06:04:19.018949986 CEST5660053192.168.11.201.1.1.1
                                                                                                Apr 26, 2024 06:04:19.118181944 CEST53566001.1.1.1192.168.11.20
                                                                                                Apr 26, 2024 06:04:19.396778107 CEST137137192.168.11.20192.168.11.255
                                                                                                Apr 26, 2024 06:04:19.566278934 CEST6182153192.168.11.201.1.1.1
                                                                                                Apr 26, 2024 06:04:19.666090965 CEST53618211.1.1.1192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.154162884 CEST137137192.168.11.20192.168.11.255
                                                                                                Apr 26, 2024 06:04:20.549681902 CEST5102053192.168.11.201.1.1.1
                                                                                                Apr 26, 2024 06:04:20.649545908 CEST53510201.1.1.1192.168.11.20
                                                                                                Apr 26, 2024 06:04:20.911334991 CEST137137192.168.11.20192.168.11.255
                                                                                                Apr 26, 2024 06:04:42.293328047 CEST6019153192.168.11.201.1.1.1
                                                                                                Apr 26, 2024 06:04:42.392756939 CEST53601911.1.1.1192.168.11.20
                                                                                                Apr 26, 2024 06:04:58.242485046 CEST5419353192.168.11.201.1.1.1
                                                                                                Apr 26, 2024 06:04:58.341895103 CEST53541931.1.1.1192.168.11.20

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Apr 26, 2024 06:04:17.863023043 CEST192.168.11.201.1.1.10xe830Standard query (0)therufus.orgA (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:19.018949986 CEST192.168.11.201.1.1.10x3e41Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:19.566278934 CEST192.168.11.201.1.1.10x8836Standard query (0)objects.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:20.549681902 CEST192.168.11.201.1.1.10x4c0fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:42.293328047 CEST192.168.11.201.1.1.10x959fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:58.242485046 CEST192.168.11.201.1.1.10x3a5eStandard query (0)www.google.comA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Apr 26, 2024 06:04:18.134624004 CEST1.1.1.1192.168.11.200xe830No error (0)therufus.org104.21.65.18A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:18.134624004 CEST1.1.1.1192.168.11.200xe830No error (0)therufus.org172.67.139.94A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:19.118181944 CEST1.1.1.1192.168.11.200x3e41No error (0)github.com140.82.113.3A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:19.666090965 CEST1.1.1.1192.168.11.200x8836No error (0)objects.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:19.666090965 CEST1.1.1.1192.168.11.200x8836No error (0)objects.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:19.666090965 CEST1.1.1.1192.168.11.200x8836No error (0)objects.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:19.666090965 CEST1.1.1.1192.168.11.200x8836No error (0)objects.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:20.649545908 CEST1.1.1.1192.168.11.200x4c0fNo error (0)www.google.com142.251.16.99A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:20.649545908 CEST1.1.1.1192.168.11.200x4c0fNo error (0)www.google.com142.251.16.147A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:20.649545908 CEST1.1.1.1192.168.11.200x4c0fNo error (0)www.google.com142.251.16.104A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:20.649545908 CEST1.1.1.1192.168.11.200x4c0fNo error (0)www.google.com142.251.16.106A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:20.649545908 CEST1.1.1.1192.168.11.200x4c0fNo error (0)www.google.com142.251.16.103A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:20.649545908 CEST1.1.1.1192.168.11.200x4c0fNo error (0)www.google.com142.251.16.105A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:42.392756939 CEST1.1.1.1192.168.11.200x959fNo error (0)www.google.com172.253.122.105A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:42.392756939 CEST1.1.1.1192.168.11.200x959fNo error (0)www.google.com172.253.122.99A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:42.392756939 CEST1.1.1.1192.168.11.200x959fNo error (0)www.google.com172.253.122.147A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:42.392756939 CEST1.1.1.1192.168.11.200x959fNo error (0)www.google.com172.253.122.106A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:42.392756939 CEST1.1.1.1192.168.11.200x959fNo error (0)www.google.com172.253.122.103A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:42.392756939 CEST1.1.1.1192.168.11.200x959fNo error (0)www.google.com172.253.122.104A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:58.341895103 CEST1.1.1.1192.168.11.200x3a5eNo error (0)www.google.com172.253.115.99A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:58.341895103 CEST1.1.1.1192.168.11.200x3a5eNo error (0)www.google.com172.253.115.103A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:58.341895103 CEST1.1.1.1192.168.11.200x3a5eNo error (0)www.google.com172.253.115.104A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:58.341895103 CEST1.1.1.1192.168.11.200x3a5eNo error (0)www.google.com172.253.115.106A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:58.341895103 CEST1.1.1.1192.168.11.200x3a5eNo error (0)www.google.com172.253.115.105A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 06:04:58.341895103 CEST1.1.1.1192.168.11.200x3a5eNo error (0)www.google.com172.253.115.147A (IP address)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • spclient.wg.spotify.com
                                                                                                • therufus.org
                                                                                                • github.com
                                                                                                • objects.githubusercontent.com

                                                                                                HTTPS Proxied Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                0192.168.11.205025735.186.224.25443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 04:04:15 UTC146OUTGET /v1/live-tile-xml?region=GB&language=en-US HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                User-Agent: Microsoft-WNS/10.0
                                                                                                Host: spclient.wg.spotify.com
                                                                                                2024-04-26 04:04:15 UTC985INHTTP/1.1 200 OK
                                                                                                content-type: text/xml; charset=utf-8
                                                                                                cache-control: private, max-age=0
                                                                                                access-control-allow-origin: *
                                                                                                access-control-allow-headers: Accept, App-Platform, Authorization, client-token, content-access-token, Content-Type, Origin, Retry-After, SPA-Preferred-Publisher, Spotify-App, Spotify-App-Version, spotify-org-uri, X-ClientAttribute-Version, X-Client-Id, x-cloud-trace-context, X-Cloud-Trace-Context, X-Geo-Country, X-Installation-Id, X-Spotify-Additional-Idp, X-Spotify-Connection-Id, X-Spotify-Quicksilver-Uri, x-twitch-jwt
                                                                                                access-control-allow-methods: POST, GET, OPTIONS, PUT, HEAD, DELETE, PATCH
                                                                                                access-control-allow-credentials: true
                                                                                                access-control-max-age: 604800
                                                                                                Content-Length: 1160
                                                                                                strict-transport-security: max-age=31536000
                                                                                                x-content-type-options: nosniff
                                                                                                vary: Accept-Encoding
                                                                                                date: Fri, 26 Apr 2024 04:04:15 GMT
                                                                                                server: envoy
                                                                                                Via: HTTP/2 edgeproxy, 1.1 google
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close
                                                                                                2024-04-26 04:04:15 UTC1160INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 3c 74 69 6c 65 3e 0a 20 20 20 20 3c 76 69 73 75 61 6c 3e 0a 20 20 20 20 20 20 20 20 3c 62 69 6e 64 69 6e 67 20 74 65 6d 70 6c 61 74 65 3d 22 54 69 6c 65 4d 65 64 69 75 6d 22 20 62 72 61 6e 64 69 6e 67 3d 22 6e 61 6d 65 41 6e 64 4c 6f 67 6f 22 20 68 69 6e 74 2d 74 65 78 74 53 74 61 63 6b 69 6e 67 3d 22 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 65 78 74 20 68 69 6e 74 2d 73 74 79 6c 65 3d 22 63 61 70 74 69 6f 6e 22 20 68 69 6e 74 2d 77 72 61 70 3d 22 74 72 75 65 22 3e 50 6c 61 79 20 6d 75 73 69 63 20 79 6f 75 20 6c 6f 76 65 2e 20 4e 6f 20 63 72 65 64 69 74 20 63 61 72 64 73 2e 3c 2f 74 65 78 74 3e 0a 20 20 20 20 20
                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><tile> <visual> <binding template="TileMedium" branding="nameAndLogo" hint-textStacking="center"> <text hint-style="caption" hint-wrap="true">Play music you love. No credit cards.</text>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.11.2049316104.21.65.184431992C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 04:04:18 UTC670OUTGET /download.php HTTP/1.1
                                                                                                Host: therufus.org
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: navigate
                                                                                                Sec-Fetch-User: ?1
                                                                                                Sec-Fetch-Dest: document
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-04-26 04:04:19 UTC971INHTTP/1.1 302 Found
                                                                                                Date: Fri, 26 Apr 2024 04:04:18 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                Access-Control-Allow-Origin: *
                                                                                                Access-Control-Allow-Credentials: true
                                                                                                Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
                                                                                                Access-Control-Max-Age: 1000
                                                                                                Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token , Authorization
                                                                                                Location: https://github.com/pbatard/rufus/releases/download/v4.4/rufus-4.4.exe
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=feYgYL5wb3tFjwYB%2BRtGeA4HHQrHBjZN689SrZ%2Bleihi2%2FWSKbJYcsaLtc8cIop4u0bln%2FurWIbsK2qg%2FObqd1TzURietypcm7lwjawX4rzC7%2FpgABBRySlAbMgt1JA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a3b01fca325a04-IAD
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 04:04:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.11.2050525140.82.113.34431992C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 04:04:19 UTC706OUTGET /pbatard/rufus/releases/download/v4.4/rufus-4.4.exe HTTP/1.1
                                                                                                Host: github.com
                                                                                                Connection: keep-alive
                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: navigate
                                                                                                Sec-Fetch-User: ?1
                                                                                                Sec-Fetch-Dest: document
                                                                                                sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-04-26 04:04:19 UTC992INHTTP/1.1 302 Found
                                                                                                Server: GitHub.com
                                                                                                Date: Fri, 26 Apr 2024 04:04:19 GMT
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2810292/86098259-c57e-4f5d-acc1-ae1e048249df?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240426%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240426T040419Z&X-Amz-Expires=300&X-Amz-Signature=0a2156a5ca26c205fdafcce2ab334e233c3be06af637278db1f2ef1ee5c54c27&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=2810292&response-content-disposition=attachment%3B%20filename%3Drufus-4.4.exe&response-content-type=application%2Foctet-stream
                                                                                                Cache-Control: no-cache
                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                X-Frame-Options: deny
                                                                                                X-Content-Type-Options: nosniff
                                                                                                X-XSS-Protection: 0
                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                2024-04-26 04:04:19 UTC2944INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e
                                                                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.11.2061436185.199.110.1334431992C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 04:04:19 UTC1179OUTGET /github-production-release-asset-2e65be/2810292/86098259-c57e-4f5d-acc1-ae1e048249df?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240426%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240426T040419Z&X-Amz-Expires=300&X-Amz-Signature=0a2156a5ca26c205fdafcce2ab334e233c3be06af637278db1f2ef1ee5c54c27&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=2810292&response-content-disposition=attachment%3B%20filename%3Drufus-4.4.exe&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                                                Host: objects.githubusercontent.com
                                                                                                Connection: keep-alive
                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: navigate
                                                                                                Sec-Fetch-User: ?1
                                                                                                Sec-Fetch-Dest: document
                                                                                                sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-04-26 04:04:20 UTC814INHTTP/1.1 200 OK
                                                                                                Connection: close
                                                                                                Content-Length: 1432648
                                                                                                Content-Type: application/octet-stream
                                                                                                Content-MD5: ekZiu38zHSJS89lJZX2CHQ==
                                                                                                Last-Modified: Wed, 17 Jan 2024 14:44:03 GMT
                                                                                                ETag: "0x8DC176ABFBB34C4"
                                                                                                Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                x-ms-request-id: 33c9eab2-601e-0071-1753-49077e000000
                                                                                                x-ms-version: 2020-10-02
                                                                                                x-ms-creation-time: Wed, 17 Jan 2024 14:44:03 GMT
                                                                                                x-ms-lease-status: unlocked
                                                                                                x-ms-lease-state: available
                                                                                                x-ms-blob-type: BlockBlob
                                                                                                Content-Disposition: attachment; filename=rufus-4.4.exe
                                                                                                x-ms-server-encrypted: true
                                                                                                Via: 1.1 varnish, 1.1 varnish
                                                                                                Accept-Ranges: bytes
                                                                                                Date: Fri, 26 Apr 2024 04:04:20 GMT
                                                                                                Age: 3592
                                                                                                X-Served-By: cache-iad-kjyo7100169-IAD, cache-ewr18143-EWR
                                                                                                X-Cache: HIT, HIT
                                                                                                X-Cache-Hits: 96102, 1
                                                                                                X-Timer: S1714104260.037882,VS0,VE39
                                                                                                2024-04-26 04:04:20 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 03 00 3a e1 a7 65 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 29 00 10 15 00 00 b0 00 00 00 20 28 00 70 32 3d 00 00 30 28 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 f0 3d 00 00 02 00 00 f8 ac 16 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd:e.) (p2=0(@=`
                                                                                                2024-04-26 04:04:20 UTC16384INData Raw: 74 ea ef 0e 78 88 34 53 19 f9 98 43 b9 8f 6c dc 7b 10 33 a0 0e ef 4d b2 a8 4f 95 74 ee d3 57 64 69 ce 0b 12 5e 9a 32 b3 32 be 10 2d f8 bb ff 21 f0 4f 69 ea 12 93 f5 58 0e f6 3a 50 7b d2 c6 6a 4e 8d f6 ff f6 62 5f 8e 9a 5b 52 69 a0 0f 81 67 8e ce 05 24 49 74 a6 64 7e 5b be 3b 76 fe 75 a3 eb 0b ce b9 be 27 7b c3 75 99 cd 7e 38 47 1f 0a 42 c6 52 54 c4 7e 0b 44 0f 0f fa 80 9c e0 ab 22 fa c9 a8 09 ce 80 e5 a4 f2 5e 45 60 f0 34 90 d0 28 75 f5 e2 9a 35 06 2c 36 26 d3 24 79 44 6f eb e8 8e b2 07 50 04 18 5f 26 b4 d5 bc b4 a0 fb 7f 5a 42 45 3d ed 60 6c 91 86 64 92 95 85 f3 b1 b6 23 f4 f9 54 b5 16 07 a9 9a 37 fa 15 24 b4 33 6e c7 b7 65 5c 54 a0 09 32 33 18 8e 9e 5d 91 ec 3a d2 d2 7a d6 d1 eb 48 2d e7 e9 97 26 f3 d8 d4 6f a5 e3 2f 1c 16 fc 1b 73 6c 45 c5 ab ea 80 21
                                                                                                Data Ascii: tx4SCl{3MOtWdi^22-!OiX:P{jNb_[Rig$Itd~[;vu'{u~8GBRT~D"^E`4(u5,6&$yDoP_&ZBE=`ld#T7$3ne\T23]:zH-&o/slE!
                                                                                                2024-04-26 04:04:20 UTC16384INData Raw: fd 75 42 ae ae 48 73 b0 79 a2 ce 89 46 c6 41 92 0c 69 68 03 4b a6 3e 6d d1 c7 39 55 48 16 55 5e b9 6c 01 0f 08 aa aa b7 b7 6b f7 55 00 4b b8 52 73 1f ea b8 78 16 6e cf e7 68 13 fd dc d2 5d 39 dd 88 75 df 47 7b b8 e0 a5 08 f8 12 8b 68 6c 53 b8 c4 f7 43 86 9f 4e 28 84 fc c7 84 62 e8 69 6c d4 60 1d c6 40 2c 6f e0 3b 49 5d 9b b3 09 58 e5 10 ea 6d 64 ba 71 2c 7d cf e6 11 4e cd cd 79 b4 5c c6 ee 75 7b df c6 3b d5 21 87 69 ea ba 0e 3a 14 c1 e4 52 21 db a3 37 18 86 d7 0e 1c a5 d3 4c bd 03 32 48 00 47 86 5e 9d 97 45 64 0c 00 d4 af 3f e9 27 4f 4f 7d 58 fa 79 fb 5f 7e fd f1 f5 9b c6 62 8b 34 ae c5 20 5b 03 a5 2c 49 6f ab ad cd 86 49 e7 ec e8 6d 58 5b 1c b2 17 2f 73 5c 2a 52 cc b2 a8 14 00 70 b7 1c dc f9 66 a9 2c 43 72 52 1f b7 e2 af 11 68 0b 83 9b 6e 92 6e 72 f1 81
                                                                                                Data Ascii: uBHsyFAihK>m9UHU^lkUKRsxnh]9uG{hlSCN(bil`@,o;I]Xmdq,}Ny\u{;!i:R!7L2HG^Ed?'OO}Xy_~b4 [,IoImX[/s\*Rpf,CrRhnnr
                                                                                                2024-04-26 04:04:20 UTC16384INData Raw: 1d a0 8e 29 4c 38 68 d9 39 98 9d c8 6c 3e c5 1a de 76 20 08 7b 0b ce 17 e2 d8 32 e3 35 66 a0 fe 9b 05 ab 10 e8 81 f2 ba a5 97 ad ae 14 f7 0b 83 5a 8e f2 e3 47 ca 72 0c ed fb dd cc 4c c2 ba fd c7 56 6c 77 7e 81 e0 7e 3c 97 81 0f 99 aa 49 46 58 c0 22 57 20 28 c1 e2 46 25 e7 2b 13 5f ce f4 b6 f0 46 56 3b 12 7a 44 59 21 85 81 b5 f7 b5 f2 18 c4 3a f4 46 55 75 54 37 92 6d c9 b6 1a 4a dd d3 60 f1 d3 0d 37 6f 64 6a 49 05 09 5f 5b 2c a4 7e 5b 59 c2 88 24 a3 8b d9 33 cd 77 f6 75 24 ba 7e da 07 32 51 1a f6 d1 10 1f 63 8b cc 95 21 a4 36 31 fb 58 37 3b 30 7e e1 ee 56 a4 1a a4 a4 4c dc 08 4d 07 8f 4b 29 02 98 1f 9e 36 54 55 06 83 1c 5b 46 2d 54 14 25 b8 2b 1f 6f 4c 5f 93 42 4b bb 10 16 ec cc 8e bf 62 1f 04 3d 69 81 88 66 62 67 e4 7a d8 8b a7 3c dd 01 57 54 bd 53 c3 7f
                                                                                                Data Ascii: )L8h9l>v {25fZGrLVlw~~<IFX"W (F%+_FV;zDY!:FUuT7mJ`7odjI_[,~[Y$3wu$~2Qc!61X7;0~VLMK)6TU[F-T%+oL_BKb=ifbgz<WTS
                                                                                                2024-04-26 04:04:20 UTC16384INData Raw: 24 21 a6 54 e0 30 de 7a 44 43 69 4e 4e 88 00 e4 e9 d8 78 2b 85 e9 b0 50 c1 48 17 13 eb 10 fa f4 95 9f f2 7d 01 d7 1d 23 ac 1e a5 84 d5 9e 52 1d f7 cc c2 36 64 3e 21 22 e7 c8 52 39 69 cd 90 1b 68 a4 b9 d4 7b bf 32 3b 5f df ac 94 3d 59 95 db dd 09 f4 e4 9e 71 91 db 4a b5 01 d4 21 de b4 b7 62 4c a5 fd 8c 1e 4c cf 17 06 6e 82 01 32 02 d5 38 4d 9b e6 eb 18 58 d1 6f b2 97 cd 36 25 40 19 82 ce 84 50 38 67 cf 3a 20 6f 00 78 a2 28 9e 67 43 e7 2a 71 92 03 45 dc 34 b5 0b c5 dc 18 2e 84 1f d3 03 35 51 11 1f 78 d7 6e dc 82 d3 b8 09 64 6f 33 aa e5 e2 fc d3 65 8e 07 cf c8 66 73 db 07 0d fe 80 5b 0e 2b c3 44 d5 13 93 02 f7 6e 17 b2 9e 1e 8d f7 59 a7 ea 9d f5 5c 3b 15 7d 27 d3 40 f2 06 6d cf 86 e7 e6 64 e4 f8 36 11 7a de 7f 94 5b f5 c1 86 48 f7 41 b9 13 2f e7 9f f2 46 28
                                                                                                Data Ascii: $!T0zDCiNNx+PH}#R6d>!"R9ih{2;_=YqJ!bLLn28MXo6%@P8g: ox(gC*qE4.5Qxndo3efs[+DnY\;}'@md6z[HA/F(
                                                                                                2024-04-26 04:04:20 UTC16384INData Raw: e9 67 75 d7 94 88 cd 34 70 ed a3 0a 8e 59 7e 9d d8 0a 0b 7b f4 77 41 df a7 8a 7f 22 ef c7 2a 05 8e 37 57 47 7a ec ff a8 45 34 ac 47 d4 e0 fa 4b bc 42 98 25 cd e1 8c 15 af 47 76 15 be 32 81 26 a2 dd 94 4d 6d 67 82 45 f5 10 e3 68 04 c2 ad 1b 26 b3 55 ed f5 43 62 57 05 01 f4 b6 e7 50 0b 1c 43 5f ad 8d 18 30 14 18 76 45 bc 17 d2 87 72 49 5d d7 89 8a 96 69 12 11 ab 09 9c a6 ea ef 12 79 13 5d f5 88 e4 13 04 ed 30 68 54 31 f1 4a 40 cc a4 48 72 48 2b 7e fc 5d 21 88 41 3c c1 81 a9 78 df be 35 a9 29 a9 11 f0 3e 7e 77 ca a7 df 69 ab 37 bf 46 8d 3d a2 6e 7c 55 03 d0 ef 4b bd 21 e4 f7 f3 d1 52 2d ab ff dd 28 27 06 3f 34 31 4a 71 15 45 92 fe 9f 44 ef bc 80 6d dd dd 1e 3d 8b 87 42 24 2b 69 fc c3 ef 48 f2 05 ba 1f 96 18 60 8f 74 2a d8 9f 33 dc e1 3f 93 db dd 6e 3f 6c 03
                                                                                                Data Ascii: gu4pY~{wA"*7WGzE4GKB%Gv2&MmgEh&UCbWPC_0vErI]iy]0hT1J@HrH+~]!A<x5)>~wi7F=n|UK!R-('?41JqEDm=B$+iH`t*3?n?l
                                                                                                2024-04-26 04:04:20 UTC16384INData Raw: be 34 a8 1d 53 bb 5b de f7 eb 5c 59 b6 aa 88 bc 50 2e 86 22 02 47 11 f2 dc 55 9d f3 e9 53 a2 b3 1e a8 fb 89 6c e6 e3 3e 2d 0c 55 de 0b 7f c7 09 61 3e bd be 20 4c f2 12 d5 6f d9 87 f0 e7 11 98 62 38 e9 8b 6d dd 1e 4b 7f be 4b 06 3f 22 7e 36 15 a1 0c 89 35 97 17 c0 39 66 ea 08 35 7d 52 6e 13 47 54 b1 c9 85 cb 86 13 ae da 2c 5d a7 19 26 73 ca 43 ec ed 58 05 f2 40 8a 5e 7b 2f f8 10 e6 d6 9b 34 64 3a 24 9a 73 38 95 83 4d a1 1e e5 fd b3 34 82 4f 8d 5d 72 62 53 45 74 24 db 7c 2f 2b 17 47 84 5b f1 63 4f c8 1d 83 8a c9 9d 4b 3e ce 06 c5 08 8c 35 d9 ae c3 b3 b8 d4 a3 9b ce 0c c7 ad 1a d9 1a cb 8c c3 05 54 88 03 e8 b5 23 de 43 d7 88 de 91 a8 6c 4c 2a 3e 47 4c 83 64 75 db 6e a7 c3 21 49 49 cc fd c2 55 4c 85 47 68 cc 91 7a 33 bb b7 4a 92 38 10 8b cb 4b f8 94 9f 7f 18
                                                                                                Data Ascii: 4S[\YP."GUSl>-Ua> Lob8mKK?"~659f5}RnGT,]&sCX@^{/4d:$s8M4O]rbSEt$|/+G[cOK>5T#ClL*>GLdun!IIULGhz3J8K
                                                                                                2024-04-26 04:04:20 UTC16384INData Raw: 23 a8 75 f3 b2 8a 9b 2e 04 b9 36 eb 11 45 2a 9c 0e 7b b5 9c 85 b8 60 c3 02 0e 51 9c c3 a0 6a a0 de 8c 52 ed c4 cc 14 da 8f ca 78 d2 f7 eb e2 52 15 fe 8a d5 1e 2f 20 39 72 cb 84 51 53 b7 4f 4c 29 9a 45 09 f9 19 f4 13 13 58 94 fc a5 3f 59 4e 10 9a 63 6e 71 d9 43 e7 2c da 39 d3 65 ac a9 dd 3f 46 4e b4 08 7a ca 3e 63 d7 6a d8 5d bd 0e f4 5f 3e 51 00 bd 44 ca d0 d9 26 a5 34 c1 08 ad 95 1d a2 1e 40 89 8a 37 33 12 41 6b 31 99 98 9b 16 2d c9 ee 55 29 72 86 07 49 ea 2e f4 9e 61 bd d5 ec 5d 6b 91 af 32 13 01 c8 b5 ce 92 48 a0 19 81 49 96 e9 e0 80 bc be e9 2c 40 f5 d1 cb 0c f8 44 d7 bb 07 0b 41 9a ce 1c 54 7d 16 27 14 49 3c 5a 77 59 58 30 0a 4b 67 9e 6a 04 48 0e a2 53 01 23 7b c9 a6 bf 02 75 84 7a 73 1d a1 ec 55 54 0c 15 51 74 a2 72 9b c4 30 31 a7 b8 19 ad a7 d2 fb
                                                                                                Data Ascii: #u.6E*{`QjRxR/ 9rQSOL)EX?YNcnqC,9e?FNz>cj]_>QD&4@73Ak1-U)rI.a]k2HI,@DAT}'I<ZwYX0KgjHS#{uzsUTQtr01
                                                                                                2024-04-26 04:04:20 UTC16384INData Raw: 9e 4b 5d d6 9e 83 3e 1b 66 fe 18 4f bb 77 b2 44 4c 1f d0 c3 58 0c 93 7a d8 56 3f d8 95 59 84 f7 85 b6 9b b0 bc e0 85 50 e1 0e d5 a4 d9 9a ee 7f ca dd b3 13 cc ac 50 05 20 92 e5 be 5f cd a9 91 3e b4 c4 78 61 b1 13 ad 49 56 80 09 57 10 eb 11 b7 11 51 16 03 96 85 6b 4c 05 0a 7c 77 fa cc 93 5d 3b 60 aa 2c 10 f3 ae 09 f1 2b 67 f1 76 5e fc dc 47 b0 2a c3 2d 9c 59 c9 c1 6b 3c 48 20 18 91 9e 4b 82 71 62 63 a2 2c 0d 49 c2 59 77 6e 16 37 b0 00 be c3 39 a2 8a 9f 7f 4a 38 60 22 2e 5d c9 58 e1 d9 c8 74 69 df 57 b1 26 8e 9e fd fe e5 17 ad 6b bc ad 6d 8e 6a 9a aa 3d fe 63 d2 0c 94 33 1a 44 a2 0b fc 4a ee dc 11 6c 4b 53 cd be 70 a0 9b 23 39 a6 c4 1f fd 76 0e 59 d9 15 8a 9f f0 54 1a c6 ef d7 90 44 46 ef e5 1c c2 ff 67 de 98 f2 c5 58 8b 3d 52 1d 0d c2 e5 35 e9 37 dd f0 92
                                                                                                Data Ascii: K]>fOwDLXzV?YPP _>xaIVWQkL|w];`,+gv^G*-Yk<H Kqbc,IYwn79J8`".]XtiW&kmj=c3DJlKSp#9vYTDFgX=R57
                                                                                                2024-04-26 04:04:20 UTC16384INData Raw: 87 65 75 97 e4 d6 99 7c 52 bc a7 66 aa 4d 15 2b 92 c8 4c 53 49 c3 5c 8a 76 7b f4 33 ef 9d dc ba dd 35 c6 04 b6 a2 b8 22 e0 9a ec ea a3 90 e3 fb 5b ff 78 32 4a af 1f fd ce 92 0c 33 d5 a4 80 d2 76 1e ba 02 eb 90 cc b0 d3 bc d4 80 e2 c6 0e cd e8 a8 7d 57 9b a3 1b 44 4c 95 fb cf ce d5 53 f8 a0 2d 46 84 e3 0d 39 62 44 39 8c 20 8d d5 34 8b 48 bb 8c 6b 74 86 d4 07 5d c1 78 a4 e7 a5 4e 1d e0 e5 e5 6d 56 62 7f 79 56 a3 af fe 26 d7 09 74 12 18 77 8f f2 4a 1c c1 0d f9 d1 2d 84 be b6 e8 8a 7c a0 c4 c0 31 7d e8 ee cf 36 ec 6e aa 18 90 e3 21 e8 8d 51 ef 6d 96 4e 26 f1 13 50 3b fa 70 6c 0b bf 2a f6 e7 e6 9a 89 95 02 25 b5 eb 42 e9 09 50 1c 00 97 d8 db 62 f1 34 96 91 7c 20 a8 20 01 20 06 af d1 94 69 7e 5b 3a 4e f8 94 27 a8 c1 d8 31 33 08 94 d6 f4 61 35 31 3d 74 9a 4b 1d
                                                                                                Data Ascii: eu|RfM+LSI\v{35"[x2J3v}WDLS-F9bD9 4Hkt]xNmVbyV&twJ-|1}6n!QmN&P;pl*%BPb4| i~[:N'13a51=tK


                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:06:04:14
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                                                                                Imagebase:0x7ff6ed5d0000
                                                                                                File size:2'509'656 bytes
                                                                                                MD5 hash:464953824E644F10FFDC9E093FD18F94
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:2
                                                                                                Start time:06:04:15
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8
                                                                                                Imagebase:0x7ff6ed5d0000
                                                                                                File size:2'509'656 bytes
                                                                                                MD5 hash:464953824E644F10FFDC9E093FD18F94
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:4
                                                                                                Start time:06:04:17
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://therufus.org/download.php"
                                                                                                Imagebase:0x7ff6ed5d0000
                                                                                                File size:2'509'656 bytes
                                                                                                MD5 hash:464953824E644F10FFDC9E093FD18F94
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:6
                                                                                                Start time:06:04:19
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3444 /prefetch:8
                                                                                                Imagebase:0x7ff6ed5d0000
                                                                                                File size:2'509'656 bytes
                                                                                                MD5 hash:464953824E644F10FFDC9E093FD18F94
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:7
                                                                                                Start time:06:04:19
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2948 /prefetch:8
                                                                                                Imagebase:0x7ff6ed5d0000
                                                                                                File size:2'509'656 bytes
                                                                                                MD5 hash:464953824E644F10FFDC9E093FD18F94
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:8
                                                                                                Start time:06:04:24
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6864 /prefetch:8
                                                                                                Imagebase:0x7ff758f00000
                                                                                                File size:2'509'656 bytes
                                                                                                MD5 hash:464953824E644F10FFDC9E093FD18F94
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:9
                                                                                                Start time:06:04:24
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1676,4732492817931774946,1826627398002605485,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6924 /prefetch:8
                                                                                                Imagebase:0x7ff6ed5d0000
                                                                                                File size:2'509'656 bytes
                                                                                                MD5 hash:464953824E644F10FFDC9E093FD18F94
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:11
                                                                                                Start time:06:05:34
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Users\user\Downloads\rufus-4.4.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Users\user\Downloads\rufus-4.4.exe"
                                                                                                Imagebase:0x7ff6ed2e0000
                                                                                                File size:1'432'648 bytes
                                                                                                MD5 hash:7A4662BB7F331D2252F3D949657D821D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:12
                                                                                                Start time:06:05:34
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\vdsldr.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\System32\vdsldr.exe -Embedding
                                                                                                Imagebase:0x7ff63f930000
                                                                                                File size:27'136 bytes
                                                                                                MD5 hash:3CFFFEE43D8B6FEC842423BBF731F35A
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:13
                                                                                                Start time:06:05:34
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\vds.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\System32\vds.exe
                                                                                                Imagebase:0x7ff78efa0000
                                                                                                File size:675'840 bytes
                                                                                                MD5 hash:D28FB8A8DD61CFA35B6DE838E0A3978A
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:false

                                                                                                Disassembly

                                                                                                Reset < >

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:2.2%
                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                  Signature Coverage:20.9%
                                                                                                  Total number of Nodes:631
                                                                                                  Total number of Limit Nodes:18
                                                                                                  execution_graph 30144 7ff6ed2e266d 35 API calls 30145 7ff6ed2e1866 12 API calls 30147 7ff6ed2ed664 106 API calls 30150 7ff6ed2fc662 326 API calls 30151 7ff6ed2ec863 19 API calls 30154 7ff6ed2e1a5d 29 API calls 30157 7ff6ed2ece57 15 API calls 30158 7ff6ed2e9e57 15 API calls 30161 7ff6ed2e1450 _snprintf strlen strncat strlen strncat 30165 7ff6ed2e3444 82 API calls 30167 7ff6ed2e7c40 _wassert _snprintf _mbsdup 30168 7ff6ed2e3444 195 API calls 30173 7ff6ed2e3444 102 API calls 30174 7ff6ed2e3062 83 API calls 30177 7ff6ed2e1ca3 13 API calls 30178 7ff6ed2e8aa3 10 API calls 30179 7ff6ed2e7ca4 38 API calls 30180 7ff6ed2e3062 82 API calls 30184 7ff6ed2eb09d 41 API calls 30186 7ff6ed2e3444 101 API calls 30190 7ff6ed2eee8c 16 API calls 30196 7ff6ed33f070 6 API calls 29505 7ff6ed2e2cf5 29606 7ff6ed315ccf 29505->29606 29507 7ff6ed2e2d0b SetupDiDestroyDeviceInfoList 29508 7ff6ed2e2f92 ??3@YAXPEAX 29507->29508 29511 7ff6ed2e2fb8 strcmp 29508->29511 29509 7ff6ed2e2d2f SetupDiEnumDeviceInfo 29509->29507 29510 7ff6ed2e2d07 29509->29510 29510->29507 29510->29509 29512 7ff6ed2e2d63 SetupDiEnumDeviceInterfaces 29510->29512 29617 7ff6ed318339 29510->29617 29515 7ff6ed2e2fe7 29511->29515 29512->29509 29514 7ff6ed2e2d97 SetupDiGetDeviceInterfaceDetailA 29512->29514 29514->29509 29516 7ff6ed2e2dcc GetLastError 29514->29516 29515->29511 29518 7ff6ed2e300c 29515->29518 29516->29509 29517 7ff6ed2e2ddb _calloc_dbg 29516->29517 29517->29509 29519 7ff6ed2e2dfc SetupDiGetDeviceInterfaceDetailA 29517->29519 29520 7ff6ed2e3020 strcmp 29518->29520 29521 7ff6ed2e2e33 00007FF931A72C70 29519->29521 29522 7ff6ed2e2e26 ??3@YAXPEAX 29519->29522 29520->29520 29532 7ff6ed2e304d 29520->29532 29521->29522 29537 7ff6ed2e2e52 29521->29537 29522->29509 29524 7ff6ed2e3062 _snprintf 29525 7ff6ed2e308e 29524->29525 29526 7ff6ed2e30c6 strlen 29524->29526 29526->29532 29527 7ff6ed2e3196 RegOpenKeyExA 29529 7ff6ed2e31d3 RegCreateKeyExA 29527->29529 29528 7ff6ed2e312c strlen RegOpenKeyExA 29530 7ff6ed2e3225 RegQueryValueExA 29528->29530 29528->29532 29529->29532 29530->29532 29531 7ff6ed2e326a RegCloseKey 29531->29532 29532->29524 29532->29527 29532->29528 29532->29531 29533 7ff6ed2e327d RegCloseKey 29532->29533 29534 7ff6ed2e329f 29532->29534 29533->29532 29536 7ff6ed2e32e0 _wassert 29534->29536 29538 7ff6ed2e32e6 29534->29538 29535 7ff6ed315dae 15 API calls 29535->29537 29536->29538 29537->29522 29537->29535 29560 7ff6ed2e2000 strlen toupper 29537->29560 29591 7ff6ed318339 9 API calls 29537->29591 29625 7ff6ed316bd8 29537->29625 29539 7ff6ed2e32ef _malloc_dbg 29538->29539 29540 7ff6ed2e33ee 29538->29540 29542 7ff6ed2e3316 29539->29542 29582 7ff6ed2e3306 29539->29582 29541 7ff6ed2e33f1 SetupDiGetClassDevsA 29540->29541 29544 7ff6ed2e3413 29541->29544 29545 7ff6ed2e342c SetupDiEnumDeviceInfo 29541->29545 29543 7ff6ed318339 9 API calls 29542->29543 29543->29582 29550 7ff6ed318339 9 API calls 29544->29550 29548 7ff6ed2e346e SetupDiGetDeviceRegistryPropertyA 29545->29548 29549 7ff6ed2e4b5c SetupDiDestroyDeviceInfoList 29545->29549 29547 7ff6ed2e3427 29552 7ff6ed2e4d24 GetDlgItem IsDlgButtonChecked ??3@YAXPEAX 29547->29552 29551 7ff6ed2e34fe _strcmpi 29548->29551 29554 7ff6ed2e34e1 29548->29554 29594 7ff6ed2e4b7c 29549->29594 29550->29547 29553 7ff6ed2e34f5 29551->29553 29561 7ff6ed2e3528 29551->29561 29638 7ff6ed316d05 ??3@YAXPEAX ??3@YAXPEAX 29552->29638 29553->29551 29553->29561 29562 7ff6ed2e427b ??3@YAXPEAX SetupDiEnumDeviceInterfaces 29554->29562 29571 7ff6ed2e42e1 SetupDiGetDeviceInterfaceDetailA 29554->29571 29574 7ff6ed2e42bc 29554->29574 29584 7ff6ed318339 9 API calls 29554->29584 29556 7ff6ed2e3532 _strcmpi 29556->29561 29557 7ff6ed2e4d65 29639 7ff6ed315d4e ??3@YAXPEAX ??3@YAXPEAX 29557->29639 29559 7ff6ed2e4c97 IsDlgButtonChecked 29564 7ff6ed2e4cb5 IsDlgButtonChecked 29559->29564 29565 7ff6ed2e4cb1 29559->29565 29560->29537 29561->29556 29569 7ff6ed2e3571 SetupDiGetDeviceRegistryPropertyA 29561->29569 29570 7ff6ed2e42af GetLastError 29562->29570 29562->29571 29563 7ff6ed2e4d72 29564->29565 29578 7ff6ed2e4ccb IsDlgButtonChecked 29564->29578 29572 7ff6ed2e4ce8 IsDlgButtonChecked IsDlgButtonChecked 29565->29572 29566 7ff6ed318339 9 API calls 29575 7ff6ed2e42d0 29566->29575 29568 7ff6ed318339 9 API calls 29568->29582 29585 7ff6ed2e367b SetupDiGetDeviceInstanceIdA 29569->29585 29570->29554 29570->29574 29571->29554 29577 7ff6ed2e4313 GetLastError 29571->29577 29572->29552 29574->29566 29576 7ff6ed2e4c20 IsDlgButtonChecked GetLastError 29580 7ff6ed2e4c54 SetLastError IsDlgButtonChecked 29576->29580 29581 7ff6ed2e4c4c ??3@YAXPEAX 29576->29581 29577->29554 29583 7ff6ed2e431e _calloc_dbg 29577->29583 29578->29564 29578->29572 29636 7ff6ed31b9b1 13 API calls 29580->29636 29581->29580 29582->29541 29582->29547 29582->29568 29587 7ff6ed318339 9 API calls 29582->29587 29583->29554 29588 7ff6ed2e4347 SetupDiGetDeviceInterfaceDetailA 29583->29588 29584->29554 29596 7ff6ed2e37ea SetupDiGetDeviceRegistryPropertyA 29585->29596 29590 7ff6ed2e33a8 strlen 29587->29590 29588->29554 29589 7ff6ed2e43b0 CreateFileA 29588->29589 29592 7ff6ed2e4407 29589->29592 29590->29582 29591->29537 29634 7ff6ed2e9114 11 API calls 29592->29634 29594->29559 29635 7ff6ed2e2036 MultiByteToWideChar _calloc_dbg MultiByteToWideChar ??3@YAXPEAX 29594->29635 29637 7ff6ed31b9b1 13 API calls 29594->29637 29599 7ff6ed2e3840 29596->29599 29598 7ff6ed2e4414 CloseHandle 29598->29554 29600 7ff6ed2e4429 29598->29600 29612 7ff6ed2e2124 _calloc_dbg SetupDiGetDeviceRegistryPropertyW GetLastError 29599->29612 29600->29554 29602 7ff6ed2e386d 29603 7ff6ed2e3f7a strstr 29602->29603 29605 7ff6ed2e3fdd 29602->29605 29603->29605 29604 7ff6ed318339 9 API calls 29604->29554 29605->29604 29607 7ff6ed315cdc 29606->29607 29608 7ff6ed315cf1 29606->29608 29609 7ff6ed315ce5 29607->29609 29611 7ff6ed315d1e _calloc_dbg 29607->29611 29608->29510 29610 7ff6ed318339 9 API calls 29609->29610 29610->29608 29611->29608 29611->29609 29613 7ff6ed2e21c5 29612->29613 29614 7ff6ed2e218d WideCharToMultiByte 29612->29614 29615 7ff6ed2e21d2 SetLastError 29613->29615 29616 7ff6ed2e21ca ??3@YAXPEAX 29613->29616 29614->29613 29615->29602 29616->29615 29618 7ff6ed318370 29617->29618 29619 7ff6ed318408 isspace 29618->29619 29620 7ff6ed31838b 29618->29620 29619->29618 29619->29620 29640 7ff6ed318232 29620->29640 29622 7ff6ed31839c OutputDebugStringW 29623 7ff6ed3183bc IsDlgButtonChecked IsDlgButtonChecked IsDlgButtonChecked IsDlgButtonChecked 29622->29623 29624 7ff6ed318421 ??3@YAXPEAX 29622->29624 29623->29624 29624->29512 29626 7ff6ed316bee 29625->29626 29627 7ff6ed316c30 29625->29627 29626->29627 29628 7ff6ed316c03 _realloc_dbg 29626->29628 29629 7ff6ed316c35 29626->29629 29627->29537 29628->29629 29630 7ff6ed316c1c ??3@YAXPEAX 29628->29630 29631 7ff6ed316c39 _mbsdup 29629->29631 29632 7ff6ed316c2b 29629->29632 29630->29632 29631->29632 29632->29627 29633 7ff6ed318339 9 API calls 29632->29633 29633->29627 29634->29598 29635->29576 29636->29594 29637->29594 29638->29557 29639->29563 29641 7ff6ed318248 MultiByteToWideChar 29640->29641 29642 7ff6ed3182c6 29640->29642 29641->29642 29644 7ff6ed318291 29641->29644 29642->29622 29644->29642 29645 7ff6ed3182a9 MultiByteToWideChar 29644->29645 29645->29642 30202 7ff6ed34e6f6 6 API calls 30206 7ff6ed3518fe 43 API calls 29731 7ff6ed2fdce0 29732 7ff6ed2fdd0b 29731->29732 29733 7ff6ed2fdd18 GetTickCount64 29731->29733 29734 7ff6ed2fdd33 SetTimer 29733->29734 29735 7ff6ed2fdd71 29733->29735 29734->29732 29736 7ff6ed2fdd7e GetTickCount64 29735->29736 29736->29732 30211 7ff6ed2e34e1 20 API calls 29737 7ff6ed2e46da 29738 7ff6ed2e46e4 29737->29738 29741 7ff6ed2e46ee 29737->29741 29851 7ff6ed2fe531 _snprintf strlen strncat strlen strncat 29738->29851 29740 7ff6ed2e4743 29746 7ff6ed2e4761 29740->29746 29853 7ff6ed2fe531 _snprintf strlen strncat strlen strncat 29740->29853 29741->29740 29742 7ff6ed2e4722 strlen 29741->29742 29852 7ff6ed2fe531 _snprintf strlen strncat strlen strncat 29741->29852 29742->29740 29748 7ff6ed2e47b0 29742->29748 29746->29748 29752 7ff6ed2e479a strlen 29746->29752 29854 7ff6ed2fe531 _snprintf strlen strncat strlen strncat 29746->29854 29749 7ff6ed2e47ce 29748->29749 29855 7ff6ed2fe531 _snprintf strlen strncat strlen strncat 29748->29855 29756 7ff6ed2e4809 29749->29756 29856 7ff6ed2fe531 _snprintf strlen strncat strlen strncat 29749->29856 29752->29748 29753 7ff6ed2e485e 29761 7ff6ed2e487c 29753->29761 29858 7ff6ed2fe531 _snprintf strlen strncat strlen strncat 29753->29858 29755 7ff6ed2e483d strlen 29755->29753 29775 7ff6ed2e48c5 29755->29775 29756->29753 29756->29755 29857 7ff6ed2fe531 _snprintf strlen strncat strlen strncat 29756->29857 29758 7ff6ed2e4d1d 29761->29758 29762 7ff6ed2e48b3 strlen 29761->29762 29859 7ff6ed2fe531 _snprintf strlen strncat strlen strncat 29761->29859 29762->29775 29764 7ff6ed2e49bb toupper 29767 7ff6ed2e49f8 ??3@YAXPEAX 29764->29767 29768 7ff6ed318339 9 API calls 29764->29768 29766 7ff6ed2e49b7 29766->29764 29769 7ff6ed2e4a00 29766->29769 29767->29769 29768->29767 29839 7ff6ed318c32 29769->29839 29770 7ff6ed2e4930 strlen strlen strncat 29860 7ff6ed2e20e3 8 API calls 29770->29860 29771 7ff6ed2e48fc strlen strncat 29771->29770 29775->29764 29775->29766 29775->29770 29775->29771 29861 7ff6ed2e20e3 8 API calls 29775->29861 29776 7ff6ed2e4a80 _mbsdup _mbsdup 29778 7ff6ed2e4ac4 _mbsdup 29776->29778 29779 7ff6ed2e4acd 29776->29779 29778->29779 29780 7ff6ed2e4ae3 _mbsdup 29779->29780 29781 7ff6ed2e4aec 29779->29781 29780->29781 29782 7ff6ed2e4b05 _mbsdup 29781->29782 29783 7ff6ed2e4b1c 29781->29783 29782->29783 29784 7ff6ed2e4b38 ??3@YAXPEAX 29783->29784 29785 7ff6ed318339 9 API calls 29783->29785 29786 7ff6ed2e4b52 29784->29786 29787 7ff6ed2e3444 SetupDiEnumDeviceInfo 29784->29787 29785->29784 29789 7ff6ed2e4b5c SetupDiDestroyDeviceInfoList 29786->29789 29788 7ff6ed2e346e SetupDiGetDeviceRegistryPropertyA 29787->29788 29787->29789 29790 7ff6ed2e34fe _strcmpi 29788->29790 29815 7ff6ed2e34e1 29788->29815 29821 7ff6ed2e4b7c 29789->29821 29791 7ff6ed2e34f5 29790->29791 29792 7ff6ed2e3528 29790->29792 29791->29790 29791->29792 29793 7ff6ed2e3532 _strcmpi 29792->29793 29800 7ff6ed2e3571 SetupDiGetDeviceRegistryPropertyA 29792->29800 29793->29792 29794 7ff6ed2e4c97 IsDlgButtonChecked 29796 7ff6ed2e4cb5 IsDlgButtonChecked 29794->29796 29797 7ff6ed2e4cb1 29794->29797 29795 7ff6ed2e427b ??3@YAXPEAX SetupDiEnumDeviceInterfaces 29801 7ff6ed2e42af GetLastError 29795->29801 29802 7ff6ed2e42e1 SetupDiGetDeviceInterfaceDetailA 29795->29802 29796->29797 29810 7ff6ed2e4ccb IsDlgButtonChecked 29796->29810 29803 7ff6ed2e4ce8 IsDlgButtonChecked IsDlgButtonChecked 29797->29803 29798 7ff6ed318339 9 API calls 29805 7ff6ed2e42d0 29798->29805 29816 7ff6ed2e367b SetupDiGetDeviceInstanceIdA 29800->29816 29808 7ff6ed2e42bc 29801->29808 29801->29815 29807 7ff6ed2e4313 GetLastError 29802->29807 29802->29815 29811 7ff6ed2e4d24 GetDlgItem IsDlgButtonChecked ??3@YAXPEAX 29803->29811 29806 7ff6ed2e4c20 IsDlgButtonChecked GetLastError 29812 7ff6ed2e4c54 SetLastError IsDlgButtonChecked 29806->29812 29813 7ff6ed2e4c4c ??3@YAXPEAX 29806->29813 29814 7ff6ed2e431e _calloc_dbg 29807->29814 29807->29815 29808->29798 29810->29796 29810->29803 29865 7ff6ed316d05 ??3@YAXPEAX ??3@YAXPEAX 29811->29865 29863 7ff6ed31b9b1 13 API calls 29812->29863 29813->29812 29814->29815 29819 7ff6ed2e4347 SetupDiGetDeviceInterfaceDetailA 29814->29819 29815->29795 29815->29802 29815->29808 29825 7ff6ed318339 9 API calls 29815->29825 29828 7ff6ed2e37ea SetupDiGetDeviceRegistryPropertyA 29816->29828 29819->29815 29820 7ff6ed2e43b0 CreateFileA 29819->29820 29826 7ff6ed2e4407 29820->29826 29821->29794 29862 7ff6ed2e2036 MultiByteToWideChar _calloc_dbg MultiByteToWideChar ??3@YAXPEAX 29821->29862 29864 7ff6ed31b9b1 13 API calls 29821->29864 29822 7ff6ed2e4d65 29866 7ff6ed315d4e ??3@YAXPEAX ??3@YAXPEAX 29822->29866 29825->29815 29850 7ff6ed2e9114 11 API calls 29826->29850 29827 7ff6ed2e4d72 29831 7ff6ed2e3840 29828->29831 29833 7ff6ed2e2124 6 API calls 29831->29833 29832 7ff6ed2e4414 CloseHandle 29832->29815 29834 7ff6ed2e4429 29832->29834 29835 7ff6ed2e386d 29833->29835 29834->29815 29836 7ff6ed2e3f7a strstr 29835->29836 29838 7ff6ed2e3fdd 29835->29838 29836->29838 29837 7ff6ed318339 9 API calls 29837->29815 29838->29837 29840 7ff6ed318c57 29839->29840 29841 7ff6ed318cc7 29840->29841 29842 7ff6ed318ccd _snprintf 29840->29842 29844 7ff6ed318e2a 29841->29844 29845 7ff6ed318d2a 29841->29845 29843 7ff6ed2e4a23 strlen _snprintf 29842->29843 29843->29776 29848 7ff6ed318e37 _snprintf 29844->29848 29846 7ff6ed318daa _snprintf 29845->29846 29847 7ff6ed318d40 29845->29847 29846->29843 29849 7ff6ed318d56 _snprintf 29847->29849 29848->29843 29849->29843 29850->29832 29851->29741 29852->29742 29853->29746 29854->29752 29855->29749 29856->29756 29857->29755 29858->29761 29859->29762 29860->29775 29861->29775 29862->29806 29863->29821 29864->29821 29865->29822 29866->29827 30214 7ff6ed34e510 _mbscpy CreateFileA GetLastError CloseHandle 30217 7ff6ed2e88d0 19 API calls 30221 7ff6ed2f86c2 memcmp 30223 7ff6ed2e90bb 46 API calls 30227 7ff6ed2e8530 12 API calls 30228 7ff6ed2e9f31 12 API calls 30230 7ff6ed2e1931 12 API calls 30232 7ff6ed2e9d2d DeviceIoControl CloseHandle 30241 7ff6ed2ecade 13 API calls 30242 7ff6ed2e5b1a 54 API calls 30243 7ff6ed2e971b 24 API calls 30246 7ff6ed2ee719 SetLastError 30251 7ff6ed2e350a 31 API calls 30253 7ff6ed2e7b0d CreateFileA DeviceIoControl CloseHandle 29871 7ff6ed3170e1 FindResourceA 29872 7ff6ed31711d LoadResource 29871->29872 29877 7ff6ed317109 29871->29877 29873 7ff6ed31714f SizeofResource 29872->29873 29872->29877 29874 7ff6ed317167 _calloc_dbg 29873->29874 29875 7ff6ed3171d3 LockResource 29873->29875 29879 7ff6ed31718b 29874->29879 29880 7ff6ed31719c LockResource 29874->29880 29883 7ff6ed317148 29875->29883 29878 7ff6ed318339 9 API calls 29877->29878 29878->29883 29881 7ff6ed318339 9 API calls 29879->29881 29882 7ff6ed3171bc 29880->29882 29880->29883 29881->29883 29884 7ff6ed318339 9 API calls 29882->29884 29884->29883 30256 7ff6ed2ebf05 85 API calls 30265 7ff6ed32b17d 179 API calls 30268 7ff6ed2ea96e 131 API calls 30269 7ff6ed2e396b 31 API calls 30276 7ff6ed2e235a 21 API calls 30277 7ff6ed34238f 26 API calls 30278 7ff6ed2e4f57 85 API calls 30282 7ff6ed2ecf55 13 API calls 30284 7ff6ed2ecb51 10 API calls 30285 7ff6ed34dda3 8 API calls 30287 7ff6ed2ed54a 10 API calls 29885 7ff6ed2e2d47 29886 7ff6ed2e2d63 SetupDiEnumDeviceInterfaces 29885->29886 29887 7ff6ed2e2d55 29885->29887 29889 7ff6ed2e2d2f SetupDiEnumDeviceInfo 29886->29889 29890 7ff6ed2e2d97 SetupDiGetDeviceInterfaceDetailA 29886->29890 29888 7ff6ed318339 9 API calls 29887->29888 29888->29886 29889->29885 29891 7ff6ed2e2d0b SetupDiDestroyDeviceInfoList 29889->29891 29890->29889 29892 7ff6ed2e2dcc GetLastError 29890->29892 29893 7ff6ed2e2f92 ??3@YAXPEAX 29891->29893 29892->29889 29894 7ff6ed2e2ddb _calloc_dbg 29892->29894 29895 7ff6ed2e2fb8 strcmp 29893->29895 29894->29889 29896 7ff6ed2e2dfc SetupDiGetDeviceInterfaceDetailA 29894->29896 29899 7ff6ed2e2fe7 29895->29899 29897 7ff6ed2e2e33 00007FF931A72C70 29896->29897 29898 7ff6ed2e2e26 ??3@YAXPEAX 29896->29898 29897->29898 29931 7ff6ed2e2e52 29897->29931 29898->29889 29899->29895 29901 7ff6ed2e300c 29899->29901 29900 7ff6ed316bd8 12 API calls 29900->29931 29902 7ff6ed2e3020 strcmp 29901->29902 29902->29902 29912 7ff6ed2e304d 29902->29912 29903 7ff6ed2e3062 _snprintf 29904 7ff6ed2e308e 29903->29904 29905 7ff6ed2e30c6 strlen 29903->29905 29905->29912 29906 7ff6ed2e3196 RegOpenKeyExA 29908 7ff6ed2e31d3 RegCreateKeyExA 29906->29908 29907 7ff6ed2e312c strlen RegOpenKeyExA 29910 7ff6ed2e3225 RegQueryValueExA 29907->29910 29907->29912 29908->29912 29909 7ff6ed315dae 15 API calls 29909->29931 29910->29912 29911 7ff6ed2e326a RegCloseKey 29911->29912 29912->29903 29912->29906 29912->29907 29912->29911 29913 7ff6ed2e327d RegCloseKey 29912->29913 29915 7ff6ed2e329f 29912->29915 29913->29912 29914 7ff6ed318339 9 API calls 29914->29931 29916 7ff6ed2e32e0 _wassert 29915->29916 29917 7ff6ed2e32e6 29915->29917 29916->29917 29918 7ff6ed2e32ef _malloc_dbg 29917->29918 29919 7ff6ed2e33ee 29917->29919 29921 7ff6ed2e3316 29918->29921 29922 7ff6ed2e3306 29918->29922 29920 7ff6ed2e33f1 SetupDiGetClassDevsA 29919->29920 29924 7ff6ed2e3413 29920->29924 29925 7ff6ed2e342c SetupDiEnumDeviceInfo 29920->29925 29923 7ff6ed318339 9 API calls 29921->29923 29922->29920 29928 7ff6ed2e3427 29922->29928 29948 7ff6ed318339 9 API calls 29922->29948 29965 7ff6ed318339 9 API calls 29922->29965 29923->29922 29932 7ff6ed318339 9 API calls 29924->29932 29929 7ff6ed2e346e SetupDiGetDeviceRegistryPropertyA 29925->29929 29930 7ff6ed2e4b5c SetupDiDestroyDeviceInfoList 29925->29930 29927 7ff6ed2e2000 strlen toupper 29927->29931 29934 7ff6ed2e4d24 GetDlgItem IsDlgButtonChecked ??3@YAXPEAX 29928->29934 29933 7ff6ed2e34fe _strcmpi 29929->29933 29971 7ff6ed2e34e1 29929->29971 29968 7ff6ed2e4b7c 29930->29968 29931->29898 29931->29900 29931->29909 29931->29914 29931->29927 29932->29928 29935 7ff6ed2e34f5 29933->29935 29941 7ff6ed2e3528 29933->29941 29988 7ff6ed316d05 ??3@YAXPEAX ??3@YAXPEAX 29934->29988 29935->29933 29935->29941 29937 7ff6ed2e3532 _strcmpi 29937->29941 29938 7ff6ed2e4d65 29989 7ff6ed315d4e ??3@YAXPEAX ??3@YAXPEAX 29938->29989 29940 7ff6ed2e4c97 IsDlgButtonChecked 29944 7ff6ed2e4cb5 IsDlgButtonChecked 29940->29944 29945 7ff6ed2e4cb1 29940->29945 29941->29937 29949 7ff6ed2e3571 29941->29949 29942 7ff6ed2e427b ??3@YAXPEAX SetupDiEnumDeviceInterfaces 29950 7ff6ed2e42af GetLastError 29942->29950 29951 7ff6ed2e42e1 SetupDiGetDeviceInterfaceDetailA 29942->29951 29943 7ff6ed2e4d72 29944->29945 29958 7ff6ed2e4ccb IsDlgButtonChecked 29944->29958 29952 7ff6ed2e4ce8 IsDlgButtonChecked IsDlgButtonChecked 29945->29952 29946 7ff6ed318339 9 API calls 29955 7ff6ed2e42d0 29946->29955 29948->29922 29959 7ff6ed2e35b4 SetupDiGetDeviceRegistryPropertyA 29949->29959 29954 7ff6ed2e42bc 29950->29954 29950->29971 29957 7ff6ed2e4313 GetLastError 29951->29957 29951->29971 29952->29934 29954->29946 29956 7ff6ed2e4c20 IsDlgButtonChecked GetLastError 29960 7ff6ed2e4c54 SetLastError IsDlgButtonChecked 29956->29960 29961 7ff6ed2e4c4c ??3@YAXPEAX 29956->29961 29962 7ff6ed2e431e _calloc_dbg 29957->29962 29957->29971 29958->29944 29958->29952 29963 7ff6ed2e367b SetupDiGetDeviceInstanceIdA 29959->29963 29986 7ff6ed31b9b1 13 API calls 29960->29986 29961->29960 29966 7ff6ed2e4347 SetupDiGetDeviceInterfaceDetailA 29962->29966 29962->29971 29975 7ff6ed2e37ea SetupDiGetDeviceRegistryPropertyA 29963->29975 29969 7ff6ed2e33a8 strlen 29965->29969 29967 7ff6ed2e43b0 CreateFileA 29966->29967 29966->29971 29972 7ff6ed2e4407 29967->29972 29968->29940 29985 7ff6ed2e2036 MultiByteToWideChar _calloc_dbg MultiByteToWideChar ??3@YAXPEAX 29968->29985 29987 7ff6ed31b9b1 13 API calls 29968->29987 29969->29922 29970 7ff6ed318339 9 API calls 29970->29971 29971->29942 29971->29951 29971->29954 29971->29970 29984 7ff6ed2e9114 11 API calls 29972->29984 29978 7ff6ed2e3840 29975->29978 29977 7ff6ed2e4414 CloseHandle 29977->29971 29979 7ff6ed2e2124 6 API calls 29978->29979 29980 7ff6ed2e386d 29979->29980 29981 7ff6ed2e3f7a strstr 29980->29981 29983 7ff6ed2e3fdd 29980->29983 29981->29983 29982 7ff6ed318339 9 API calls 29982->29971 29983->29982 29984->29977 29985->29956 29986->29968 29987->29968 29988->29938 29989->29943 30291 7ff6ed2f1b40 _snprintf SetLastError _snprintf 30295 7ff6ed2e553c 78 API calls 29998 7ff6ed2e2b39 IsDlgButtonChecked 30089 7ff6ed2e2ad1 29998->30089 30003 7ff6ed316bd8 12 API calls 30004 7ff6ed2e2c9f _malloc_dbg 30003->30004 30005 7ff6ed2e2ccf SetupDiGetClassDevsA 30004->30005 30006 7ff6ed2e3427 30004->30006 30007 7ff6ed2e2f92 ??3@YAXPEAX 30005->30007 30008 7ff6ed2e4d24 GetDlgItem IsDlgButtonChecked ??3@YAXPEAX 30006->30008 30009 7ff6ed2e2fb8 strcmp 30007->30009 30100 7ff6ed316d05 ??3@YAXPEAX ??3@YAXPEAX 30008->30100 30013 7ff6ed2e2fe7 30009->30013 30011 7ff6ed2e4d65 30101 7ff6ed315d4e ??3@YAXPEAX ??3@YAXPEAX 30011->30101 30013->30009 30015 7ff6ed2e300c 30013->30015 30014 7ff6ed2e4d72 30016 7ff6ed2e3020 strcmp 30015->30016 30016->30016 30025 7ff6ed2e304d 30016->30025 30017 7ff6ed2e3062 _snprintf 30018 7ff6ed2e308e 30017->30018 30019 7ff6ed2e30c6 strlen 30017->30019 30019->30025 30020 7ff6ed2e3196 RegOpenKeyExA 30022 7ff6ed2e31d3 RegCreateKeyExA 30020->30022 30021 7ff6ed2e312c strlen RegOpenKeyExA 30023 7ff6ed2e3225 RegQueryValueExA 30021->30023 30021->30025 30022->30025 30023->30025 30024 7ff6ed2e326a RegCloseKey 30024->30025 30025->30017 30025->30020 30025->30021 30025->30024 30026 7ff6ed2e327d RegCloseKey 30025->30026 30027 7ff6ed2e329f 30025->30027 30026->30025 30028 7ff6ed2e32e0 _wassert 30027->30028 30029 7ff6ed2e32e6 30027->30029 30028->30029 30030 7ff6ed2e32ef _malloc_dbg 30029->30030 30031 7ff6ed2e33ee 30029->30031 30033 7ff6ed2e3316 30030->30033 30045 7ff6ed2e3306 30030->30045 30032 7ff6ed2e33f1 SetupDiGetClassDevsA 30031->30032 30035 7ff6ed2e3413 30032->30035 30036 7ff6ed2e342c SetupDiEnumDeviceInfo 30032->30036 30034 7ff6ed318339 9 API calls 30033->30034 30034->30045 30040 7ff6ed318339 9 API calls 30035->30040 30038 7ff6ed2e346e SetupDiGetDeviceRegistryPropertyA 30036->30038 30039 7ff6ed2e4b5c SetupDiDestroyDeviceInfoList 30036->30039 30041 7ff6ed2e34fe _strcmpi 30038->30041 30058 7ff6ed2e34e1 30038->30058 30046 7ff6ed2e4b7c 30039->30046 30040->30006 30042 7ff6ed2e34f5 30041->30042 30043 7ff6ed2e3528 30041->30043 30042->30041 30042->30043 30044 7ff6ed2e3532 _strcmpi 30043->30044 30053 7ff6ed2e3571 SetupDiGetDeviceRegistryPropertyA 30043->30053 30044->30043 30045->30006 30045->30032 30052 7ff6ed318339 9 API calls 30045->30052 30071 7ff6ed318339 9 API calls 30045->30071 30047 7ff6ed2e4c97 IsDlgButtonChecked 30046->30047 30097 7ff6ed2e2036 MultiByteToWideChar _calloc_dbg MultiByteToWideChar ??3@YAXPEAX 30046->30097 30099 7ff6ed31b9b1 13 API calls 30046->30099 30049 7ff6ed2e4cb1 30047->30049 30067 7ff6ed2e4cb5 IsDlgButtonChecked 30047->30067 30048 7ff6ed2e427b ??3@YAXPEAX SetupDiEnumDeviceInterfaces 30054 7ff6ed2e42af GetLastError 30048->30054 30055 7ff6ed2e42e1 SetupDiGetDeviceInterfaceDetailA 30048->30055 30056 7ff6ed2e4ce8 IsDlgButtonChecked IsDlgButtonChecked 30049->30056 30050 7ff6ed318339 9 API calls 30059 7ff6ed2e42d0 30050->30059 30052->30045 30068 7ff6ed2e367b SetupDiGetDeviceInstanceIdA 30053->30068 30054->30058 30069 7ff6ed2e42bc 30054->30069 30055->30058 30061 7ff6ed2e4313 GetLastError 30055->30061 30056->30008 30058->30048 30058->30055 30058->30069 30075 7ff6ed318339 9 API calls 30058->30075 30060 7ff6ed2e4c20 IsDlgButtonChecked GetLastError 30064 7ff6ed2e4c54 SetLastError IsDlgButtonChecked 30060->30064 30065 7ff6ed2e4c4c ??3@YAXPEAX 30060->30065 30061->30058 30066 7ff6ed2e431e _calloc_dbg 30061->30066 30063 7ff6ed2e4ccb IsDlgButtonChecked 30063->30056 30063->30067 30098 7ff6ed31b9b1 13 API calls 30064->30098 30065->30064 30066->30058 30072 7ff6ed2e4347 SetupDiGetDeviceInterfaceDetailA 30066->30072 30067->30049 30067->30063 30078 7ff6ed2e37ea SetupDiGetDeviceRegistryPropertyA 30068->30078 30069->30050 30074 7ff6ed2e33a8 strlen 30071->30074 30072->30058 30073 7ff6ed2e43b0 CreateFileA 30072->30073 30076 7ff6ed2e4407 30073->30076 30074->30045 30075->30058 30096 7ff6ed2e9114 11 API calls 30076->30096 30082 7ff6ed2e3840 30078->30082 30081 7ff6ed2e4414 CloseHandle 30081->30058 30084 7ff6ed2e4429 30081->30084 30083 7ff6ed2e2124 6 API calls 30082->30083 30085 7ff6ed2e386d 30083->30085 30084->30058 30086 7ff6ed2e3f7a strstr 30085->30086 30088 7ff6ed2e3fdd 30085->30088 30086->30088 30087 7ff6ed318339 9 API calls 30087->30058 30088->30087 30090 7ff6ed2e2ae9 30089->30090 30091 7ff6ed2e2b25 30090->30091 30092 7ff6ed2e2af0 ??3@YAXPEAX ??3@YAXPEAX ??3@YAXPEAX ??3@YAXPEAX ??3@YAXPEAX 30090->30092 30093 7ff6ed316b98 30091->30093 30092->30090 30092->30091 30094 7ff6ed2e2c88 30093->30094 30095 7ff6ed316ba5 _calloc_dbg 30093->30095 30094->30003 30095->30094 30096->30081 30097->30060 30098->30046 30099->30046 30100->30011 30101->30014 30298 7ff6ed32ad38 123 API calls 30302 7ff6ed2ecbaa _snprintf GetTickCount64 GetTickCount64 IsDlgButtonChecked 30304 7ff6ed2ed5a6 DeviceIoControl 30308 7ff6ed2ea7a4 30 API calls 30309 7ff6ed2ebda1 11 API calls 29867 7ff6ed2e7b9d 29868 7ff6ed2e7baf CreateFileA 29867->29868 29869 7ff6ed2e7bab 29867->29869 29868->29869 29870 7ff6ed2e7be7 DeviceIoControl CloseHandle 29868->29870 29870->29869 30312 7ff6ed2e659d 48 API calls 30316 7ff6ed34cd5e 13 API calls 30319 7ff6ed2e1585 9 API calls 30320 7ff6ed2ef983 51 API calls 30324 7ff6ed2e397c 34 API calls 30330 7ff6ed2f8beb 43 API calls 30331 7ff6ed2e21e7 15 API calls 30350 7ff6ed2e8fc4 53 API calls 29646 7ff6ed2e31c4 29649 7ff6ed2e311b 29646->29649 29647 7ff6ed2e326a RegCloseKey 29647->29649 29648 7ff6ed2e327d RegCloseKey 29648->29649 29649->29647 29649->29648 29650 7ff6ed2e3062 _snprintf 29649->29650 29651 7ff6ed2e329f 29649->29651 29656 7ff6ed2e3196 RegOpenKeyExA 29649->29656 29660 7ff6ed2e312c strlen RegOpenKeyExA 29649->29660 29652 7ff6ed2e308e 29650->29652 29653 7ff6ed2e30c6 strlen 29650->29653 29654 7ff6ed2e32e0 _wassert 29651->29654 29655 7ff6ed2e32e6 29651->29655 29653->29649 29654->29655 29657 7ff6ed2e32ef _malloc_dbg 29655->29657 29658 7ff6ed2e33ee 29655->29658 29661 7ff6ed2e31d3 RegCreateKeyExA 29656->29661 29662 7ff6ed2e3316 29657->29662 29679 7ff6ed2e3306 29657->29679 29659 7ff6ed2e33f1 SetupDiGetClassDevsA 29658->29659 29664 7ff6ed2e3413 29659->29664 29665 7ff6ed2e342c SetupDiEnumDeviceInfo 29659->29665 29660->29649 29666 7ff6ed2e3225 RegQueryValueExA 29660->29666 29661->29649 29663 7ff6ed318339 9 API calls 29662->29663 29663->29679 29671 7ff6ed318339 9 API calls 29664->29671 29669 7ff6ed2e346e SetupDiGetDeviceRegistryPropertyA 29665->29669 29670 7ff6ed2e4b5c SetupDiDestroyDeviceInfoList 29665->29670 29666->29649 29668 7ff6ed2e3427 29674 7ff6ed2e4d24 GetDlgItem IsDlgButtonChecked ??3@YAXPEAX 29668->29674 29672 7ff6ed2e34fe _strcmpi 29669->29672 29673 7ff6ed2e34e1 29669->29673 29682 7ff6ed2e4b7c 29670->29682 29671->29668 29675 7ff6ed2e34f5 29672->29675 29676 7ff6ed2e3528 29672->29676 29684 7ff6ed2e427b ??3@YAXPEAX SetupDiEnumDeviceInterfaces 29673->29684 29692 7ff6ed2e42e1 SetupDiGetDeviceInterfaceDetailA 29673->29692 29699 7ff6ed2e42bc 29673->29699 29705 7ff6ed318339 9 API calls 29673->29705 29729 7ff6ed316d05 ??3@YAXPEAX ??3@YAXPEAX 29674->29729 29675->29672 29675->29676 29678 7ff6ed2e3532 _strcmpi 29676->29678 29690 7ff6ed2e3571 SetupDiGetDeviceRegistryPropertyA 29676->29690 29678->29676 29679->29659 29679->29668 29689 7ff6ed318339 9 API calls 29679->29689 29708 7ff6ed318339 9 API calls 29679->29708 29680 7ff6ed2e4d65 29730 7ff6ed315d4e ??3@YAXPEAX ??3@YAXPEAX 29680->29730 29683 7ff6ed2e4c97 IsDlgButtonChecked 29682->29683 29726 7ff6ed2e2036 MultiByteToWideChar _calloc_dbg MultiByteToWideChar ??3@YAXPEAX 29682->29726 29728 7ff6ed31b9b1 13 API calls 29682->29728 29686 7ff6ed2e4cb1 29683->29686 29704 7ff6ed2e4cb5 IsDlgButtonChecked 29683->29704 29691 7ff6ed2e42af GetLastError 29684->29691 29684->29692 29685 7ff6ed2e4d72 29693 7ff6ed2e4ce8 IsDlgButtonChecked IsDlgButtonChecked 29686->29693 29687 7ff6ed318339 9 API calls 29695 7ff6ed2e42d0 29687->29695 29689->29679 29706 7ff6ed2e367b SetupDiGetDeviceInstanceIdA 29690->29706 29691->29673 29691->29699 29692->29673 29697 7ff6ed2e4313 GetLastError 29692->29697 29693->29674 29696 7ff6ed2e4c20 IsDlgButtonChecked GetLastError 29701 7ff6ed2e4c54 SetLastError IsDlgButtonChecked 29696->29701 29702 7ff6ed2e4c4c ??3@YAXPEAX 29696->29702 29697->29673 29703 7ff6ed2e431e _calloc_dbg 29697->29703 29699->29687 29700 7ff6ed2e4ccb IsDlgButtonChecked 29700->29693 29700->29704 29727 7ff6ed31b9b1 13 API calls 29701->29727 29702->29701 29703->29673 29709 7ff6ed2e4347 SetupDiGetDeviceInterfaceDetailA 29703->29709 29704->29686 29704->29700 29705->29673 29714 7ff6ed2e37ea SetupDiGetDeviceRegistryPropertyA 29706->29714 29711 7ff6ed2e33a8 strlen 29708->29711 29709->29673 29710 7ff6ed2e43b0 CreateFileA 29709->29710 29712 7ff6ed2e4407 29710->29712 29711->29679 29725 7ff6ed2e9114 11 API calls 29712->29725 29718 7ff6ed2e3840 29714->29718 29717 7ff6ed2e4414 CloseHandle 29717->29673 29720 7ff6ed2e4429 29717->29720 29719 7ff6ed2e2124 6 API calls 29718->29719 29721 7ff6ed2e386d 29719->29721 29720->29673 29722 7ff6ed2e3f7a strstr 29721->29722 29724 7ff6ed2e3fdd 29721->29724 29722->29724 29723 7ff6ed318339 9 API calls 29723->29673 29724->29723 29725->29717 29726->29696 29727->29682 29728->29682 29729->29680 29730->29685 30354 7ff6ed2e21ba ??3@YAXPEAX SetLastError 30102 7ff6ed2e11b9 30105 7ff6ed2e11c0 30102->30105 30103 7ff6ed2e1200 30106 7ff6ed2e136d 30103->30106 30116 7ff6ed3565d0 30103->30116 30104 7ff6ed2e134c _initterm 30104->30103 30104->30106 30105->30103 30105->30104 30108 7ff6ed2e1228 SetUnhandledExceptionFilter 30109 7ff6ed2e124b 30108->30109 30110 7ff6ed2e1250 _malloc_dbg 30109->30110 30111 7ff6ed2e127a 30110->30111 30112 7ff6ed2e1280 strlen _malloc_dbg memcpy 30111->30112 30112->30112 30113 7ff6ed2e12b2 30112->30113 30133 7ff6ed359ac0 30113->30133 30125 7ff6ed356608 30116->30125 30132 7ff6ed3565f1 30116->30132 30117 7ff6ed3568e0 30118 7ff6ed3568e9 30117->30118 30117->30132 30123 7ff6ed35690d 30118->30123 30139 7ff6ed356460 8 API calls 30118->30139 30120 7ff6ed356920 30141 7ff6ed3563f0 8 API calls 30120->30141 30122 7ff6ed3566ee 30122->30125 30127 7ff6ed3567da 30122->30127 30129 7ff6ed356460 8 API calls 30122->30129 30138 7ff6ed3563f0 8 API calls 30122->30138 30140 7ff6ed3563f0 8 API calls 30123->30140 30124 7ff6ed35692c 30124->30108 30125->30117 30125->30120 30125->30122 30125->30123 30131 7ff6ed3567e0 30125->30131 30125->30132 30127->30131 30129->30122 30130 7ff6ed356812 VirtualProtect 30130->30131 30131->30130 30131->30132 30132->30108 30134 7ff6ed359ad1 30133->30134 30135 7ff6ed359b38 GetStartupInfoA 30134->30135 30136 7ff6ed359af6 _ismbblead 30134->30136 30137 7ff6ed359ade 30134->30137 30135->30137 30136->30134 30137->30135 30138->30122 30139->30118 30140->30120 30141->30124 30359 7ff6ed3151c0 49 API calls 30360 7ff6ed2e582d IsDlgButtonChecked IsDlgButtonChecked 30361 7ff6ed34e5c5 DeviceIoControl GetLastError 30363 7ff6ed2ed629 8 API calls 30366 7ff6ed2ea41a 10 API calls 29990 7ff6ed2e8418 29994 7ff6ed2e8439 29990->29994 29991 7ff6ed2e84e9 29992 7ff6ed2e84f3 IUnknown_Release_Proxy 29991->29992 29993 7ff6ed2e84f9 29991->29993 29992->29993 29995 7ff6ed2e8522 29993->29995 29996 7ff6ed2e850d SetLastError 29993->29996 29994->29991 29997 7ff6ed318339 9 API calls 29994->29997 29996->29995 29997->29991 30371 7ff6ed2e1010 __set_app_type 30375 7ff6ed327fe7 114 API calls 30376 7ff6ed329dec 78 API calls 30378 7ff6ed2f1dff 24 API calls 30382 7ff6ed33cff5 _malloc_dbg 30383 7ff6ed2ecbf7 12 API calls

                                                                                                  Executed Functions

                                                                                                  Function 00007FF6ED2E309E Relevance: 75.7, APIs: 31, Strings: 12, Instructions: 408COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 7ff6ed2e309e-7ff6ed2e30a4 1 7ff6ed2e328a-7ff6ed2e3299 0->1 2 7ff6ed2e3062-7ff6ed2e308c _snprintf 1->2 3 7ff6ed2e329f-7ff6ed2e32bc 1->3 4 7ff6ed2e308e-7ff6ed2e3099 call 7ff6ed3033ea 2->4 5 7ff6ed2e30c6-7ff6ed2e3118 strlen 2->5 6 7ff6ed2e32be-7ff6ed2e32ca 3->6 7 7ff6ed2e32e0 _wassert 3->7 11 7ff6ed2e311b-7ff6ed2e311e 5->11 9 7ff6ed2e32cc-7ff6ed2e32d9 6->9 10 7ff6ed2e32e6-7ff6ed2e32e9 6->10 7->10 9->7 14 7ff6ed2e32ef-7ff6ed2e3304 _malloc_dbg 10->14 15 7ff6ed2e33ee 10->15 12 7ff6ed2e3120-7ff6ed2e3125 11->12 13 7ff6ed2e3196-7ff6ed2e321f RegOpenKeyExA RegCreateKeyExA 11->13 17 7ff6ed2e312c-7ff6ed2e3181 strlen RegOpenKeyExA 12->17 18 7ff6ed2e3127-7ff6ed2e312a 12->18 26 7ff6ed2e3187-7ff6ed2e3191 13->26 27 7ff6ed2e325d-7ff6ed2e3268 13->27 20 7ff6ed2e3316-7ff6ed2e3322 call 7ff6ed318339 14->20 21 7ff6ed2e3306-7ff6ed2e3314 14->21 16 7ff6ed2e33f1-7ff6ed2e3411 SetupDiGetClassDevsA 15->16 23 7ff6ed2e3413-7ff6ed2e3427 call 7ff6ed3187f9 call 7ff6ed318339 16->23 24 7ff6ed2e342c-7ff6ed2e3468 SetupDiEnumDeviceInfo 16->24 25 7ff6ed2e3225-7ff6ed2e3257 RegQueryValueExA 17->25 17->26 18->11 36 7ff6ed2e3327-7ff6ed2e3346 20->36 39 7ff6ed2e4d19-7ff6ed2e4d1b 20->39 28 7ff6ed2e3356-7ff6ed2e3367 21->28 23->39 41 7ff6ed2e346e-7ff6ed2e34df SetupDiGetDeviceRegistryPropertyA 24->41 42 7ff6ed2e4b5c-7ff6ed2e4b78 SetupDiDestroyDeviceInfoList 24->42 25->27 26->27 34 7ff6ed2e3270-7ff6ed2e327b 27->34 35 7ff6ed2e326a RegCloseKey 27->35 29 7ff6ed2e3369 28->29 30 7ff6ed2e3348-7ff6ed2e3350 28->30 29->36 30->16 30->28 37 7ff6ed2e3283 34->37 38 7ff6ed2e327d RegCloseKey 34->38 35->34 36->30 60 7ff6ed2e336b-7ff6ed2e336e 36->60 37->1 38->37 46 7ff6ed2e4d24-7ff6ed2e4d87 GetDlgItem IsDlgButtonChecked ??3@YAXPEAX@Z call 7ff6ed316d05 call 7ff6ed315d4e 39->46 44 7ff6ed2e34fe-7ff6ed2e3508 _strcmpi 41->44 45 7ff6ed2e34e1-7ff6ed2e34f0 call 7ff6ed3187f9 41->45 47 7ff6ed2e4b7c-7ff6ed2e4b85 42->47 51 7ff6ed2e34f5-7ff6ed2e34fc 44->51 52 7ff6ed2e3528-7ff6ed2e352b 44->52 70 7ff6ed2e42cb-7ff6ed2e42d0 call 7ff6ed318339 45->70 71 7ff6ed2e427b-7ff6ed2e42ad ??3@YAXPEAX@Z SetupDiEnumDeviceInterfaces 45->71 48 7ff6ed2e4bf2-7ff6ed2e4c02 47->48 49 7ff6ed2e4b87-7ff6ed2e4b8e 47->49 57 7ff6ed2e4c04-7ff6ed2e4c0d 48->57 56 7ff6ed2e4b91-7ff6ed2e4b95 49->56 51->44 51->52 58 7ff6ed2e3532-7ff6ed2e356f _strcmpi 52->58 63 7ff6ed2e4bb0-7ff6ed2e4bb2 56->63 64 7ff6ed2e4b97-7ff6ed2e4ba3 56->64 65 7ff6ed2e4c13-7ff6ed2e4c4a call 7ff6ed2e2036 IsDlgButtonChecked GetLastError 57->65 66 7ff6ed2e4c97-7ff6ed2e4caf IsDlgButtonChecked 57->66 83 7ff6ed2e3571-7ff6ed2e3f78 SetupDiGetDeviceRegistryPropertyA SetupDiGetDeviceInstanceIdA SetupDiGetDeviceRegistryPropertyA call 7ff6ed2e2124 58->83 67 7ff6ed2e3382-7ff6ed2e3393 call 7ff6ed318339 60->67 68 7ff6ed2e3370-7ff6ed2e3380 60->68 73 7ff6ed2e4bb4-7ff6ed2e4bea 63->73 74 7ff6ed2e4bec-7ff6ed2e4bf0 63->74 77 7ff6ed2e4ba5-7ff6ed2e4ba8 64->77 78 7ff6ed2e4bab-7ff6ed2e4bae 64->78 104 7ff6ed2e4c54-7ff6ed2e4c7c SetLastError IsDlgButtonChecked call 7ff6ed31b9b1 65->104 105 7ff6ed2e4c4c-7ff6ed2e4c4f ??3@YAXPEAX@Z 65->105 75 7ff6ed2e4cb5 66->75 76 7ff6ed2e4cb1-7ff6ed2e4cb3 66->76 95 7ff6ed2e3398-7ff6ed2e339b 67->95 81 7ff6ed2e33cf-7ff6ed2e33d3 68->81 84 7ff6ed2e42af-7ff6ed2e42ba GetLastError 71->84 85 7ff6ed2e42e1-7ff6ed2e430d SetupDiGetDeviceInterfaceDetailA 71->85 73->74 74->47 89 7ff6ed2e4cb7-7ff6ed2e4cc9 IsDlgButtonChecked 75->89 86 7ff6ed2e4ce8-7ff6ed2e4d17 IsDlgButtonChecked * 2 76->86 77->78 78->56 87 7ff6ed2e33d5 81->87 88 7ff6ed2e33b7-7ff6ed2e33c7 81->88 146 7ff6ed2e3ff5-7ff6ed2e400c 83->146 147 7ff6ed2e3f7a-7ff6ed2e3fdb strstr 83->147 91 7ff6ed2e42d5 84->91 92 7ff6ed2e42bc-7ff6ed2e42c8 call 7ff6ed3187f9 84->92 96 7ff6ed2e4313-7ff6ed2e431c GetLastError 85->96 97 7ff6ed2e43a2 85->97 86->46 87->30 98 7ff6ed2e33da-7ff6ed2e33e2 88->98 99 7ff6ed2e33c9-7ff6ed2e33cc 88->99 89->76 102 7ff6ed2e4ccb-7ff6ed2e4ce2 IsDlgButtonChecked 89->102 91->85 92->70 95->68 106 7ff6ed2e339d-7ff6ed2e33b5 call 7ff6ed318339 strlen 95->106 107 7ff6ed2e431e-7ff6ed2e4345 _calloc_dbg 96->107 108 7ff6ed2e4387-7ff6ed2e4396 call 7ff6ed3187f9 call 7ff6ed318339 96->108 103 7ff6ed2e43a9-7ff6ed2e43ae call 7ff6ed318339 97->103 98->99 110 7ff6ed2e33e4-7ff6ed2e33e7 98->110 99->81 102->86 111 7ff6ed2e4ce4-7ff6ed2e4ce6 102->111 126 7ff6ed2e439b-7ff6ed2e439d 103->126 129 7ff6ed2e4c7e-7ff6ed2e4c8a call 7ff6ed31b9b1 104->129 130 7ff6ed2e4c8c-7ff6ed2e4c92 104->130 105->104 106->95 107->103 117 7ff6ed2e4347-7ff6ed2e436c SetupDiGetDeviceInterfaceDetailA 107->117 108->126 110->99 121 7ff6ed2e33e9 110->121 111->89 117->108 118 7ff6ed2e43b0-7ff6ed2e4423 CreateFileA call 7ff6ed2e9114 CloseHandle 117->118 132 7ff6ed2e4b54-7ff6ed2e4b57 118->132 139 7ff6ed2e4429-7ff6ed2e4431 118->139 121->30 126->132 129->130 130->57 132->71 139->132 140 7ff6ed2e4435 call 7ff6ed2e9d14 139->140 140->132 149 7ff6ed2e400e-7ff6ed2e4020 146->149 150 7ff6ed2e4041-7ff6ed2e4273 call 7ff6ed318339 146->150 147->146 148 7ff6ed2e3fdd-7ff6ed2e3fe1 147->148 148->146 151 7ff6ed2e3fe3-7ff6ed2e3fee 148->151 154 7ff6ed2e4032-7ff6ed2e403a 149->154 155 7ff6ed2e4022-7ff6ed2e4030 149->155 150->71 151->146 154->150 155->154
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $ $(uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name))$<NULL>$A device was eliminated because it didn't report itself as a disk$Found VHD device '%s'$SetupDiEnumDeviceInterfaces failed: %s$SetupDiGetDeviceInterfaceDetail (dummy) - no data was allocated$SetupDiGetDeviceInterfaceDetail (dummy) failed: %s$USBSTOR$Unable to allocate data for SP_DEVICE_INTERFACE_DETAIL_DATA$dev.c
                                                                                                  • API String ID: 0-1602295196
                                                                                                  • Opcode ID: 5be7b36d11cfa1d66461ce73cecc90bd78fd9857a06cdedb8c241f6050b92e81
                                                                                                  • Instruction ID: ce223fb33f31078f91ca283ec38d7abaa0aec6507edc1833c48929cff13330c7
                                                                                                  • Opcode Fuzzy Hash: 5be7b36d11cfa1d66461ce73cecc90bd78fd9857a06cdedb8c241f6050b92e81
                                                                                                  • Instruction Fuzzy Hash: 4102B333A0C68689EB218B21E9403AAA391FB957C5F444035DF8DC7B98EF3EE445C709
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E2B39 Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 230stringCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 158 7ff6ed2e2b39-7ff6ed2e2cc9 IsDlgButtonChecked call 7ff6ed2e2ad1 call 7ff6ed316b98 call 7ff6ed316bd8 _malloc_dbg 165 7ff6ed2e2ccf-7ff6ed2e2fb1 SetupDiGetClassDevsA ??3@YAXPEAX@Z 158->165 166 7ff6ed2e4d19-7ff6ed2e4d1b 158->166 169 7ff6ed2e2fb8-7ff6ed2e2fe9 strcmp 165->169 168 7ff6ed2e4d24-7ff6ed2e4d87 GetDlgItem IsDlgButtonChecked ??3@YAXPEAX@Z call 7ff6ed316d05 call 7ff6ed315d4e 166->168 175 7ff6ed2e2ff2-7ff6ed2e2ff8 169->175 176 7ff6ed2e2feb-7ff6ed2e2fee 169->176 177 7ff6ed2e2fff-7ff6ed2e300a 175->177 178 7ff6ed2e2ffa 175->178 176->175 177->169 179 7ff6ed2e300c-7ff6ed2e3019 177->179 178->177 180 7ff6ed2e3020-7ff6ed2e304b strcmp 179->180 180->180 181 7ff6ed2e304d-7ff6ed2e305a 180->181 182 7ff6ed2e3062-7ff6ed2e308c _snprintf 181->182 183 7ff6ed2e308e-7ff6ed2e3099 call 7ff6ed3033ea 182->183 184 7ff6ed2e30c6-7ff6ed2e3118 strlen 182->184 186 7ff6ed2e311b-7ff6ed2e311e 184->186 187 7ff6ed2e3120-7ff6ed2e3125 186->187 188 7ff6ed2e3196-7ff6ed2e321f RegOpenKeyExA RegCreateKeyExA 186->188 189 7ff6ed2e312c-7ff6ed2e3181 strlen RegOpenKeyExA 187->189 190 7ff6ed2e3127-7ff6ed2e312a 187->190 193 7ff6ed2e3187-7ff6ed2e3191 188->193 194 7ff6ed2e325d-7ff6ed2e3268 188->194 192 7ff6ed2e3225-7ff6ed2e3257 RegQueryValueExA 189->192 189->193 190->186 192->194 193->194 195 7ff6ed2e3270-7ff6ed2e327b 194->195 196 7ff6ed2e326a RegCloseKey 194->196 197 7ff6ed2e3283-7ff6ed2e3299 195->197 198 7ff6ed2e327d RegCloseKey 195->198 196->195 197->182 200 7ff6ed2e329f-7ff6ed2e32bc 197->200 198->197 201 7ff6ed2e32be-7ff6ed2e32ca 200->201 202 7ff6ed2e32e0 _wassert 200->202 203 7ff6ed2e32cc-7ff6ed2e32d9 201->203 204 7ff6ed2e32e6-7ff6ed2e32e9 201->204 202->204 203->202 205 7ff6ed2e32ef-7ff6ed2e3304 _malloc_dbg 204->205 206 7ff6ed2e33ee 204->206 208 7ff6ed2e3316-7ff6ed2e3322 call 7ff6ed318339 205->208 209 7ff6ed2e3306-7ff6ed2e3314 205->209 207 7ff6ed2e33f1-7ff6ed2e3411 SetupDiGetClassDevsA 206->207 211 7ff6ed2e3413-7ff6ed2e3427 call 7ff6ed3187f9 call 7ff6ed318339 207->211 212 7ff6ed2e342c-7ff6ed2e3468 SetupDiEnumDeviceInfo 207->212 208->166 219 7ff6ed2e3327-7ff6ed2e3346 208->219 213 7ff6ed2e3356-7ff6ed2e3367 209->213 211->166 221 7ff6ed2e346e-7ff6ed2e34df SetupDiGetDeviceRegistryPropertyA 212->221 222 7ff6ed2e4b5c-7ff6ed2e4b78 SetupDiDestroyDeviceInfoList 212->222 214 7ff6ed2e3369 213->214 215 7ff6ed2e3348-7ff6ed2e3350 213->215 214->219 215->207 215->213 219->215 238 7ff6ed2e336b-7ff6ed2e336e 219->238 224 7ff6ed2e34fe-7ff6ed2e3508 _strcmpi 221->224 225 7ff6ed2e34e1-7ff6ed2e34f0 call 7ff6ed3187f9 221->225 226 7ff6ed2e4b7c-7ff6ed2e4b85 222->226 230 7ff6ed2e34f5-7ff6ed2e34fc 224->230 231 7ff6ed2e3528-7ff6ed2e352b 224->231 246 7ff6ed2e42cb-7ff6ed2e42d0 call 7ff6ed318339 225->246 247 7ff6ed2e427b-7ff6ed2e42ad ??3@YAXPEAX@Z SetupDiEnumDeviceInterfaces 225->247 227 7ff6ed2e4bf2-7ff6ed2e4c02 226->227 228 7ff6ed2e4b87-7ff6ed2e4b8e 226->228 235 7ff6ed2e4c04-7ff6ed2e4c0d 227->235 234 7ff6ed2e4b91-7ff6ed2e4b95 228->234 230->224 230->231 236 7ff6ed2e3532-7ff6ed2e356f _strcmpi 231->236 239 7ff6ed2e4bb0-7ff6ed2e4bb2 234->239 240 7ff6ed2e4b97-7ff6ed2e4ba3 234->240 241 7ff6ed2e4c13-7ff6ed2e4c4a call 7ff6ed2e2036 IsDlgButtonChecked GetLastError 235->241 242 7ff6ed2e4c97-7ff6ed2e4caf IsDlgButtonChecked 235->242 258 7ff6ed2e3571-7ff6ed2e3868 SetupDiGetDeviceRegistryPropertyA SetupDiGetDeviceInstanceIdA SetupDiGetDeviceRegistryPropertyA call 7ff6ed2e2124 236->258 243 7ff6ed2e3382-7ff6ed2e3393 call 7ff6ed318339 238->243 244 7ff6ed2e3370-7ff6ed2e3380 238->244 248 7ff6ed2e4bb4-7ff6ed2e4bea 239->248 249 7ff6ed2e4bec-7ff6ed2e4bf0 239->249 252 7ff6ed2e4ba5-7ff6ed2e4ba8 240->252 253 7ff6ed2e4bab-7ff6ed2e4bae 240->253 279 7ff6ed2e4c54-7ff6ed2e4c7c SetLastError IsDlgButtonChecked call 7ff6ed31b9b1 241->279 280 7ff6ed2e4c4c-7ff6ed2e4c4f ??3@YAXPEAX@Z 241->280 250 7ff6ed2e4cb5 242->250 251 7ff6ed2e4cb1-7ff6ed2e4cb3 242->251 270 7ff6ed2e3398-7ff6ed2e339b 243->270 256 7ff6ed2e33cf-7ff6ed2e33d3 244->256 259 7ff6ed2e42af-7ff6ed2e42ba GetLastError 247->259 260 7ff6ed2e42e1-7ff6ed2e430d SetupDiGetDeviceInterfaceDetailA 247->260 248->249 249->226 264 7ff6ed2e4cb7-7ff6ed2e4cc9 IsDlgButtonChecked 250->264 261 7ff6ed2e4ce8-7ff6ed2e4d17 IsDlgButtonChecked * 2 251->261 252->253 253->234 262 7ff6ed2e33d5 256->262 263 7ff6ed2e33b7-7ff6ed2e33c7 256->263 316 7ff6ed2e386d-7ff6ed2e3f78 258->316 266 7ff6ed2e42d5 259->266 267 7ff6ed2e42bc-7ff6ed2e42c8 call 7ff6ed3187f9 259->267 271 7ff6ed2e4313-7ff6ed2e431c GetLastError 260->271 272 7ff6ed2e43a2 260->272 261->168 262->215 273 7ff6ed2e33da-7ff6ed2e33e2 263->273 274 7ff6ed2e33c9-7ff6ed2e33cc 263->274 264->251 277 7ff6ed2e4ccb-7ff6ed2e4ce2 IsDlgButtonChecked 264->277 266->260 267->246 270->244 281 7ff6ed2e339d-7ff6ed2e33b5 call 7ff6ed318339 strlen 270->281 282 7ff6ed2e431e-7ff6ed2e4345 _calloc_dbg 271->282 283 7ff6ed2e4387-7ff6ed2e4396 call 7ff6ed3187f9 call 7ff6ed318339 271->283 278 7ff6ed2e43a9-7ff6ed2e43ae call 7ff6ed318339 272->278 273->274 285 7ff6ed2e33e4-7ff6ed2e33e7 273->285 274->256 277->261 286 7ff6ed2e4ce4-7ff6ed2e4ce6 277->286 301 7ff6ed2e439b-7ff6ed2e439d 278->301 304 7ff6ed2e4c7e-7ff6ed2e4c8a call 7ff6ed31b9b1 279->304 305 7ff6ed2e4c8c-7ff6ed2e4c92 279->305 280->279 281->270 282->278 292 7ff6ed2e4347-7ff6ed2e436c SetupDiGetDeviceInterfaceDetailA 282->292 283->301 285->274 296 7ff6ed2e33e9 285->296 286->264 292->283 293 7ff6ed2e43b0-7ff6ed2e4423 CreateFileA call 7ff6ed2e9114 CloseHandle 292->293 307 7ff6ed2e4b54-7ff6ed2e4b57 293->307 314 7ff6ed2e4429-7ff6ed2e4431 293->314 296->215 301->307 304->305 305->235 307->247 314->307 315 7ff6ed2e4435 call 7ff6ed2e9d14 314->315 315->307 321 7ff6ed2e3ff5-7ff6ed2e400c 316->321 322 7ff6ed2e3f7a-7ff6ed2e3fdb strstr 316->322 324 7ff6ed2e400e-7ff6ed2e4020 321->324 325 7ff6ed2e4041-7ff6ed2e4273 call 7ff6ed318339 321->325 322->321 323 7ff6ed2e3fdd-7ff6ed2e3fe1 322->323 323->321 326 7ff6ed2e3fe3-7ff6ed2e3fee 323->326 329 7ff6ed2e4032-7ff6ed2e403a 324->329 330 7ff6ed2e4022-7ff6ed2e4030 324->330 325->247 326->321 329->325 330->329
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$ButtonChecked$ClassDevsItemSetup_calloc_dbg_malloc_dbg_realloc_dbgstrcmp
                                                                                                  • String ID: (?:$(uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name))$)$?:\$?:\EFI\R$Akeo Consulting\Rufus$IgnoreUsb%02d$SOFTWARE$UASPSTOR$dev.c$ufus\ntf$us\ntfs_$x64.efi
                                                                                                  • API String ID: 685016927-2401901900
                                                                                                  • Opcode ID: fff1dbb609ce48387cd8400a6c1075b7afc6dce6d3269edc17c7dc033a70e505
                                                                                                  • Instruction ID: 9cf339f9daf3476c44b4cc43b3e677f641786ad4b5e22b78d3fa46ecce171eab
                                                                                                  • Opcode Fuzzy Hash: fff1dbb609ce48387cd8400a6c1075b7afc6dce6d3269edc17c7dc033a70e505
                                                                                                  • Instruction Fuzzy Hash: 1AB17F73609B8585EB61CB21F8407EAA3A1FB95780F804135DE8D87B98EF3ED545CB09
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3170E1 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Resource$Lock$FindLoadSizeof_calloc_dbg
                                                                                                  • String ID: Could not allocate resource '%s'$Could not load resource '%s': %s$Could not locate resource '%s': %s$WARNING: Resource '%s' was truncated by %d bytes!
                                                                                                  • API String ID: 3255340241-2835703815
                                                                                                  • Opcode ID: 5fba8a249dd1d65fd21386503373987ff498adfe48f75b54d9ba3156be46aa65
                                                                                                  • Instruction ID: 0d4a3ea9df1f31f96305d512b9b0f0f22c8e6f1ae0aff2d9f4eeb99ae2e0a51c
                                                                                                  • Opcode Fuzzy Hash: 5fba8a249dd1d65fd21386503373987ff498adfe48f75b54d9ba3156be46aa65
                                                                                                  • Instruction Fuzzy Hash: 1F219393B0964BD5E9509B129C0877AE295AF67BC0F484035DD0DCB781FE3EE448C70A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E11B9 Relevance: 9.1, APIs: 6, Instructions: 100stringCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _malloc_dbg$ExceptionFilterUnhandled_inittermmemcpystrlen
                                                                                                  • String ID:
                                                                                                  • API String ID: 3694715340-0
                                                                                                  • Opcode ID: 85b288382ecd299103e77cd6cb46fdf2acbe0b64695f50ed92be3fd642318b94
                                                                                                  • Instruction ID: 7978a1766c876a5e5a5724dab47c93a9b962384778cc85736d553c10938aa6bb
                                                                                                  • Opcode Fuzzy Hash: 85b288382ecd299103e77cd6cb46fdf2acbe0b64695f50ed92be3fd642318b94
                                                                                                  • Instruction Fuzzy Hash: A2415A37B0865289FB169F25E95037DA3A1AF66B84F444035DE0DC7796FE3EE400831A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E7B9D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39fileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1764 7ff6ed2e7b9d-7ff6ed2e7ba9 1765 7ff6ed2e7baf-7ff6ed2e7be5 CreateFileA 1764->1765 1766 7ff6ed2e7bab-7ff6ed2e7bad 1764->1766 1765->1766 1768 7ff6ed2e7be7-7ff6ed2e7c1e DeviceIoControl CloseHandle 1765->1768 1767 7ff6ed2e7c24-7ff6ed2e7c2c 1766->1767 1768->1767
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseControlCreateDeviceFileHandle
                                                                                                  • String ID: \\.\MountPointManager
                                                                                                  • API String ID: 33631002-3276014075
                                                                                                  • Opcode ID: 568ddf6bb49af68c95c3f166b126e43df3a53e3f43c007b4a1f80081fc6f45bc
                                                                                                  • Instruction ID: 0c15e232c3a1d5d1de77b916914b9a819ee3cfbeccb59cee46be8080c051f918
                                                                                                  • Opcode Fuzzy Hash: 568ddf6bb49af68c95c3f166b126e43df3a53e3f43c007b4a1f80081fc6f45bc
                                                                                                  • Instruction Fuzzy Hash: 8A01F532A18A5186EB61CB24B800756B5D0BB987A4F480335EEAD83BD4EF3DC5058704
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E443A Relevance: 45.8, APIs: 17, Strings: 9, Instructions: 254COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: %s [%s]$@$Removing %c: from the list: This is the %s!$SetupDiEnumDeviceInterfaces failed: %s$SetupDiGetDeviceRegistryProperty (Enumerator Name) failed: %s$USBSTOR$Warning: Found more than %d drives - ignoring remaining ones...$disk from which Rufus is running$system disk
                                                                                                  • API String ID: 0-321381935
                                                                                                  • Opcode ID: 18d44f9e4aba2e61191fd55475957564aab770f14fd2bc79ea601e3fd172768a
                                                                                                  • Instruction ID: 7204256a53954a228e9eb8a76d51431d32f9847491a4c0217758056465699f20
                                                                                                  • Opcode Fuzzy Hash: 18d44f9e4aba2e61191fd55475957564aab770f14fd2bc79ea601e3fd172768a
                                                                                                  • Instruction Fuzzy Hash: 0AC18133A0D6C289EB718B21E5403EAA7A1FB95784F440135DE8D83B98EF3DE545C70A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E44AE Relevance: 38.7, APIs: 10, Strings: 12, Instructions: 173stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • Device eliminated because it was detected as a Hard Drive (score %d > 0), xrefs: 00007FF6ED2E4594
                                                                                                  • PortableBaseLayer, xrefs: 00007FF6ED2E45F5
                                                                                                  • Warning: Found more than %d drives - ignoring remaining ones..., xrefs: 00007FF6ED2E4B2C
                                                                                                  • To use such a card, check 'List USB Hard Drives' under 'advanced drive properties', xrefs: 00007FF6ED2E4560
                                                                                                  • Device eliminated because it was detected as a Microsoft Dev Drive, xrefs: 00007FF6ED2E45DD
                                                                                                  • Device eliminated because listing of VHDs is disabled (Alt-G), xrefs: 00007FF6ED2E4622
                                                                                                  • If this device is not a Hard Drive, please e-mail the author of this application, xrefs: 00007FF6ED2E45AC
                                                                                                  • Device eliminated because it is a Windows Sandbox VHD, xrefs: 00007FF6ED2E4601
                                                                                                  • Device eliminated because it contains a mounted partition that is set as non-removable, xrefs: 00007FF6ED2E44FD
                                                                                                  • NOTE: You can enable the listing of Hard Drives under 'advanced drive properties', xrefs: 00007FF6ED2E45B8
                                                                                                  • Device eliminated because it was detected as a card larger than %d GB, xrefs: 00007FF6ED2E454F
                                                                                                  • @, xrefs: 00007FF6ED2E4B47
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _mbsdup$ButtonChecked$??3@$strlen$DebugDestroyDeviceDriveInfoListOutputSetupStringType_strnicmpisspacestrcmp
                                                                                                  • String ID: @$Device eliminated because it contains a mounted partition that is set as non-removable$Device eliminated because it is a Windows Sandbox VHD$Device eliminated because it was detected as a Hard Drive (score %d > 0)$Device eliminated because it was detected as a Microsoft Dev Drive$Device eliminated because it was detected as a card larger than %d GB$Device eliminated because listing of VHDs is disabled (Alt-G)$If this device is not a Hard Drive, please e-mail the author of this application$NOTE: You can enable the listing of Hard Drives under 'advanced drive properties'$PortableBaseLayer$To use such a card, check 'List USB Hard Drives' under 'advanced drive properties'$Warning: Found more than %d drives - ignoring remaining ones...
                                                                                                  • API String ID: 2545115855-2969974034
                                                                                                  • Opcode ID: 22e1710883aaf6393b45ff7b4b340c17c8eff65d40dd3f9c62a03113d8d3ab96
                                                                                                  • Instruction ID: 6de4ac47c717b2b227b246748bc6511be663694217007b69e95aefab9a45d3fd
                                                                                                  • Opcode Fuzzy Hash: 22e1710883aaf6393b45ff7b4b340c17c8eff65d40dd3f9c62a03113d8d3ab96
                                                                                                  • Instruction Fuzzy Hash: 2B814033E0D6828DEA21CB21E5503B9A3A1EF92745F440135DE4D87B95EF3EE845C74A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E30AA Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 137stringCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 761 7ff6ed2e30aa-7ff6ed2e30c1 call 7ff6ed358fb0 ??3@YAXPEAX@Z 764 7ff6ed2e328a-7ff6ed2e3299 761->764 765 7ff6ed2e3062-7ff6ed2e308c _snprintf 764->765 766 7ff6ed2e329f-7ff6ed2e32bc 764->766 767 7ff6ed2e308e-7ff6ed2e3099 call 7ff6ed3033ea 765->767 768 7ff6ed2e30c6-7ff6ed2e3118 strlen 765->768 769 7ff6ed2e32be-7ff6ed2e32ca 766->769 770 7ff6ed2e32e0 _wassert 766->770 774 7ff6ed2e311b-7ff6ed2e311e 768->774 772 7ff6ed2e32cc-7ff6ed2e32d9 769->772 773 7ff6ed2e32e6-7ff6ed2e32e9 769->773 770->773 772->770 777 7ff6ed2e32ef-7ff6ed2e3304 _malloc_dbg 773->777 778 7ff6ed2e33ee 773->778 775 7ff6ed2e3120-7ff6ed2e3125 774->775 776 7ff6ed2e3196-7ff6ed2e321f RegOpenKeyExA RegCreateKeyExA 774->776 780 7ff6ed2e312c-7ff6ed2e3181 strlen RegOpenKeyExA 775->780 781 7ff6ed2e3127-7ff6ed2e312a 775->781 789 7ff6ed2e3187-7ff6ed2e3191 776->789 790 7ff6ed2e325d-7ff6ed2e3268 776->790 783 7ff6ed2e3316-7ff6ed2e3322 call 7ff6ed318339 777->783 784 7ff6ed2e3306-7ff6ed2e3314 777->784 779 7ff6ed2e33f1-7ff6ed2e3411 SetupDiGetClassDevsA 778->779 786 7ff6ed2e3413-7ff6ed2e3427 call 7ff6ed3187f9 call 7ff6ed318339 779->786 787 7ff6ed2e342c-7ff6ed2e3468 SetupDiEnumDeviceInfo 779->787 788 7ff6ed2e3225-7ff6ed2e3257 RegQueryValueExA 780->788 780->789 781->774 799 7ff6ed2e3327-7ff6ed2e3346 783->799 802 7ff6ed2e4d19-7ff6ed2e4d1b 783->802 791 7ff6ed2e3356-7ff6ed2e3367 784->791 786->802 804 7ff6ed2e346e-7ff6ed2e34df SetupDiGetDeviceRegistryPropertyA 787->804 805 7ff6ed2e4b5c-7ff6ed2e4b78 SetupDiDestroyDeviceInfoList 787->805 788->790 789->790 797 7ff6ed2e3270-7ff6ed2e327b 790->797 798 7ff6ed2e326a RegCloseKey 790->798 792 7ff6ed2e3369 791->792 793 7ff6ed2e3348-7ff6ed2e3350 791->793 792->799 793->779 793->791 800 7ff6ed2e3283 797->800 801 7ff6ed2e327d RegCloseKey 797->801 798->797 799->793 823 7ff6ed2e336b-7ff6ed2e336e 799->823 800->764 801->800 809 7ff6ed2e4d24-7ff6ed2e4d87 GetDlgItem IsDlgButtonChecked ??3@YAXPEAX@Z call 7ff6ed316d05 call 7ff6ed315d4e 802->809 807 7ff6ed2e34fe-7ff6ed2e3508 _strcmpi 804->807 808 7ff6ed2e34e1-7ff6ed2e34f0 call 7ff6ed3187f9 804->808 810 7ff6ed2e4b7c-7ff6ed2e4b85 805->810 814 7ff6ed2e34f5-7ff6ed2e34fc 807->814 815 7ff6ed2e3528-7ff6ed2e352b 807->815 833 7ff6ed2e42cb-7ff6ed2e42d0 call 7ff6ed318339 808->833 834 7ff6ed2e427b-7ff6ed2e42ad ??3@YAXPEAX@Z SetupDiEnumDeviceInterfaces 808->834 811 7ff6ed2e4bf2-7ff6ed2e4c02 810->811 812 7ff6ed2e4b87-7ff6ed2e4b8e 810->812 820 7ff6ed2e4c04-7ff6ed2e4c0d 811->820 819 7ff6ed2e4b91-7ff6ed2e4b95 812->819 814->807 814->815 821 7ff6ed2e3532-7ff6ed2e356f _strcmpi 815->821 826 7ff6ed2e4bb0-7ff6ed2e4bb2 819->826 827 7ff6ed2e4b97-7ff6ed2e4ba3 819->827 828 7ff6ed2e4c13-7ff6ed2e4c4a call 7ff6ed2e2036 IsDlgButtonChecked GetLastError 820->828 829 7ff6ed2e4c97-7ff6ed2e4caf IsDlgButtonChecked 820->829 846 7ff6ed2e3571-7ff6ed2e3f78 SetupDiGetDeviceRegistryPropertyA SetupDiGetDeviceInstanceIdA SetupDiGetDeviceRegistryPropertyA call 7ff6ed2e2124 821->846 830 7ff6ed2e3382-7ff6ed2e3393 call 7ff6ed318339 823->830 831 7ff6ed2e3370-7ff6ed2e3380 823->831 836 7ff6ed2e4bb4-7ff6ed2e4bea 826->836 837 7ff6ed2e4bec-7ff6ed2e4bf0 826->837 840 7ff6ed2e4ba5-7ff6ed2e4ba8 827->840 841 7ff6ed2e4bab-7ff6ed2e4bae 827->841 867 7ff6ed2e4c54-7ff6ed2e4c7c SetLastError IsDlgButtonChecked call 7ff6ed31b9b1 828->867 868 7ff6ed2e4c4c-7ff6ed2e4c4f ??3@YAXPEAX@Z 828->868 838 7ff6ed2e4cb5 829->838 839 7ff6ed2e4cb1-7ff6ed2e4cb3 829->839 858 7ff6ed2e3398-7ff6ed2e339b 830->858 844 7ff6ed2e33cf-7ff6ed2e33d3 831->844 847 7ff6ed2e42af-7ff6ed2e42ba GetLastError 834->847 848 7ff6ed2e42e1-7ff6ed2e430d SetupDiGetDeviceInterfaceDetailA 834->848 836->837 837->810 852 7ff6ed2e4cb7-7ff6ed2e4cc9 IsDlgButtonChecked 838->852 849 7ff6ed2e4ce8-7ff6ed2e4d17 IsDlgButtonChecked * 2 839->849 840->841 841->819 850 7ff6ed2e33d5 844->850 851 7ff6ed2e33b7-7ff6ed2e33c7 844->851 909 7ff6ed2e3ff5-7ff6ed2e400c 846->909 910 7ff6ed2e3f7a-7ff6ed2e3fdb strstr 846->910 854 7ff6ed2e42d5 847->854 855 7ff6ed2e42bc-7ff6ed2e42c8 call 7ff6ed3187f9 847->855 859 7ff6ed2e4313-7ff6ed2e431c GetLastError 848->859 860 7ff6ed2e43a2 848->860 849->809 850->793 861 7ff6ed2e33da-7ff6ed2e33e2 851->861 862 7ff6ed2e33c9-7ff6ed2e33cc 851->862 852->839 865 7ff6ed2e4ccb-7ff6ed2e4ce2 IsDlgButtonChecked 852->865 854->848 855->833 858->831 869 7ff6ed2e339d-7ff6ed2e33b5 call 7ff6ed318339 strlen 858->869 870 7ff6ed2e431e-7ff6ed2e4345 _calloc_dbg 859->870 871 7ff6ed2e4387-7ff6ed2e4396 call 7ff6ed3187f9 call 7ff6ed318339 859->871 866 7ff6ed2e43a9-7ff6ed2e43ae call 7ff6ed318339 860->866 861->862 873 7ff6ed2e33e4-7ff6ed2e33e7 861->873 862->844 865->849 874 7ff6ed2e4ce4-7ff6ed2e4ce6 865->874 889 7ff6ed2e439b-7ff6ed2e439d 866->889 892 7ff6ed2e4c7e-7ff6ed2e4c8a call 7ff6ed31b9b1 867->892 893 7ff6ed2e4c8c-7ff6ed2e4c92 867->893 868->867 869->858 870->866 880 7ff6ed2e4347-7ff6ed2e436c SetupDiGetDeviceInterfaceDetailA 870->880 871->889 873->862 884 7ff6ed2e33e9 873->884 874->852 880->871 881 7ff6ed2e43b0-7ff6ed2e4423 CreateFileA call 7ff6ed2e9114 CloseHandle 880->881 895 7ff6ed2e4b54-7ff6ed2e4b57 881->895 902 7ff6ed2e4429-7ff6ed2e4431 881->902 884->793 889->895 892->893 893->820 895->834 902->895 903 7ff6ed2e4435 call 7ff6ed2e9d14 902->903 903->895 912 7ff6ed2e400e-7ff6ed2e4020 909->912 913 7ff6ed2e4041-7ff6ed2e4273 call 7ff6ed318339 909->913 910->909 911 7ff6ed2e3fdd-7ff6ed2e3fe1 910->911 911->909 914 7ff6ed2e3fe3-7ff6ed2e3fee 911->914 917 7ff6ed2e4032-7ff6ed2e403a 912->917 918 7ff6ed2e4022-7ff6ed2e4030 912->918 913->834 914->909 917->913 918->917
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$ButtonCheckedItem_malloc_dbg_snprintf_wassertstrlen
                                                                                                  • String ID: %s$(card_start > 0) && (card_start < ARRAYSIZE(genstor_name))$(uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name))$Could not allocate Device ID list$Processing IDs belonging to '%s':$SetupDiGetClassDevs (Interface) failed: %s$dev.c
                                                                                                  • API String ID: 53704341-3717196299
                                                                                                  • Opcode ID: 2978e9187ee7c377615a7214b975a6e0ef712e7b1d32fc6e62f438d4e8f764ff
                                                                                                  • Instruction ID: 9c31ed4da717300128efee840f4eaa082586eb08a376729454296a0c05a0be5a
                                                                                                  • Opcode Fuzzy Hash: 2978e9187ee7c377615a7214b975a6e0ef712e7b1d32fc6e62f438d4e8f764ff
                                                                                                  • Instruction Fuzzy Hash: 9D519E33E0C54289FA22DB21E5147BDA350AB66B86F448131CE0DC7696FE2FE445C70A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E2D47 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 144COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonCheckedDeviceSetup$??3@DetailEnumInterface$00007DebugErrorF931InfoInterfacesLastOutputString_calloc_dbg
                                                                                                  • String ID: $ Found ID[%03d]: %s$ Hub[%d] = '%s'$Processing Hub %d:
                                                                                                  • API String ID: 2907394273-546274519
                                                                                                  • Opcode ID: 356124e2bc8217f0958fdca6f61e12e1ca7b6b5a9bd150bd506a86d57e6c3be6
                                                                                                  • Instruction ID: 661f3eb798959946cf7d3c546ff4b34ce15ccf4b16bbabd24d01fb30e3ae1b11
                                                                                                  • Opcode Fuzzy Hash: 356124e2bc8217f0958fdca6f61e12e1ca7b6b5a9bd150bd506a86d57e6c3be6
                                                                                                  • Instruction Fuzzy Hash: FE519363B0868685F7618B25EA107BAA390FF96B80F844531DE4EC7795EF3EE504C709
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E3120 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 95registrystringCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1134 7ff6ed2e3120-7ff6ed2e3125 1135 7ff6ed2e312c-7ff6ed2e3181 strlen RegOpenKeyExA 1134->1135 1136 7ff6ed2e3127-7ff6ed2e312a 1134->1136 1138 7ff6ed2e3225-7ff6ed2e3257 RegQueryValueExA 1135->1138 1139 7ff6ed2e3187-7ff6ed2e3191 1135->1139 1137 7ff6ed2e311b-7ff6ed2e311e 1136->1137 1137->1134 1140 7ff6ed2e3196-7ff6ed2e321f RegOpenKeyExA RegCreateKeyExA 1137->1140 1141 7ff6ed2e325d-7ff6ed2e3268 1138->1141 1139->1141 1140->1139 1140->1141 1143 7ff6ed2e3270-7ff6ed2e327b 1141->1143 1144 7ff6ed2e326a RegCloseKey 1141->1144 1145 7ff6ed2e3283-7ff6ed2e3299 1143->1145 1146 7ff6ed2e327d RegCloseKey 1143->1146 1144->1143 1148 7ff6ed2e3062-7ff6ed2e308c _snprintf 1145->1148 1149 7ff6ed2e329f-7ff6ed2e32bc 1145->1149 1146->1145 1150 7ff6ed2e308e-7ff6ed2e3099 call 7ff6ed3033ea 1148->1150 1151 7ff6ed2e30c6-7ff6ed2e3118 strlen 1148->1151 1152 7ff6ed2e32be-7ff6ed2e32ca 1149->1152 1153 7ff6ed2e32e0 _wassert 1149->1153 1151->1137 1155 7ff6ed2e32cc-7ff6ed2e32d9 1152->1155 1156 7ff6ed2e32e6-7ff6ed2e32e9 1152->1156 1153->1156 1155->1153 1157 7ff6ed2e32ef-7ff6ed2e3304 _malloc_dbg 1156->1157 1158 7ff6ed2e33ee 1156->1158 1160 7ff6ed2e3316-7ff6ed2e3322 call 7ff6ed318339 1157->1160 1161 7ff6ed2e3306-7ff6ed2e3314 1157->1161 1159 7ff6ed2e33f1-7ff6ed2e3411 SetupDiGetClassDevsA 1158->1159 1163 7ff6ed2e3413-7ff6ed2e3427 call 7ff6ed3187f9 call 7ff6ed318339 1159->1163 1164 7ff6ed2e342c-7ff6ed2e3468 SetupDiEnumDeviceInfo 1159->1164 1171 7ff6ed2e3327-7ff6ed2e3346 1160->1171 1172 7ff6ed2e4d19-7ff6ed2e4d1b 1160->1172 1165 7ff6ed2e3356-7ff6ed2e3367 1161->1165 1163->1172 1174 7ff6ed2e346e-7ff6ed2e34df SetupDiGetDeviceRegistryPropertyA 1164->1174 1175 7ff6ed2e4b5c-7ff6ed2e4b78 SetupDiDestroyDeviceInfoList 1164->1175 1166 7ff6ed2e3369 1165->1166 1167 7ff6ed2e3348-7ff6ed2e3350 1165->1167 1166->1171 1167->1159 1167->1165 1171->1167 1193 7ff6ed2e336b-7ff6ed2e336e 1171->1193 1179 7ff6ed2e4d24-7ff6ed2e4d87 GetDlgItem IsDlgButtonChecked ??3@YAXPEAX@Z call 7ff6ed316d05 call 7ff6ed315d4e 1172->1179 1177 7ff6ed2e34fe-7ff6ed2e3508 _strcmpi 1174->1177 1178 7ff6ed2e34e1-7ff6ed2e34f0 call 7ff6ed3187f9 1174->1178 1180 7ff6ed2e4b7c-7ff6ed2e4b85 1175->1180 1184 7ff6ed2e34f5-7ff6ed2e34fc 1177->1184 1185 7ff6ed2e3528-7ff6ed2e352b 1177->1185 1203 7ff6ed2e42cb-7ff6ed2e42d0 call 7ff6ed318339 1178->1203 1204 7ff6ed2e427b-7ff6ed2e42ad ??3@YAXPEAX@Z SetupDiEnumDeviceInterfaces 1178->1204 1181 7ff6ed2e4bf2-7ff6ed2e4c02 1180->1181 1182 7ff6ed2e4b87-7ff6ed2e4b8e 1180->1182 1190 7ff6ed2e4c04-7ff6ed2e4c0d 1181->1190 1189 7ff6ed2e4b91-7ff6ed2e4b95 1182->1189 1184->1177 1184->1185 1191 7ff6ed2e3532-7ff6ed2e356f _strcmpi 1185->1191 1196 7ff6ed2e4bb0-7ff6ed2e4bb2 1189->1196 1197 7ff6ed2e4b97-7ff6ed2e4ba3 1189->1197 1198 7ff6ed2e4c13-7ff6ed2e4c4a call 7ff6ed2e2036 IsDlgButtonChecked GetLastError 1190->1198 1199 7ff6ed2e4c97-7ff6ed2e4caf IsDlgButtonChecked 1190->1199 1216 7ff6ed2e3571-7ff6ed2e3f78 SetupDiGetDeviceRegistryPropertyA SetupDiGetDeviceInstanceIdA SetupDiGetDeviceRegistryPropertyA call 7ff6ed2e2124 1191->1216 1200 7ff6ed2e3382-7ff6ed2e3393 call 7ff6ed318339 1193->1200 1201 7ff6ed2e3370-7ff6ed2e3380 1193->1201 1206 7ff6ed2e4bb4-7ff6ed2e4bea 1196->1206 1207 7ff6ed2e4bec-7ff6ed2e4bf0 1196->1207 1210 7ff6ed2e4ba5-7ff6ed2e4ba8 1197->1210 1211 7ff6ed2e4bab-7ff6ed2e4bae 1197->1211 1237 7ff6ed2e4c54-7ff6ed2e4c7c SetLastError IsDlgButtonChecked call 7ff6ed31b9b1 1198->1237 1238 7ff6ed2e4c4c-7ff6ed2e4c4f ??3@YAXPEAX@Z 1198->1238 1208 7ff6ed2e4cb5 1199->1208 1209 7ff6ed2e4cb1-7ff6ed2e4cb3 1199->1209 1228 7ff6ed2e3398-7ff6ed2e339b 1200->1228 1214 7ff6ed2e33cf-7ff6ed2e33d3 1201->1214 1217 7ff6ed2e42af-7ff6ed2e42ba GetLastError 1204->1217 1218 7ff6ed2e42e1-7ff6ed2e430d SetupDiGetDeviceInterfaceDetailA 1204->1218 1206->1207 1207->1180 1222 7ff6ed2e4cb7-7ff6ed2e4cc9 IsDlgButtonChecked 1208->1222 1219 7ff6ed2e4ce8-7ff6ed2e4d17 IsDlgButtonChecked * 2 1209->1219 1210->1211 1211->1189 1220 7ff6ed2e33d5 1214->1220 1221 7ff6ed2e33b7-7ff6ed2e33c7 1214->1221 1279 7ff6ed2e3ff5-7ff6ed2e400c 1216->1279 1280 7ff6ed2e3f7a-7ff6ed2e3fdb strstr 1216->1280 1224 7ff6ed2e42d5 1217->1224 1225 7ff6ed2e42bc-7ff6ed2e42c8 call 7ff6ed3187f9 1217->1225 1229 7ff6ed2e4313-7ff6ed2e431c GetLastError 1218->1229 1230 7ff6ed2e43a2 1218->1230 1219->1179 1220->1167 1231 7ff6ed2e33da-7ff6ed2e33e2 1221->1231 1232 7ff6ed2e33c9-7ff6ed2e33cc 1221->1232 1222->1209 1235 7ff6ed2e4ccb-7ff6ed2e4ce2 IsDlgButtonChecked 1222->1235 1224->1218 1225->1203 1228->1201 1239 7ff6ed2e339d-7ff6ed2e33b5 call 7ff6ed318339 strlen 1228->1239 1240 7ff6ed2e431e-7ff6ed2e4345 _calloc_dbg 1229->1240 1241 7ff6ed2e4387-7ff6ed2e4396 call 7ff6ed3187f9 call 7ff6ed318339 1229->1241 1236 7ff6ed2e43a9-7ff6ed2e43ae call 7ff6ed318339 1230->1236 1231->1232 1243 7ff6ed2e33e4-7ff6ed2e33e7 1231->1243 1232->1214 1235->1219 1244 7ff6ed2e4ce4-7ff6ed2e4ce6 1235->1244 1259 7ff6ed2e439b-7ff6ed2e439d 1236->1259 1262 7ff6ed2e4c7e-7ff6ed2e4c8a call 7ff6ed31b9b1 1237->1262 1263 7ff6ed2e4c8c-7ff6ed2e4c92 1237->1263 1238->1237 1239->1228 1240->1236 1250 7ff6ed2e4347-7ff6ed2e436c SetupDiGetDeviceInterfaceDetailA 1240->1250 1241->1259 1243->1232 1254 7ff6ed2e33e9 1243->1254 1244->1222 1250->1241 1251 7ff6ed2e43b0-7ff6ed2e4423 CreateFileA call 7ff6ed2e9114 CloseHandle 1250->1251 1265 7ff6ed2e4b54-7ff6ed2e4b57 1251->1265 1272 7ff6ed2e4429-7ff6ed2e4431 1251->1272 1254->1167 1259->1265 1262->1263 1263->1190 1265->1204 1272->1265 1273 7ff6ed2e4435 call 7ff6ed2e9d14 1272->1273 1273->1265 1282 7ff6ed2e400e-7ff6ed2e4020 1279->1282 1283 7ff6ed2e4041-7ff6ed2e4273 call 7ff6ed318339 1279->1283 1280->1279 1281 7ff6ed2e3fdd-7ff6ed2e3fe1 1280->1281 1281->1279 1284 7ff6ed2e3fe3-7ff6ed2e3fee 1281->1284 1287 7ff6ed2e4032-7ff6ed2e403a 1282->1287 1288 7ff6ed2e4022-7ff6ed2e4030 1282->1288 1283->1204 1284->1279 1287->1283 1288->1287
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseOpen$_malloc_dbg_wassertstrlen
                                                                                                  • String ID: (card_start > 0) && (card_start < ARRAYSIZE(genstor_name))$(uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name))$\$dev.c
                                                                                                  • API String ID: 826056021-626718603
                                                                                                  • Opcode ID: c6aee6fdf95aa718be95e28c26c9f43181acf9dd6240e22692afb1b651b98aab
                                                                                                  • Instruction ID: a2a256df7880a16f0df49adb3a4c9ac76f96f36c9b0c20492a5d39d5eeed15ce
                                                                                                  • Opcode Fuzzy Hash: c6aee6fdf95aa718be95e28c26c9f43181acf9dd6240e22692afb1b651b98aab
                                                                                                  • Instruction Fuzzy Hash: B141B773A0CA8689EA61CF21E5447BEA390FB55786F448135CE8D87754EF3ED504CB09
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E2CF5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 82stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DeviceInfoSetupstrcmp$??3@DestroyEnumList_snprintf
                                                                                                  • String ID: $IgnoreUsb%02d$UASPSTOR
                                                                                                  • API String ID: 1362795550-1822045072
                                                                                                  • Opcode ID: d7afb2544a7ba0a0321ef143416c048a7822bd44ac140ed27589e82bba2a1e93
                                                                                                  • Instruction ID: 5e9e7c887472598b2392210033cd329f0ffed9b8dce97449fd522c378677eb47
                                                                                                  • Opcode Fuzzy Hash: d7afb2544a7ba0a0321ef143416c048a7822bd44ac140ed27589e82bba2a1e93
                                                                                                  • Instruction Fuzzy Hash: 62319E7260864689EB20DF26E9547ABA761FB95BC0F444035DE4EC7794EE3EE404CB05
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED318339 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 70COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@DebugOutputStringisspace
                                                                                                  • String ID: 0 devices found
                                                                                                  • API String ID: 438106906-2818467960
                                                                                                  • Opcode ID: c6830f37bdedec4fc455f014250a77a77e295a7383bde33be2bf81209b921794
                                                                                                  • Instruction ID: e0fdebc034690a83cbc22d16d400cf7804d99e399a128fc5e59af18ef698dc26
                                                                                                  • Opcode Fuzzy Hash: c6830f37bdedec4fc455f014250a77a77e295a7383bde33be2bf81209b921794
                                                                                                  • Instruction Fuzzy Hash: BA21F727B186A681F7109B61F80077DA754AB96BD4F584231DE1C87BD4EF3DE016870A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E31C4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 61registrystringCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1546 7ff6ed2e31c4-7ff6ed2e31ce 1547 7ff6ed2e325d-7ff6ed2e3268 1546->1547 1548 7ff6ed2e3270-7ff6ed2e327b 1547->1548 1549 7ff6ed2e326a RegCloseKey 1547->1549 1550 7ff6ed2e3283-7ff6ed2e3299 1548->1550 1551 7ff6ed2e327d RegCloseKey 1548->1551 1549->1548 1553 7ff6ed2e3062-7ff6ed2e308c _snprintf 1550->1553 1554 7ff6ed2e329f-7ff6ed2e32bc 1550->1554 1551->1550 1555 7ff6ed2e308e-7ff6ed2e3099 call 7ff6ed3033ea 1553->1555 1556 7ff6ed2e30c6-7ff6ed2e3118 strlen 1553->1556 1557 7ff6ed2e32be-7ff6ed2e32ca 1554->1557 1558 7ff6ed2e32e0 _wassert 1554->1558 1562 7ff6ed2e311b-7ff6ed2e311e 1556->1562 1560 7ff6ed2e32cc-7ff6ed2e32d9 1557->1560 1561 7ff6ed2e32e6-7ff6ed2e32e9 1557->1561 1558->1561 1560->1558 1565 7ff6ed2e32ef-7ff6ed2e3304 _malloc_dbg 1561->1565 1566 7ff6ed2e33ee 1561->1566 1563 7ff6ed2e3120-7ff6ed2e3125 1562->1563 1564 7ff6ed2e3196-7ff6ed2e321f RegOpenKeyExA RegCreateKeyExA 1562->1564 1568 7ff6ed2e312c-7ff6ed2e3181 strlen RegOpenKeyExA 1563->1568 1569 7ff6ed2e3127-7ff6ed2e312a 1563->1569 1564->1547 1577 7ff6ed2e3187-7ff6ed2e3191 1564->1577 1571 7ff6ed2e3316-7ff6ed2e3322 call 7ff6ed318339 1565->1571 1572 7ff6ed2e3306-7ff6ed2e3314 1565->1572 1567 7ff6ed2e33f1-7ff6ed2e3411 SetupDiGetClassDevsA 1566->1567 1574 7ff6ed2e3413-7ff6ed2e3427 call 7ff6ed3187f9 call 7ff6ed318339 1567->1574 1575 7ff6ed2e342c-7ff6ed2e3468 SetupDiEnumDeviceInfo 1567->1575 1576 7ff6ed2e3225-7ff6ed2e3257 RegQueryValueExA 1568->1576 1568->1577 1569->1562 1584 7ff6ed2e3327-7ff6ed2e3346 1571->1584 1585 7ff6ed2e4d19-7ff6ed2e4d1b 1571->1585 1578 7ff6ed2e3356-7ff6ed2e3367 1572->1578 1574->1585 1587 7ff6ed2e346e-7ff6ed2e34df SetupDiGetDeviceRegistryPropertyA 1575->1587 1588 7ff6ed2e4b5c-7ff6ed2e4b78 SetupDiDestroyDeviceInfoList 1575->1588 1576->1547 1577->1547 1579 7ff6ed2e3369 1578->1579 1580 7ff6ed2e3348-7ff6ed2e3350 1578->1580 1579->1584 1580->1567 1580->1578 1584->1580 1606 7ff6ed2e336b-7ff6ed2e336e 1584->1606 1592 7ff6ed2e4d24-7ff6ed2e4d87 GetDlgItem IsDlgButtonChecked ??3@YAXPEAX@Z call 7ff6ed316d05 call 7ff6ed315d4e 1585->1592 1590 7ff6ed2e34fe-7ff6ed2e3508 _strcmpi 1587->1590 1591 7ff6ed2e34e1-7ff6ed2e34f0 call 7ff6ed3187f9 1587->1591 1593 7ff6ed2e4b7c-7ff6ed2e4b85 1588->1593 1597 7ff6ed2e34f5-7ff6ed2e34fc 1590->1597 1598 7ff6ed2e3528-7ff6ed2e352b 1590->1598 1616 7ff6ed2e42cb-7ff6ed2e42d0 call 7ff6ed318339 1591->1616 1617 7ff6ed2e427b-7ff6ed2e42ad ??3@YAXPEAX@Z SetupDiEnumDeviceInterfaces 1591->1617 1594 7ff6ed2e4bf2-7ff6ed2e4c02 1593->1594 1595 7ff6ed2e4b87-7ff6ed2e4b8e 1593->1595 1603 7ff6ed2e4c04-7ff6ed2e4c0d 1594->1603 1602 7ff6ed2e4b91-7ff6ed2e4b95 1595->1602 1597->1590 1597->1598 1604 7ff6ed2e3532-7ff6ed2e356f _strcmpi 1598->1604 1609 7ff6ed2e4bb0-7ff6ed2e4bb2 1602->1609 1610 7ff6ed2e4b97-7ff6ed2e4ba3 1602->1610 1611 7ff6ed2e4c13-7ff6ed2e4c4a call 7ff6ed2e2036 IsDlgButtonChecked GetLastError 1603->1611 1612 7ff6ed2e4c97-7ff6ed2e4caf IsDlgButtonChecked 1603->1612 1629 7ff6ed2e3571-7ff6ed2e3868 SetupDiGetDeviceRegistryPropertyA SetupDiGetDeviceInstanceIdA SetupDiGetDeviceRegistryPropertyA call 7ff6ed2e2124 1604->1629 1613 7ff6ed2e3382-7ff6ed2e3393 call 7ff6ed318339 1606->1613 1614 7ff6ed2e3370-7ff6ed2e3380 1606->1614 1619 7ff6ed2e4bb4-7ff6ed2e4bea 1609->1619 1620 7ff6ed2e4bec-7ff6ed2e4bf0 1609->1620 1623 7ff6ed2e4ba5-7ff6ed2e4ba8 1610->1623 1624 7ff6ed2e4bab-7ff6ed2e4bae 1610->1624 1650 7ff6ed2e4c54-7ff6ed2e4c7c SetLastError IsDlgButtonChecked call 7ff6ed31b9b1 1611->1650 1651 7ff6ed2e4c4c-7ff6ed2e4c4f ??3@YAXPEAX@Z 1611->1651 1621 7ff6ed2e4cb5 1612->1621 1622 7ff6ed2e4cb1-7ff6ed2e4cb3 1612->1622 1641 7ff6ed2e3398-7ff6ed2e339b 1613->1641 1627 7ff6ed2e33cf-7ff6ed2e33d3 1614->1627 1630 7ff6ed2e42af-7ff6ed2e42ba GetLastError 1617->1630 1631 7ff6ed2e42e1-7ff6ed2e430d SetupDiGetDeviceInterfaceDetailA 1617->1631 1619->1620 1620->1593 1635 7ff6ed2e4cb7-7ff6ed2e4cc9 IsDlgButtonChecked 1621->1635 1632 7ff6ed2e4ce8-7ff6ed2e4d17 IsDlgButtonChecked * 2 1622->1632 1623->1624 1624->1602 1633 7ff6ed2e33d5 1627->1633 1634 7ff6ed2e33b7-7ff6ed2e33c7 1627->1634 1687 7ff6ed2e386d-7ff6ed2e3f78 1629->1687 1637 7ff6ed2e42d5 1630->1637 1638 7ff6ed2e42bc-7ff6ed2e42c8 call 7ff6ed3187f9 1630->1638 1642 7ff6ed2e4313-7ff6ed2e431c GetLastError 1631->1642 1643 7ff6ed2e43a2 1631->1643 1632->1592 1633->1580 1644 7ff6ed2e33da-7ff6ed2e33e2 1634->1644 1645 7ff6ed2e33c9-7ff6ed2e33cc 1634->1645 1635->1622 1648 7ff6ed2e4ccb-7ff6ed2e4ce2 IsDlgButtonChecked 1635->1648 1637->1631 1638->1616 1641->1614 1652 7ff6ed2e339d-7ff6ed2e33b5 call 7ff6ed318339 strlen 1641->1652 1653 7ff6ed2e431e-7ff6ed2e4345 _calloc_dbg 1642->1653 1654 7ff6ed2e4387-7ff6ed2e4396 call 7ff6ed3187f9 call 7ff6ed318339 1642->1654 1649 7ff6ed2e43a9-7ff6ed2e43ae call 7ff6ed318339 1643->1649 1644->1645 1656 7ff6ed2e33e4-7ff6ed2e33e7 1644->1656 1645->1627 1648->1632 1657 7ff6ed2e4ce4-7ff6ed2e4ce6 1648->1657 1672 7ff6ed2e439b-7ff6ed2e439d 1649->1672 1675 7ff6ed2e4c7e-7ff6ed2e4c8a call 7ff6ed31b9b1 1650->1675 1676 7ff6ed2e4c8c-7ff6ed2e4c92 1650->1676 1651->1650 1652->1641 1653->1649 1663 7ff6ed2e4347-7ff6ed2e436c SetupDiGetDeviceInterfaceDetailA 1653->1663 1654->1672 1656->1645 1667 7ff6ed2e33e9 1656->1667 1657->1635 1663->1654 1664 7ff6ed2e43b0-7ff6ed2e4423 CreateFileA call 7ff6ed2e9114 CloseHandle 1663->1664 1678 7ff6ed2e4b54-7ff6ed2e4b57 1664->1678 1685 7ff6ed2e4429-7ff6ed2e4431 1664->1685 1667->1580 1672->1678 1675->1676 1676->1603 1678->1617 1685->1678 1686 7ff6ed2e4435 call 7ff6ed2e9d14 1685->1686 1686->1678 1692 7ff6ed2e3ff5-7ff6ed2e400c 1687->1692 1693 7ff6ed2e3f7a-7ff6ed2e3fdb strstr 1687->1693 1695 7ff6ed2e400e-7ff6ed2e4020 1692->1695 1696 7ff6ed2e4041-7ff6ed2e4273 call 7ff6ed318339 1692->1696 1693->1692 1694 7ff6ed2e3fdd-7ff6ed2e3fe1 1693->1694 1694->1692 1697 7ff6ed2e3fe3-7ff6ed2e3fee 1694->1697 1700 7ff6ed2e4032-7ff6ed2e403a 1695->1700 1701 7ff6ed2e4022-7ff6ed2e4030 1695->1701 1696->1617 1697->1692 1700->1696 1701->1700
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Close$??3@ButtonCheckedItem_malloc_dbg_snprintf_wassertstrlen
                                                                                                  • String ID: (card_start > 0) && (card_start < ARRAYSIZE(genstor_name))$(uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name))$dev.c
                                                                                                  • API String ID: 55729720-644579405
                                                                                                  • Opcode ID: e70705155ccf23d699bab1a8b1af822e04f584c0bf29b773890dbfb037933b37
                                                                                                  • Instruction ID: 0ca92da73ff6b6c882f83352ddeeb5b55e86c68fb1a13e919befab7fac3990db
                                                                                                  • Opcode Fuzzy Hash: e70705155ccf23d699bab1a8b1af822e04f584c0bf29b773890dbfb037933b37
                                                                                                  • Instruction Fuzzy Hash: D1215E73A0C64689EA61DB21E5407BA6390FF59786F448131CE4EC7695FF2EE840CB0A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E2124 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$??3@ByteCharDeviceMultiPropertyRegistrySetupWide_calloc_dbg
                                                                                                  • String ID:
                                                                                                  • API String ID: 3199935762-0
                                                                                                  • Opcode ID: 246853b34b6d2ea67d7a3219a8a0ad9c52862ccaf9f12ddf9f23e45202cae307
                                                                                                  • Instruction ID: 44dfd4e67de719846b4daee503b9118b567a159d8f908563015e3ea0afef7aba
                                                                                                  • Opcode Fuzzy Hash: 246853b34b6d2ea67d7a3219a8a0ad9c52862ccaf9f12ddf9f23e45202cae307
                                                                                                  • Instruction Fuzzy Hash: 20110AB3709A4586E6105B22BC00766A651BBD9BD0F180234EE9D87B85EE3CC5418704
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E8418 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • Notice: Disabling VDS (Could not create VDS Loader Instance: %s), xrefs: 00007FF6ED2E84A6
                                                                                                  • Notice: Disabling VDS (Could not load VDS Service: %s), xrefs: 00007FF6ED2E84DA
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLastProxyRelease_Unknown_
                                                                                                  • String ID: Notice: Disabling VDS (Could not create VDS Loader Instance: %s)$Notice: Disabling VDS (Could not load VDS Service: %s)
                                                                                                  • API String ID: 1114467082-2877501324
                                                                                                  • Opcode ID: aae663ba164c31a8e8b19bed437cabe80b5834bd2bd0bfafe0789adc6f28c402
                                                                                                  • Instruction ID: 7c99700b5256c7da84bbefab05529ddc0fe645d47abe8c07f7c66586531a57db
                                                                                                  • Opcode Fuzzy Hash: aae663ba164c31a8e8b19bed437cabe80b5834bd2bd0bfafe0789adc6f28c402
                                                                                                  • Instruction Fuzzy Hash: 91319E33B09A4686EB25CB75E45036AA7A1FB99B50F404135DE8E8B794EF3DD404C709
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED315CCF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1769 7ff6ed315ccf-7ff6ed315cda 1770 7ff6ed315cdc-7ff6ed315ce3 1769->1770 1771 7ff6ed315cf1-7ff6ed315cf3 1769->1771 1772 7ff6ed315d12-7ff6ed315d18 1770->1772 1773 7ff6ed315ce5 1770->1773 1774 7ff6ed315d46-7ff6ed315d4d 1771->1774 1776 7ff6ed315cf9-7ff6ed315d09 1772->1776 1775 7ff6ed315cec call 7ff6ed318339 1773->1775 1775->1771 1778 7ff6ed315d1a-7ff6ed315d1c 1776->1778 1779 7ff6ed315d0b-7ff6ed315d0d 1776->1779 1780 7ff6ed315d0f 1778->1780 1782 7ff6ed315d1e-7ff6ed315d44 _calloc_dbg 1778->1782 1779->1780 1781 7ff6ed315cf5 1779->1781 1780->1772 1781->1776 1782->1774 1782->1775
                                                                                                  APIs
                                                                                                  • _calloc_dbg.MSVCRT ref: 00007FF6ED315D2D
                                                                                                    • Part of subcall function 00007FF6ED318339: OutputDebugStringW.KERNEL32 ref: 00007FF6ED3183A2
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183D4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183E4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183F4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED318404
                                                                                                    • Part of subcall function 00007FF6ED318339: ??3@YAXPEAX@Z.MSVCRT ref: 00007FF6ED318424
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@DebugOutputString_calloc_dbg
                                                                                                  • String ID: could not allocate space for hash table$warning: htab_create() was called with a non empty table
                                                                                                  • API String ID: 869255960-4195100278
                                                                                                  • Opcode ID: 6c88fd4f5b5cc7cc2ae9e09317c99468e98d195e44eb70de1bd9f96298a70e8d
                                                                                                  • Instruction ID: 312d060b467c68ed66f81426b20863d934591260d98743a75f384787f6dfdc50
                                                                                                  • Opcode Fuzzy Hash: 6c88fd4f5b5cc7cc2ae9e09317c99468e98d195e44eb70de1bd9f96298a70e8d
                                                                                                  • Instruction Fuzzy Hash: F501A2A3F1A51382FB684F25981437591A2AFB6300F28C635D90DC76C4FE2EE855830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2FDCE0 Relevance: 4.6, APIs: 3, Instructions: 50timeCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1783 7ff6ed2fdce0-7ff6ed2fdd09 1784 7ff6ed2fdd0b-7ff6ed2fdd16 1783->1784 1785 7ff6ed2fdd18-7ff6ed2fdd31 GetTickCount64 1783->1785 1786 7ff6ed2fdd85-7ff6ed2fdd91 1784->1786 1787 7ff6ed2fdd33-7ff6ed2fdd6f SetTimer 1785->1787 1788 7ff6ed2fdd71-7ff6ed2fdd78 1785->1788 1787->1786 1789 7ff6ed2fdd7e-7ff6ed2fdd81 GetTickCount64 1788->1789 1789->1786
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Count64TickTimer
                                                                                                  • String ID:
                                                                                                  • API String ID: 3031275899-0
                                                                                                  • Opcode ID: 1ad21ae189b605ce0a2de02cd889e051598a42153e95ebbd0fd7ae6dd0e91133
                                                                                                  • Instruction ID: c84c2192c754be053371a01e67a435ec92c4bc187b0ab373e35592e384839417
                                                                                                  • Opcode Fuzzy Hash: 1ad21ae189b605ce0a2de02cd889e051598a42153e95ebbd0fd7ae6dd0e91133
                                                                                                  • Instruction Fuzzy Hash: BE11EF77A15B0A99E3018F16F844AE92364FB85B84F508536CE0E83274EF3E9485C305
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Non-executed Functions

                                                                                                  Function 00007FF6ED2FC662 Relevance: 246.2, APIs: 85, Strings: 55, Instructions: 1151stringfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@strlen$_snprintf$File$ButtonChecked$_calloc_dbgfclosefopen$ErrorLast$ExistsPathfprintf$Delete_strcmpifreadisspacestrstr$ByteCharCreateDebugDirectoryMoveMultiNameOutputStringTempWide_mbsdup_strnicmp_wassert_wchdir_wstat64renamestrcmptolower
                                                                                                  • String ID: APPEND %s/$ Checking txtsetup.sif: OsLoadOptions = %s$ Could not access %s$ Could not detect Grub version$ Could not read Grub version from '%s'$ Detected Syslinux version: %s%s (from '%s')$ Found conflicting isolinux versions: '%s' (%d.%02d%s) vs '%s' (%d.%02d%s)$ Warning: Conflict between Isolinux version and the presence of ldlinux.c32...$ Warning: Could not detect Isolinux version - Forcing to %s (embedded)$ Will use '%s' for Syslinux$%d.%02d$%s'%s' doesn't look like an ISO image$%s/%s$%s/normal.mod$%sCould not locate UDF root directory$%sImage is a UDF image$%sImage is an ISO9660 image$%sThis image will be extracted using %s extensions (if present)$%sThis image will not be extracted using any ISO extensions$%s\%s$%s\EFI$%s\EFI\boot\bootx64.efi$%s\slax\boot\EFI$%s\syslinux.cfg$%s\syslinux.org$%sisolinux.tmp$.\txtsetup.sif~$/%s/txtsetup.sif$/boot/i386/loader/isolinux.cfg$/boot/x86_64/loader/isolinux.cfg$/minint$<NULL>$Broken UEFI bootloader detected - Applying workaround:$DEFAULT loadconfigLABEL loadconfig CONFIG %s$DEFAULT loadconfigLABEL loadconfig CONFIG %s APPEND %s$Error: ISO has not been properly scanned.$Extracting files...$ISO analysis:$Joliet$OsLoadOptions$Rock Ridge$Rufus$Unable to create %s - booting from USB may not work$Unable to create %s - booting from USB will not work$Updating %s:$amd64$compact /u bootmgr* efi/boot/*.efi$i$i386$img_report.has_md5sum <= ARRAYSIZE(md5sum_name)$iso.c$len > 8$minint$o$s
                                                                                                  • API String ID: 1133186206-1634301959
                                                                                                  • Opcode ID: 6de5a1434a166af050adb64629a83aca35e31f57837d49b899e70d80dd4e3f57
                                                                                                  • Instruction ID: b9f78903414afd39728884d0b13da07750ddcc35611dfbffb79a09e577dc0f94
                                                                                                  • Opcode Fuzzy Hash: 6de5a1434a166af050adb64629a83aca35e31f57837d49b899e70d80dd4e3f57
                                                                                                  • Instruction Fuzzy Hash: 4AC27E27A0C68285FB10DB11E5503B9A391EFA6B84F544432DA4DD7BA5FF3EE405CB0A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5A4D Relevance: 165.2, APIs: 42, Strings: 52, Instructions: 709COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetKeyboardLayoutNameA.USER32 ref: 00007FF6ED2E5A78
                                                                                                    • Part of subcall function 00007FF6ED318339: OutputDebugStringW.KERNEL32 ref: 00007FF6ED3183A2
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183D4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183E4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183F4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED318404
                                                                                                    • Part of subcall function 00007FF6ED318339: ??3@YAXPEAX@Z.MSVCRT ref: 00007FF6ED318424
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@DebugKeyboardLayoutNameOutputString
                                                                                                  • String ID: !MENUCOLOR=7,0MENUMENU FreeDOS Language Selection Menu$%s1%c Use %s keyboard with %s codepage [%d]$%s2%c Use %s keyboard with %s codepage [%d]$:1$:2$@echo off$Could not scan keyboard layout name - falling back to US as default$GOTO %%CONFIG%%$Keyboard id '%s' is not supported - falling back to 'us'$MENU12?$MENU $MENUDEFAULT=1,5$MENUITEM=$Successfully wrote 'AUTOEXEC.BAT'$Successfully wrote 'CONFIG.SYS'$Unable to create 'AUTOEXEC.BAT': %s.$Unable to create 'CONFIG.SYS': %s.$Unable to find an EGA file with codepage %d [%s]$Unable to match KBID and LangID - defaulting to US$Unable to match KBID, trying LangID 0x%04x$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$Windows KBID 0x%08x$[1]device=\locale\display.sys con=(ega,,1)[2]$[MENU]$\AUTOEXEC.BAT$\CONFIG.SYS$display con=(ega,,1)$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$ega10.cpx$ega11.cpx$ega12$ega13.cpx$ega14.cpx$ega16.cpx$ega18.cpx$ega2.cpi$ega2.cpx$ega3.cpi$ega3.cpx$ega4.cpx$ega5.cpx$ega6.cpx$ega7.cpx$kbdrv >= 0$keyb %s,,\locale\%s$mode con codepage prepare=((%d) \locale\%s) > NUL$mode con codepage select=%d > NUL$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 4172011781-1028470487
                                                                                                  • Opcode ID: 9e2149e88c414a2d75ef8ea833db662ce790b4431660639e13e0b957d8331f04
                                                                                                  • Instruction ID: dde70921c9a163c69bdf2f694dbb9e8539e6dccfa1d35bf0dc6e80828174a30b
                                                                                                  • Opcode Fuzzy Hash: 9e2149e88c414a2d75ef8ea833db662ce790b4431660639e13e0b957d8331f04
                                                                                                  • Instruction Fuzzy Hash: DB627063A1CA0389FA25D724E5543BD9361EF52781FA40832DE1EC75A5FE2FF548820B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED32B17D Relevance: 135.2, APIs: 32, Strings: 45, Instructions: 448registryfileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2396 7ff6ed32b17d-7ff6ed32b270 2397 7ff6ed32b276-7ff6ed32b29c call 7ff6ed318339 call 7ff6ed2fe6eb 2396->2397 2398 7ff6ed32b57e _wassert 2396->2398 2409 7ff6ed32b36c-7ff6ed32b37a 2397->2409 2410 7ff6ed32b2a2-7ff6ed32b2df _snprintf CreateDirectoryA 2397->2410 2399 7ff6ed32b584-7ff6ed32b5c1 _snprintf call 7ff6ed329455 2398->2399 2405 7ff6ed32b686-7ff6ed32b6a9 call 7ff6ed318339 call 7ff6ed3250da 2399->2405 2406 7ff6ed32b5c7-7ff6ed32b5db call 7ff6ed3187f9 call 7ff6ed318339 2399->2406 2428 7ff6ed32b6ae 2405->2428 2434 7ff6ed32b6b3-7ff6ed32b6bb 2406->2434 2412 7ff6ed32b4aa-7ff6ed32b4cd call 7ff6ed3250da 2409->2412 2413 7ff6ed32b380-7ff6ed32b3d1 call 7ff6ed3292cb * 2 MoveFileExW 2409->2413 2415 7ff6ed32b2e1-7ff6ed32b2ec GetLastError 2410->2415 2416 7ff6ed32b2ee-7ff6ed32b324 _snprintf CopyFileA 2410->2416 2430 7ff6ed32b549-7ff6ed32b54b 2412->2430 2431 7ff6ed32b4cf-7ff6ed32b501 call 7ff6ed318339 call 7ff6ed328092 2412->2431 2448 7ff6ed32b3db-7ff6ed32b3de 2413->2448 2449 7ff6ed32b3d3-7ff6ed32b3d6 ??3@YAXPEAX@Z 2413->2449 2415->2416 2420 7ff6ed32b326-7ff6ed32b348 call 7ff6ed3187f9 call 7ff6ed318339 2415->2420 2416->2420 2421 7ff6ed32b34d-7ff6ed32b367 call 7ff6ed318339 2416->2421 2420->2434 2421->2428 2428->2434 2436 7ff6ed32b551-7ff6ed32b563 2430->2436 2468 7ff6ed32b52a-7ff6ed32b53b call 7ff6ed32770e 2431->2468 2469 7ff6ed32b503-7ff6ed32b525 call 7ff6ed318339 * 3 2431->2469 2439 7ff6ed32b6bd RegCloseKey 2434->2439 2440 7ff6ed32b6c3-7ff6ed32b6cb 2434->2440 2443 7ff6ed32b5e0-7ff6ed32b61a _snprintf SHCreateDirectoryExA 2436->2443 2444 7ff6ed32b565-7ff6ed32b568 2436->2444 2439->2440 2445 7ff6ed32b6cd RegCloseKey 2440->2445 2446 7ff6ed32b6d3-7ff6ed32b6d6 2440->2446 2456 7ff6ed32b636-7ff6ed32b66b _snprintf call 7ff6ed329455 2443->2456 2457 7ff6ed32b61c-7ff6ed32b634 SetLastError call 7ff6ed3187f9 2443->2457 2444->2399 2450 7ff6ed32b56a-7ff6ed32b577 2444->2450 2445->2446 2451 7ff6ed32b6d8-7ff6ed32b709 call 7ff6ed3180a1 call 7ff6ed3250da 2446->2451 2452 7ff6ed32b70e-7ff6ed32b711 2446->2452 2454 7ff6ed32b3e8-7ff6ed32b3f2 2448->2454 2455 7ff6ed32b3e0-7ff6ed32b3e3 ??3@YAXPEAX@Z 2448->2455 2449->2448 2450->2398 2451->2452 2461 7ff6ed32b998-7ff6ed32b9b5 ??3@YAXPEAX@Z 2452->2461 2462 7ff6ed32b717-7ff6ed32b763 call 7ff6ed318339 call 7ff6ed3273ca call 7ff6ed3250da 2452->2462 2463 7ff6ed32b41a-7ff6ed32b41f GetLastError 2454->2463 2464 7ff6ed32b3f4-7ff6ed32b3fa GetLastError 2454->2464 2455->2454 2456->2405 2477 7ff6ed32b66d-7ff6ed32b67c call 7ff6ed3187f9 2456->2477 2476 7ff6ed32b67f-7ff6ed32b684 call 7ff6ed318339 2457->2476 2462->2461 2470 7ff6ed32b421-7ff6ed32b430 call 7ff6ed318339 2463->2470 2471 7ff6ed32b435-7ff6ed32b47d call 7ff6ed3292cb CreateFileW GetLastError 2463->2471 2464->2463 2473 7ff6ed32b3fc-7ff6ed32b415 call 7ff6ed3187f9 call 7ff6ed318339 2464->2473 2498 7ff6ed32b768-7ff6ed32b7af _snprintf call 7ff6ed317f71 2468->2498 2499 7ff6ed32b541-7ff6ed32b544 2468->2499 2469->2468 2470->2471 2495 7ff6ed32b487-7ff6ed32b4a5 SetLastError CloseHandle call 7ff6ed318339 2471->2495 2496 7ff6ed32b47f-7ff6ed32b482 ??3@YAXPEAX@Z 2471->2496 2473->2412 2476->2434 2477->2476 2495->2412 2496->2495 2508 7ff6ed32b7b1-7ff6ed32b7c0 call 7ff6ed318339 2498->2508 2509 7ff6ed32b7c5-7ff6ed32b83b call 7ff6ed3250da _snprintf RegOpenKeyExA 2498->2509 2499->2434 2508->2436 2514 7ff6ed32b83d-7ff6ed32b852 SetLastError call 7ff6ed3187f9 2509->2514 2515 7ff6ed32b854-7ff6ed32b8a5 RegCreateKeyExA 2509->2515 2525 7ff6ed32b8bc-7ff6ed32b8c1 call 7ff6ed318339 2514->2525 2517 7ff6ed32b8a7-7ff6ed32b8b9 SetLastError call 7ff6ed3187f9 2515->2517 2518 7ff6ed32b8df-7ff6ed32b90d RegSetValueExA 2515->2518 2517->2525 2519 7ff6ed32b8c6-7ff6ed32b8dd call 7ff6ed318339 2518->2519 2520 7ff6ed32b90f-7ff6ed32b930 SetLastError call 7ff6ed3187f9 call 7ff6ed318339 2518->2520 2519->2518 2531 7ff6ed32b935-7ff6ed32b95f call 7ff6ed3040ac 2519->2531 2520->2436 2525->2436 2536 7ff6ed32b96d-7ff6ed32b993 call 7ff6ed3250da 2531->2536 2537 7ff6ed32b961-7ff6ed32b968 call 7ff6ed318339 2531->2537 2536->2436 2537->2536
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$_snprintf$??3@$ButtonCheckedCreate$CloseFile$Directory$CopyDebugHandleMoveOpenOutputStringValue_wassertisspace
                                                                                                  • String ID: %c:\Windows\Panther$%c:\Windows\Panther\unattend.xml$%c:\sources\$OEM$\$$\Panther$%c:\sources\$OEM$\$$\Panther\unattend.xml$%s\Autounattend.xml$%s\Setup$%s\Windows\System32\config\SYSTEM$<settings$?:\sourc$?:\sourc$Added '%s'$Added 'Autounattend.xml' to '%s'$Applying Windows customization:$Could not create '%s' : %s$Could not create '%s': %s$Could not create 'HKLM\SYSTEM\Setup\LabConfig' registry key: %s$Could not create boot.wim 'Autounattend.xml': %s$Could not open 'HKLM\SYSTEM\Setup' registry key: %s$Could not rename '%s': %s$Could not set 'HKLM\SYSTEM\Setup\LabConfig\%s' registry key: %s$Created '%s'$Created '%s' placeholder$Created 'HKLM\SYSTEM\Setup\LabConfig\%s' registry key$Error: Could not create directory '%s': %s$Falling back to creating the registry keys through unattend.xml$LabConfig$Mounting '%s[%d]'...$RUFUS_OFFLINE_HIVE$Rufus recommends that you only use OFFICIAL retail Microsoft Windows images, such as$Unmounting '%s[%d]'...$WARNING: This image appears to be an UNOFFICIAL Windows ISO!$Warning: Could not disable 'windowsPE' pass from unattend.xml$disabled$es\appra$es\boot.$mount_path != NULL$ppraiser$ppraiser$res.bak$res.dll$the ones that can be downloaded through the download facility of this application.$unattend_xml_path != NULL$wim$windowsPE$wue.c
                                                                                                  • API String ID: 46329843-817000690
                                                                                                  • Opcode ID: 8460c3eae77369b97677ab42e0e8d1e1c37f99a6f9c02b2f7ce1aac25b70c3a4
                                                                                                  • Instruction ID: c163773cb68f745d1d83a5104310c2ccf6e5f3bbbb738c9e2d2a81da737681e3
                                                                                                  • Opcode Fuzzy Hash: 8460c3eae77369b97677ab42e0e8d1e1c37f99a6f9c02b2f7ce1aac25b70c3a4
                                                                                                  • Instruction Fuzzy Hash: D312C267A0868381FB209B52E8107BAE651AFA6784F544035DD4DCBBD9FE3EE105870A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED329DEC Relevance: 128.1, APIs: 36, Strings: 37, Instructions: 399fileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2541 7ff6ed329dec-7ff6ed329e95 2542 7ff6ed329ea7-7ff6ed329f85 IsDlgButtonChecked _snprintf toupper _snprintf toupper _snprintf CopyFileA 2541->2542 2543 7ff6ed329e97-7ff6ed329ea3 2541->2543 2544 7ff6ed32a05a-7ff6ed32a0c8 toupper _snprintf toupper _snprintf CopyFileA 2542->2544 2545 7ff6ed329f8b-7ff6ed329ff2 toupper _snprintf toupper _snprintf CopyFileA 2542->2545 2543->2542 2546 7ff6ed32a0e6-7ff6ed32a0f2 2544->2546 2547 7ff6ed32a0ca-7ff6ed32a0e1 call 7ff6ed3187f9 call 7ff6ed318339 2544->2547 2548 7ff6ed329ff4-7ff6ed32a00d call 7ff6ed3187f9 call 7ff6ed318339 2545->2548 2549 7ff6ed32a012-7ff6ed32a032 call 7ff6ed303ce5 2545->2549 2552 7ff6ed32a12f-7ff6ed32a164 CreateFileA 2546->2552 2553 7ff6ed32a0f4-7ff6ed32a0fc 2546->2553 2547->2546 2548->2549 2570 7ff6ed32a048-7ff6ed32a055 call 7ff6ed318339 2549->2570 2571 7ff6ed32a034-7ff6ed32a043 call 7ff6ed318339 2549->2571 2555 7ff6ed32a166-7ff6ed32a17d call 7ff6ed3187f9 call 7ff6ed318339 2552->2555 2556 7ff6ed32a182-7ff6ed32a192 GetFileSize 2552->2556 2559 7ff6ed32a116-7ff6ed32a118 2553->2559 2560 7ff6ed32a0fe-7ff6ed32a111 call 7ff6ed318339 2553->2560 2569 7ff6ed32a473-7ff6ed32a475 2555->2569 2564 7ff6ed32a1af-7ff6ed32a1bc _malloc_dbg 2556->2564 2565 7ff6ed32a194-7ff6ed32a1a6 call 7ff6ed3187f9 call 7ff6ed318339 2556->2565 2568 7ff6ed32a11e-7ff6ed32a12a call 7ff6ed318339 2559->2568 2559->2569 2580 7ff6ed32a477 2560->2580 2576 7ff6ed32a1ab-7ff6ed32a1ad 2564->2576 2577 7ff6ed32a1be-7ff6ed32a1db ReadFile 2564->2577 2565->2576 2568->2569 2569->2580 2570->2544 2571->2569 2584 7ff6ed32a223-7ff6ed32a225 2576->2584 2585 7ff6ed32a1dd-7ff6ed32a1e1 2577->2585 2586 7ff6ed32a1e3-7ff6ed32a1f5 call 7ff6ed3187f9 2577->2586 2581 7ff6ed32a47b-7ff6ed32a483 2580->2581 2589 7ff6ed32a48e-7ff6ed32a4ab ??3@YAXPEAX@Z 2581->2589 2590 7ff6ed32a485-7ff6ed32a488 CloseHandle 2581->2590 2584->2581 2585->2586 2593 7ff6ed32a1f7-7ff6ed32a20a SetFilePointerEx 2585->2593 2598 7ff6ed32a21e call 7ff6ed318339 2586->2598 2590->2589 2596 7ff6ed32a20c-7ff6ed32a21b call 7ff6ed3187f9 2593->2596 2597 7ff6ed32a22a-7ff6ed32a23f call 7ff6ed318339 2593->2597 2596->2598 2604 7ff6ed32a268 2597->2604 2605 7ff6ed32a241-7ff6ed32a248 2597->2605 2598->2584 2606 7ff6ed32a26d-7ff6ed32a274 2604->2606 2605->2604 2607 7ff6ed32a24a-7ff6ed32a251 2605->2607 2608 7ff6ed32a33d-7ff6ed32a345 2606->2608 2609 7ff6ed32a27a 2606->2609 2607->2604 2610 7ff6ed32a253-7ff6ed32a263 call 7ff6ed318339 2607->2610 2612 7ff6ed32a388 2608->2612 2613 7ff6ed32a347-7ff6ed32a369 call 7ff6ed319283 2608->2613 2611 7ff6ed32a27d-7ff6ed32a2a8 strlen _strnicmp 2609->2611 2610->2604 2615 7ff6ed32a2aa-7ff6ed32a2ae 2611->2615 2616 7ff6ed32a325-7ff6ed32a329 2611->2616 2617 7ff6ed32a38a-7ff6ed32a390 2612->2617 2613->2581 2628 7ff6ed32a36f-7ff6ed32a383 call 7ff6ed3187f9 call 7ff6ed318339 2613->2628 2619 7ff6ed32a2ca-7ff6ed32a323 call 7ff6ed318339 _mbscpy strlen * 2 2615->2619 2620 7ff6ed32a2b0-7ff6ed32a2c4 _wassert 2615->2620 2622 7ff6ed32a336-7ff6ed32a338 2616->2622 2623 7ff6ed32a32b-7ff6ed32a331 2616->2623 2617->2613 2621 7ff6ed32a392-7ff6ed32a3b4 _strnicmp 2617->2621 2619->2616 2620->2619 2626 7ff6ed32a3b6-7ff6ed32a3f2 IsDlgButtonChecked call 7ff6ed318339 2621->2626 2627 7ff6ed32a3f7-7ff6ed32a411 _strnicmp 2621->2627 2622->2606 2623->2611 2626->2627 2632 7ff6ed32a46b-7ff6ed32a46e 2627->2632 2633 7ff6ed32a413-7ff6ed32a465 call 7ff6ed318339 _mbscpy strlen * 2 2627->2633 2628->2584 2632->2617 2633->2632
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _snprintf$toupper$ButtonChecked$CopyFile$??3@$CloseDebugHandleOutputStringisspace
                                                                                                  • String ID: 0x%08X: '%s' -> '%s%s'$ 0x%08X: '%s' -> '%s'$ 0x%08X: '%s' -> 'rdisk(%c)'$ 0x00002060: 0x74 0x03 -> 0xEB 0x1A (disable Win2k3 CRC check)$$win_nt$.~bt$%c:\%s\ntdetect.com$%c:\%s\setupldr.bin$%c:\%s\txtsetup.sif$%c:\BOOTMGR$%c:\ntdetect.com$%c:\txtsetup.sif$Could not get size for file %s: %s$Could not open %s for patching: %s$Could not read file %s: %s$Could not rewind file %s: %s$Could not write patched file: %s$Detected \minint directory only but no /minint option: not sure what to do$Detected \minint directory with /minint option: nothing to patch$Did not copy %s as %s: %s$Failed to add SetupSourceDevice in %s$Patching file %s$SetupSourceDevice = "\device\harddisk%d\partition1"$Successfully added '%s' to %s$[SetupData]$\amd64\system32\$\amd64\txtsetup.sif$\i386\system32\$\i386\txtsetup.sif$\minint\system32\$\minint\txtsetup.sif$amd64$i386$index < 2$minint$rdisk(0)$t$wue.c
                                                                                                  • API String ID: 4029364608-3130487929
                                                                                                  • Opcode ID: e348c34dddf2e80d268613d9b1b45e2209f0f185d469374ca50167c51e8a26b3
                                                                                                  • Instruction ID: e89f257c3d5377dd92cbe874110453398b9afbe2d9d88d60855988e88bffef76
                                                                                                  • Opcode Fuzzy Hash: e348c34dddf2e80d268613d9b1b45e2209f0f185d469374ca50167c51e8a26b3
                                                                                                  • Instruction Fuzzy Hash: C502C667A0C68285E710DB11F8057BAA3A1EBA7784F540136DE4DC7B95FE3ED504C34A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2ED664 Relevance: 100.4, APIs: 34, Strings: 23, Instructions: 696filesleepsynchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$ErrorLast$??3@$ButtonCheckedCloseHandlePointer$CreateSleepWrite$DebugEventObjectOutputOverlappedReadResultSingleStringWait_calloc_dbg_errno_wassertisspace
                                                                                                  • String ID: Error: Could not reset position - %s$Read error: %s$Read error: Could not read data for fast zeroing comparison - %s$Write error at sector %lld: %s$Write error: Wrote %d bytes, expected %d bytes$(uintptr_t)buffer % SelectedDrive.SectorSize == 0$(uintptr_t)cmp_buffer % SelectedDrive.SectorSize == 0$(uintptr_t)sec_buf % SelectedDrive.SectorSize == 0$Could not allocate disk comparison buffer$Could not allocate disk write buffer$Could not allocate disk zeroing buffer$Could not open image '%s': %s$Could not write compressed image: %lld$Fast-zeroing drive:$Notice: Compressed image data didn't end on block boundary.$Retrying in %d seconds...$Unexpected sector size (%d) - Aborting$Warning: Unable to rewind image position - wrong data might be copied!$Write error: Could not reset position - %s$Writing compressed image:$Zeroing drive:$format.c$img_report.compression_type != IMG_COMPRESSION_FFU
                                                                                                  • API String ID: 457833318-174718514
                                                                                                  • Opcode ID: b7ecaf7d3b3d820576d050b543ba8eab46709285200eccdacc4ad03f452e5cb6
                                                                                                  • Instruction ID: 7da1cfd7b193efb8b65eb0e4b8f61f9405b80c83c033cbf418068b475588217b
                                                                                                  • Opcode Fuzzy Hash: b7ecaf7d3b3d820576d050b543ba8eab46709285200eccdacc4ad03f452e5cb6
                                                                                                  • Instruction Fuzzy Hash: A662D023B096038AFB11DB25E910379A391EFA6784F546135DE1DC7AD4FE3EE4058B0A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3040AC Relevance: 79.1, APIs: 34, Strings: 11, Instructions: 329filestringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$fclose$ButtonChecked$_wfopen$ByteCharMultiWide_calloc_dbgfread$DebugOutputString_wunlinkfseekfwritestrcmpwcslen
                                                                                                  • String ID: %s%s$Could not allocate space for temporary output name$Could not convert '%s' to UTF-16$Could not open file '%s'$Could not open temporary output file '%s~'$Could not read file '%s'$Could not write '%s' - original file has been left unmodified.$RUFUS_OFFLINE_HIVE$r, ccs=UNICODE$w, ccs=UTF-16LE$w, ccs=UTF-8
                                                                                                  • API String ID: 1271460036-4016433921
                                                                                                  • Opcode ID: 43879fc6df1e07f664f0f6f650aab27534e7041c18cea1777989dc76c601e023
                                                                                                  • Instruction ID: 603c643d21847bc7a14f0a0133bf91d30d61ee82de5373619f0d4402aacd7303
                                                                                                  • Opcode Fuzzy Hash: 43879fc6df1e07f664f0f6f650aab27534e7041c18cea1777989dc76c601e023
                                                                                                  • Instruction Fuzzy Hash: 50D18457A0D64294FA65DB11E4113BAE390AFA7BC4F440431ED4E8B7D5FE3EE905830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2EB09D Relevance: 74.2, APIs: 17, Strings: 25, Instructions: 674COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$00007F9330$wcsncpy$??3@ControlDeviceFilePointer$Count64DebugOutputStringTick_calloc_dbg_wassertisspace
                                                                                                  • String ID: BIOS Compatibility$Could not access source image$Could not reset disk: %s$Could not set drive layout: %s$Could not set position$Could not zero %S: %s$EFI System$EFI System Partition$Error: Invalid %S size$FALSE$GPT$Linux Persistence$MBR$Main Data Partition$Microsoft Reserved Partition$SFD$UEFI$UEFI:NTFS$Unsupported file system$Write error: %s$Writing %S data...$drive.c$partition_style == PARTITION_STYLE_GPT$persistence_size != 0$uefi-ntfs.img
                                                                                                  • API String ID: 1959888114-2318659941
                                                                                                  • Opcode ID: fa76245700c4d46e97f1667f703f38be6917ffe005136d4afadbc914325a5bb2
                                                                                                  • Instruction ID: 0e954bcdce0d488ff13b3a24e9ebaee0d886419a6b4edb807ea88d237551761f
                                                                                                  • Opcode Fuzzy Hash: fa76245700c4d46e97f1667f703f38be6917ffe005136d4afadbc914325a5bb2
                                                                                                  • Instruction Fuzzy Hash: BD62C333B18B8684EA21CB25E5407AAB391FB96784F544136CE4D87B95EF3FD444CB0A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3034FB Relevance: 73.8, APIs: 31, Strings: 11, Instructions: 269fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@fclose$_wfopenwcslen$ByteCharMultiWide_calloc_dbgfputwsfreadfwprintf_swcsspn$_wcsnicmp_wunlinkfgetwsfseekfwrite
                                                                                                  • String ID: %s$%s = %s$=$Could not allocate space for temporary output name$Could not convert '%s' to UTF-16$Could not open file '%s'$Could not open temporary output file '%s~'$Could not write '%s' - original file has been left unmodified$r, ccs=UNICODE$w, ccs=UTF-16LE$w, ccs=UTF-8
                                                                                                  • API String ID: 702960896-3482819380
                                                                                                  • Opcode ID: 4baaa45191ce1427d4819880d2b48cf20851eaf0d93d1549416b00278d153a97
                                                                                                  • Instruction ID: 93d2d41adab7bfb8da62bc89c6e7692353fc6dbe33a032f03368b499c6303260
                                                                                                  • Opcode Fuzzy Hash: 4baaa45191ce1427d4819880d2b48cf20851eaf0d93d1549416b00278d153a97
                                                                                                  • Instruction Fuzzy Hash: 0DB1D657A0DA0280FE55AB11E8513BAD290EF77BC4F440431ED4D8BB95FE3EE405830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2EBF05 Relevance: 72.3, APIs: 12, Strings: 29, Instructions: 536fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@$CloseControlDeviceFileHandle$DebugInformationOutputPointerReadStringVolume_calloc_dbg_strncollisspacewcscmp
                                                                                                  • String ID: Detected File System: %s$ ID: %s Size: %s (%I64i bytes) Start Sector: %I64i, Attributes: 0x%016I64X$ Name: '%S'$ Type: %s (0x%02x) Detected File System: %s Size: %s (%lld bytes) Start Sector: %lld, Boot: %s$ (UEFI:NTFS)$(UEFI target)$Could not get geometry for drive 0x%02x: %s$Could not get layout for drive 0x%02x: %s$Cylinders: %I64i, Tracks per cylinder: %d, Sectors per track: %d$Disk GUID: %s$Disk ID: 0x%08X %s$Disk type: %s, Disk size: %s, Sector size: %d bytes$Drive$FIXED$Max parts: %d, Start Offset: %I64i, Usable = %I64i bytes$No volume information for drive 0x%02x$Partition %d%s:$Partition %d%s: Type: %s$Partition type: GPT, NB Partitions: %d$Partition type: MBR, NB Partitions: %d$Partition type: RAW$Partition type: SFD (%s) or unpartitioned$Removable$UEFI$UEFI$UEFI:NTFS$UEFI_NTFS$Warning: Drive 0x%02x reports a sector size of %d - Correcting to 512 bytes.$Yes
                                                                                                  • API String ID: 2739439295-4012687648
                                                                                                  • Opcode ID: 0496a07ad279bfbbc0b2c5f15a656199069eb7b57f23ec1d102a300155e483c4
                                                                                                  • Instruction ID: 769638d667e4aa99313dfad9fa2e5b27eddc641c0bb9bb3edc72559b343dd2a7
                                                                                                  • Opcode Fuzzy Hash: 0496a07ad279bfbbc0b2c5f15a656199069eb7b57f23ec1d102a300155e483c4
                                                                                                  • Instruction Fuzzy Hash: AE42B473B0C64289EB21DB65E5507BAA391EB96784F040135DE4DD7A94EF3FE4048B0A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E7E71 Relevance: 68.6, APIs: 16, Strings: 23, Instructions: 313stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$CloseFindVolume_strnicmp$DeviceHandle$??3@ControlDebugDriveErrorFirstLastNextOutputQueryStringType_calloc_dbg_mbsdup_wassertstrchrstrlen
                                                                                                  • String ID: (DriveIndex >= DRIVE_INDEX_MIN) && (DriveIndex <= DRIVE_INDEX_MAX)$(empty data)$Could not access first GUID volume: %s$Could not access next GUID volume: %s$Could not get Disk Extents: %s$Could not open GUID volume '%s': %s$Error: Trying to process a disk with more than %d partitions!$Failed to get device path for GUID volume '%s': %s$Ignoring volume '%s' because it has more than one extent (RAID?)...$Ignoring volume '%s' because it has no extents...$NO_LABEL$Skipping GUID volume for '%s'$Warning: Using physical device to access partition data$Windows volumes from this device:$\$\$\Device\CdRom$\Device\Floppy$\\?\$drive.c$len > 4$safe_strnicmp(volume_name, volume_start, 4) == 0$volume_name[len - 1] == '\\'
                                                                                                  • API String ID: 3711556334-3104530673
                                                                                                  • Opcode ID: 4af0be5563c239f53437a8c0bdfcc4ddaaa6f315c1e33f888dee4fbc02c73230
                                                                                                  • Instruction ID: 53f37b700010e05e7a52b0e80da3a3d4ab72aafd5b539de704776317d6e1565f
                                                                                                  • Opcode Fuzzy Hash: 4af0be5563c239f53437a8c0bdfcc4ddaaa6f315c1e33f888dee4fbc02c73230
                                                                                                  • Instruction Fuzzy Hash: A2D1D663A0C64385FA61DB21E5403BAE250AF96794F504231CE6DCBAD4FF3EE505C70A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED303CE5 Relevance: 68.5, APIs: 29, Strings: 10, Instructions: 252fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$fclose$ButtonChecked$_wfopen$ByteCharMultiWide_calloc_dbgfread$DebugOutputString_wunlinkfseekfwriteisspacewcslen
                                                                                                  • String ID: %s$Could not allocate space for temporary output name$Could not convert '%s' to UTF-16$Could not open file '%s'$Could not open temporary output file '%s~'$Could not read file '%s'$Could not write '%s' - original file has been left unmodified$r, ccs=UNICODE$w, ccs=UTF-16LE$w, ccs=UTF-8
                                                                                                  • API String ID: 3945044842-2867507016
                                                                                                  • Opcode ID: 889a31185d88c0f5288f2def0053814a61c21ce542071222eaf4b64bec0e3179
                                                                                                  • Instruction ID: b0694d2378225a9f85264cef99bd4324b93b058fe6a2db5f1bdee9f7251267f6
                                                                                                  • Opcode Fuzzy Hash: 889a31185d88c0f5288f2def0053814a61c21ce542071222eaf4b64bec0e3179
                                                                                                  • Instruction Fuzzy Hash: 1AA19513A0D64394FE659B12E4513BAE2A1AFA7BC4F484131ED4D8B7D5FE3EE501830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2FC041 Relevance: 65.1, APIs: 27, Strings: 10, Instructions: 388stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@ButtonChecked$_calloc_dbg_malloc_dbgstrlen$CloseDebugHandleOutputStringstrcmp
                                                                                                  • String ID: .conf$Could not allocate buffer$Could not create '%s': %s$Could not create directory '%s': %s$Could not get ISO-9660 file information for file %s$Could not open image '%s' as an ISO-9660 file system$Could not write '%s': %s$Error reading ISO-9660 file %s at LSN %lu$Extracting: %s (from '%s', %s)$FAT access error
                                                                                                  • API String ID: 2931088273-621355079
                                                                                                  • Opcode ID: 44f1b887f5723563eec728114bc77082edb1b8b4f9b73e42e2f5df61d8fb45a5
                                                                                                  • Instruction ID: 8c66210712dce440c01fca0a42955dfd033b0c26978616fe144517bca5d1a493
                                                                                                  • Opcode Fuzzy Hash: 44f1b887f5723563eec728114bc77082edb1b8b4f9b73e42e2f5df61d8fb45a5
                                                                                                  • Instruction Fuzzy Hash: 6CF12423A0C64389FA10DB65A58037EA391AF96794F244A31DE1DD7BD5FE3FE004970A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED317223 Relevance: 63.3, APIs: 26, Strings: 10, Instructions: 329processpipeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$ButtonCheckedErrorLast$CloseCreateHandleProcess$DebugOutputPipeStringTerminate
                                                                                                  • String ID: $%f*$Command did not terminate within timeout duration$Command was terminated by user$Could not set commandline pipe: %s$Could not terminate command: %s$Error while waiting for command to be terminated: %s$Unable to launch command '%s': %s$\s*\[[= ]+[\d\.]+%[= ]+\]\s*$h
                                                                                                  • API String ID: 911888136-587382117
                                                                                                  • Opcode ID: f5d2497cd5b84989b82db6a50b274060f6c000340362c72dcb9b89ae74d30f83
                                                                                                  • Instruction ID: 23d94702a65f5d0fdcb843dc29aefc5dd3a2de71821b4fb127134945653efd4a
                                                                                                  • Opcode Fuzzy Hash: f5d2497cd5b84989b82db6a50b274060f6c000340362c72dcb9b89ae74d30f83
                                                                                                  • Instruction Fuzzy Hash: 78E1C873A0C687C1E6609B15E4503BAE390FFA6790F144235DA9DC36D4EF3EE4498B0A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E266D Relevance: 58.0, APIs: 20, Strings: 13, Instructions: 261COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$Setup$??3@DeviceErrorLast$ClassCloseDebugDetailDevsEnumHandleInterfaceInterfacesOutputString_calloc_dbg
                                                                                                  • String ID: $ $Found '%s' optical device$Generic $Optical $SetupDiEnumDeviceInterfaces failed: %s$SetupDiGetClassDevs (Interface) failed: %s$SetupDiGetDeviceInterfaceDetail (actual) failed: %s$SetupDiGetDeviceInterfaceDetail (dummy) - no data was allocated$SetupDiGetDeviceInterfaceDetail (dummy) failed: %s$SetupDiGetDeviceRegistryProperty (Friendly Name) failed: %s$Unable to allocate data for SP_DEVICE_INTERFACE_DETAIL_DATA$l Drive
                                                                                                  • API String ID: 2423712518-2994186564
                                                                                                  • Opcode ID: 2892af2ec5f5bc647a6d2eb014a19b9c6264cad428c77c370f4544317af8e9a3
                                                                                                  • Instruction ID: f4a92c78b380d87a108f3bf8ce9849693e4330af6eb7003de409782b98db917c
                                                                                                  • Opcode Fuzzy Hash: 2892af2ec5f5bc647a6d2eb014a19b9c6264cad428c77c370f4544317af8e9a3
                                                                                                  • Instruction Fuzzy Hash: F3C1A233A0864285EB21DB22B91076AA390FF96794F544231EE5EC7BD5FF3ED444870A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E9230 Relevance: 56.3, APIs: 20, Strings: 12, Instructions: 275librarystringloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$Handletoupper$??3@ByteCharCloseDriveMultiWide$AddressControlDebugDeviceErrorLastLibraryLoadLogicalModuleOutputProcStringStringsType_calloc_dbg_snprintf_wassertisalphaisspacestrlen
                                                                                                  • String ID: (DriveIndex >= DRIVE_INDEX_MIN) && (DriveIndex <= DRIVE_INDEX_MAX)$Error: MAX_LIBRARY_HANDLES is too small$GetLogicalDriveStrings failed: %s$GetLogicalDriveStrings: Buffer too small (required %lu vs. %zu)$NtQueryVolumeInformationFile$Ntdll$Unable to load '%S.dll': %s$Warning: Time-out while trying to query drive %c$\#:$\\.\$\\.\%c:$drive.c
                                                                                                  • API String ID: 3704207117-3214377542
                                                                                                  • Opcode ID: 8fb858d5091d7cae25f0fc442acaf1cd1aa07cd9e3906632bc1ceb3f49afb362
                                                                                                  • Instruction ID: 73df43436a188bc9fa0f8c4b2ccccd0831019caa16572e74a19ca67a7e0d7891
                                                                                                  • Opcode Fuzzy Hash: 8fb858d5091d7cae25f0fc442acaf1cd1aa07cd9e3906632bc1ceb3f49afb362
                                                                                                  • Instruction Fuzzy Hash: 2FC1D123A0C6438AFB22CB21A5503BAA691AF96754F544136DF5DC7BD4FF3EE404870A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3278EC Relevance: 54.5, APIs: 13, Strings: 18, Instructions: 278libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$AddressProc$ButtonChecked$ByteCharMultiWide$CloseDebugHandleOutputPathStringTemp_calloc_dbg
                                                                                                  • String ID: Could not access WIM info: %s$ Could not access image: %s$ Could not extract file: %s$ Could not fetch temp path: %s$ Could not set index: %s$ Could not set temp path: %s$Closing: %s$Extracting: %s (From %s)$Opening: %s:[%d] (API)$Unable to locate %s() in '%s.dll': %s$WIMCloseHandle$WIMCreateFile$WIMExtractImagePath$WIMLoadImage$WIMSetTemporaryPath$Wimgapi$Windows\Boot\EFI\bootmgfw.efi$[1].xml
                                                                                                  • API String ID: 174390767-326107451
                                                                                                  • Opcode ID: 4e34ece947ee0a08f1e2a840d7eb23d34b7920791d0fceb8c01f44a8294e597f
                                                                                                  • Instruction ID: 024546cff14d21d2f13f04853c42d3a6f7174acde234dc794f0b0c4917ea8c8c
                                                                                                  • Opcode Fuzzy Hash: 4e34ece947ee0a08f1e2a840d7eb23d34b7920791d0fceb8c01f44a8294e597f
                                                                                                  • Instruction Fuzzy Hash: 70C19DA7E0D60791FA149B62A8143B5E290BF77B88F540135DD0DCBB91FE3EE105824E
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED328092 Relevance: 54.5, APIs: 20, Strings: 11, Instructions: 240libraryloaderfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$ErrorLast$AddressFileProc$ByteCharCloseCreateHandleMultiNameTempWideWrite_calloc_dbgatoi
                                                                                                  • String ID: Could not access WIM info: %s$ Could not access image: %s$.\RufVXm$IMAGE INDEX$Rufus$Unable to locate %s() in '%s.dll': %s$WIMCloseHandle$WIMCreateFile$WIMGetImageInformation$Wimgapi$Xml.tmp
                                                                                                  • API String ID: 1215125698-3009885984
                                                                                                  • Opcode ID: faa7bb76622b231a9a25e71ba9d023e0227ff7dd39138ad03170b0258170604a
                                                                                                  • Instruction ID: 545af3a70cd762da4c02234def3b2a0d93398c607e1dc3d8d72c355e06b07a7e
                                                                                                  • Opcode Fuzzy Hash: faa7bb76622b231a9a25e71ba9d023e0227ff7dd39138ad03170b0258170604a
                                                                                                  • Instruction Fuzzy Hash: 07A1C227E0DA4781EA149B51B8103B9E290AF67B88F580235DD4DCBBD5FE3EE405C74A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E397C Relevance: 51.0, APIs: 9, Strings: 20, Instructions: 296stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@CloseDeviceEnumErrorHandleInterfacesLastSetupstrlenstrstr
                                                                                                  • String ID: $ Matched with (GP) ID[%03d]: %s$ Matched with Hub[%d]: '%s'$#$#$Could not get device instance handle for '%s': CR error %d$Could not get node connection information (V2) for device '%s': %s$Could not get node connection information for '%s': %s$Could not get port for '%s': CR error %d$Could not open hub %s: %s$Found VHD device '%s'$Found card reader device '%s'$SCSI Dis$SetupDiEnumDeviceInterfaces failed: %s$UAS Devi$[GP]$[ID]$ice$ice$k Device
                                                                                                  • API String ID: 2865736528-993892130
                                                                                                  • Opcode ID: 00c6e5b780b93bb66bd724539e04e55925506dbb7ffc78ea13734c23512f4bae
                                                                                                  • Instruction ID: cc693c7d7a549b4e5a2a02d6a2f0a15d9e711f7f0b915f64a9a00042d3267f0b
                                                                                                  • Opcode Fuzzy Hash: 00c6e5b780b93bb66bd724539e04e55925506dbb7ffc78ea13734c23512f4bae
                                                                                                  • Instruction Fuzzy Hash: F7E1D273A0C6C289E7718B25E5443FAA7A1EB95785F404135CE9D87B98EF3ED044CB0A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2EA055 Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 234fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$PointerRead_strncollmemcmp$??3@_calloc_dbg
                                                                                                  • String ID: (Unrecognized)$APFS$BEA01$CD001$H$HFS/HFS+$ISO9660$NXSB$S$UDF$ext$ext2$ext3$ext4
                                                                                                  • API String ID: 1914096050-703648378
                                                                                                  • Opcode ID: a316eb552793941ecad917613da94646399e055d08fbb6262115245e9e0cb62c
                                                                                                  • Instruction ID: ddbcc4928ffbe82f093b515605abd09b3ae64a4cea434a1ce1daa28fde5b31f1
                                                                                                  • Opcode Fuzzy Hash: a316eb552793941ecad917613da94646399e055d08fbb6262115245e9e0cb62c
                                                                                                  • Instruction Fuzzy Hash: 9991D627B18B4284FB61CB22E9007AAA392FB957C4F440031DE4DD7B88EE3EE445C706
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E98FE Relevance: 51.0, APIs: 21, Strings: 8, Instructions: 234stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$??3@Handle$ByteCharCloseInformationMultiVolumeWidestrlentoupper$ControlDevice_calloc_dbg
                                                                                                  • String ID: #:\$#:\autor$@$Ignoring 'autorun.inf' label for drive %c: No media$NO_LABEL$Using 'autorun.inf' label for drive %c: '%s'$label$run.inf
                                                                                                  • API String ID: 1949731151-634268221
                                                                                                  • Opcode ID: 24d4d1bdaa99b713a6056b02fe2612f68b4559c66b209649058fa4f5c510117c
                                                                                                  • Instruction ID: bbc0e0451405dfcca8e76259528f8933c726a1bdf8d6cec416db7f8dd7748ba4
                                                                                                  • Opcode Fuzzy Hash: 24d4d1bdaa99b713a6056b02fe2612f68b4559c66b209649058fa4f5c510117c
                                                                                                  • Instruction Fuzzy Hash: 2AA1E223B0CA4245EB15DB21B9503BAB695EF96790F444136EE8E83B94FF3ED504C70A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6D50 Relevance: 49.2, APIs: 16, Strings: 12, Instructions: 217stringsleepfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonCheckedDevice$Controlstrlen$Count64ErrorLastSleepTick$??3@CloseCreateDebugFileHandleOutputQueryString_mbscpy_strncoll
                                                                                                  • String ID: <NULL>$???$Could not lock access to %s: %s$Could not open %s: %s$I/O boundary checks disabled$NO_LABEL$Notice: Volume Device Path is %s$Opened %s for %s write access$Waiting for access on %s...$Warning: Could not obtain exclusive rights. Retrying with write sharing enabled...$exclusive$shared
                                                                                                  • API String ID: 3073501576-915217758
                                                                                                  • Opcode ID: 424018286e4d669f6c06157b0a21182c29d2643a250787264a23b1da37e37165
                                                                                                  • Instruction ID: c58c3cee57d495e47f76dbfaa3fbad81572842d055b887c6daf898f6aff2d382
                                                                                                  • Opcode Fuzzy Hash: 424018286e4d669f6c06157b0a21182c29d2643a250787264a23b1da37e37165
                                                                                                  • Instruction Fuzzy Hash: 1D911423A1C24389FB21DB31E90077AA251AFA6794F545531DE5EC7AD4FE3EE444830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6274 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: c91eab483464cf0e6958e71cb692a367de16c87cfe2d3988e2c7a53a9560a221
                                                                                                  • Instruction ID: 36986a9629897148bd62b098863d32d628882b75fdcafaa83ab563459d25f17b
                                                                                                  • Opcode Fuzzy Hash: c91eab483464cf0e6958e71cb692a367de16c87cfe2d3988e2c7a53a9560a221
                                                                                                  • Instruction Fuzzy Hash: 7571B363A1C60389FA12DB21E5503B9A350AF62785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6268 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 887a5f588ee0d73e9560dbdefc6334124d98741dd46f8449fbb430570cca4976
                                                                                                  • Instruction ID: ee9eb5231ffb04f93fd5c81de77457dd4ef72a95a1b8180b1021e087b578f603
                                                                                                  • Opcode Fuzzy Hash: 887a5f588ee0d73e9560dbdefc6334124d98741dd46f8449fbb430570cca4976
                                                                                                  • Instruction Fuzzy Hash: F471B363A1C60389FA12DB21E5503B9A350AF62785F540436DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E625C Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 9d64095802c9326f3e243a578da5c2bfebae6c259ebb43fcb6bf23e6fec64c46
                                                                                                  • Instruction ID: 32d1479de7b53a8c369d85d5c6a17bdd5ac5609727a8cc4aabffa0e4ed666f95
                                                                                                  • Opcode Fuzzy Hash: 9d64095802c9326f3e243a578da5c2bfebae6c259ebb43fcb6bf23e6fec64c46
                                                                                                  • Instruction Fuzzy Hash: 7971B363A1C60389FA12DB61E5503B9A350AF62785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5E4E Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 58a5edd00ef0995c83750c7fdf22ad31f89599ac4567917e345fc1bea5cf9f8e
                                                                                                  • Instruction ID: 41803038b2e7745f04f61918b1666aa3a5b13a26b145937fc89daf3c08cf598e
                                                                                                  • Opcode Fuzzy Hash: 58a5edd00ef0995c83750c7fdf22ad31f89599ac4567917e345fc1bea5cf9f8e
                                                                                                  • Instruction Fuzzy Hash: 4871B363A1C60389FA12DB21E5503B9A750AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6250 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 49e37677394a5185de884e4e80826895aaeeab80742cd0aa56e76cb2b5f7f537
                                                                                                  • Instruction ID: efefaa2e991664afd6e7d528a4ec392ddec8ea03a8f03cfe6d4662db245d0742
                                                                                                  • Opcode Fuzzy Hash: 49e37677394a5185de884e4e80826895aaeeab80742cd0aa56e76cb2b5f7f537
                                                                                                  • Instruction Fuzzy Hash: 9671B363A1C60389FA12DB61E5543B9A760AF52785F540835DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5E42 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 518aa35f13022df2ad8a7735580d586be280fd9c8c130e15adb194ce72591c2c
                                                                                                  • Instruction ID: ed37bb48a62d1a536068637477b4a40ceaabac32abcfaba3a071d6cb41bc9523
                                                                                                  • Opcode Fuzzy Hash: 518aa35f13022df2ad8a7735580d586be280fd9c8c130e15adb194ce72591c2c
                                                                                                  • Instruction Fuzzy Hash: 1E71B363A1C60389FA12DB21E5543B9A350AF52785F540436DE0EC76E5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6244 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: a661d0597aba105d2d797db170409455300a76d3d4a55ffb182a446d9b8ddc45
                                                                                                  • Instruction ID: caace9a214d8879ebff27308bc4baedfdc8e56abe8e1e72092eb8fbb76eece37
                                                                                                  • Opcode Fuzzy Hash: a661d0597aba105d2d797db170409455300a76d3d4a55ffb182a446d9b8ddc45
                                                                                                  • Instruction Fuzzy Hash: A371B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5E36 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: bc7c3c640425a4a4d4aa4369d43b0c2242c0979faeabc26e5d9e9366666ba621
                                                                                                  • Instruction ID: 6a617984a38fdf47e5c0bf9eb4709e8832e2fcaa262f7617082c46125359373f
                                                                                                  • Opcode Fuzzy Hash: bc7c3c640425a4a4d4aa4369d43b0c2242c0979faeabc26e5d9e9366666ba621
                                                                                                  • Instruction Fuzzy Hash: 6171B363A1C60389FA12DB21E5543B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6238 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 5a44bb13d79ebcda99b93b6b39cc42a9624fe01573c06eedf6e9ec2c8e1f53a1
                                                                                                  • Instruction ID: b8aeeffadec2a65f16763c030b546010744329319f36b0a7101aaf7fc2780793
                                                                                                  • Opcode Fuzzy Hash: 5a44bb13d79ebcda99b93b6b39cc42a9624fe01573c06eedf6e9ec2c8e1f53a1
                                                                                                  • Instruction Fuzzy Hash: 1571B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5EB3 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 0033c1f84cfbd1a7e68227ecd8ee032d2475f592f4dc8fb193131b47056d8f28
                                                                                                  • Instruction ID: 313b621c933932322137be35ab24953c089274f530ce87239d7654c5084014de
                                                                                                  • Opcode Fuzzy Hash: 0033c1f84cfbd1a7e68227ecd8ee032d2475f592f4dc8fb193131b47056d8f28
                                                                                                  • Instruction Fuzzy Hash: 2971B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5EA7 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 7472b3180481da532099c26278febf796c9111a7799d8cf31be59c7fc385f257
                                                                                                  • Instruction ID: b4a77fc39818f1a0c7c435c566afd77f51373ecc512986b9d20a104372fdd533
                                                                                                  • Opcode Fuzzy Hash: 7472b3180481da532099c26278febf796c9111a7799d8cf31be59c7fc385f257
                                                                                                  • Instruction Fuzzy Hash: 4D71B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5E9B Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 03e1c8bb957773353b7236715db9ce65c85f16c4ea02cfe716d1d3abc1502543
                                                                                                  • Instruction ID: 876ae38e23f14d0c72c2477704b12cb21e85a0bf8b4e50f9ac67aeb63dd52ae0
                                                                                                  • Opcode Fuzzy Hash: 03e1c8bb957773353b7236715db9ce65c85f16c4ea02cfe716d1d3abc1502543
                                                                                                  • Instruction Fuzzy Hash: 5971B363A1C60389FA12DB21E5543B9A750AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5E8F Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: dc1a82482a5b08f46d88319c0470fdfd0bf43dd2a7be6d888b36a3e6d04a9d65
                                                                                                  • Instruction ID: e18ad9381ab7a2041bdc3a1b90390c46bf52ea31e1cd7268514469ded3abe037
                                                                                                  • Opcode Fuzzy Hash: dc1a82482a5b08f46d88319c0470fdfd0bf43dd2a7be6d888b36a3e6d04a9d65
                                                                                                  • Instruction Fuzzy Hash: 8571B363A1C60389FA12DB21E5503B9A350AF62785F540835DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E628C Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 490000b96587796489176d26d8399de8ad173a1c2c573926d287036d6c0e4298
                                                                                                  • Instruction ID: 587900d5f7ff4c769f0ad6104eb285462938f9b825379282638fdb57509d9b48
                                                                                                  • Opcode Fuzzy Hash: 490000b96587796489176d26d8399de8ad173a1c2c573926d287036d6c0e4298
                                                                                                  • Instruction Fuzzy Hash: 1471B263A1C60389FA12DB21E5503B9A350AF62785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6280 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 43fd970bcea8c3d99aaceecb69480298ba1934b33044ab5b5257eacf2d582f18
                                                                                                  • Instruction ID: dc884af8a54e2446124ce318339e322f1ea17b07133ea57c7bfd7737bb04bd58
                                                                                                  • Opcode Fuzzy Hash: 43fd970bcea8c3d99aaceecb69480298ba1934b33044ab5b5257eacf2d582f18
                                                                                                  • Instruction Fuzzy Hash: 5571B363A1C60389FA12DB21E5503B9A350AF62785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E62F3 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 8375400675d90c66e9d990e694a897045afd700da366df3b89053b70f5c35284
                                                                                                  • Instruction ID: 1b94711b2596a434d97798270e9624ec0964c1f63756660ebbeb387d971b6603
                                                                                                  • Opcode Fuzzy Hash: 8375400675d90c66e9d990e694a897045afd700da366df3b89053b70f5c35284
                                                                                                  • Instruction Fuzzy Hash: F571B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5EEF Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 74d84fbe29d03753f27e498e85d9201f49e70862d441c0f963a66381cac01e9d
                                                                                                  • Instruction ID: 42fb1464c69c1395b4063d0f87e67acda02300847b7f4bb2e63d1ef5fbe94509
                                                                                                  • Opcode Fuzzy Hash: 74d84fbe29d03753f27e498e85d9201f49e70862d441c0f963a66381cac01e9d
                                                                                                  • Instruction Fuzzy Hash: 5771B363A1C60389FA12DB21E5503B9A350AF62785F540435DE0EC76D6FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5EE3 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 9e24bd673a78036928205cffa417f9289cc903152949b7bd87bcc41acf226b88
                                                                                                  • Instruction ID: ef2f0ded779f81612c8173292ad55e897381232b9ee52a97d45ae8200db94998
                                                                                                  • Opcode Fuzzy Hash: 9e24bd673a78036928205cffa417f9289cc903152949b7bd87bcc41acf226b88
                                                                                                  • Instruction Fuzzy Hash: F871B363A1C60389FA12DB21E5543B9A750AF52785F540436DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5ED7 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: cc04a6f2eab6eb5ee36eb745cf1bf3bb6ce75cd58d66239c230be3f4e73ba0eb
                                                                                                  • Instruction ID: f163a6e0d8f5e8b8e2f06a7bb4f47494d2beadd4713f2a95cf873d5dce902b4b
                                                                                                  • Opcode Fuzzy Hash: cc04a6f2eab6eb5ee36eb745cf1bf3bb6ce75cd58d66239c230be3f4e73ba0eb
                                                                                                  • Instruction Fuzzy Hash: 9071B363A1C60389FA12DB21E5543B9A750AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5ECB Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: b9429e38d9c2ac250f104b07f9771c487f8cf5f3ecdd8eb5c3587d9c90adeca9
                                                                                                  • Instruction ID: e6dbf56774c8dd45036ff4ea2df4ac251c14a633e8dfbac0eca2ba9e8435029d
                                                                                                  • Opcode Fuzzy Hash: b9429e38d9c2ac250f104b07f9771c487f8cf5f3ecdd8eb5c3587d9c90adeca9
                                                                                                  • Instruction Fuzzy Hash: 4271B363A1C60389FA12DB61E5503B9A350AF52785F940435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5EBF Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 17794dfff4ab024f6b2d07c8827615385516b0911a7809925ed3c740c605cd00
                                                                                                  • Instruction ID: 607b0713710eefcdad2c6ab35b33f2cada92361f8503187120ad1d80f62c066f
                                                                                                  • Opcode Fuzzy Hash: 17794dfff4ab024f6b2d07c8827615385516b0911a7809925ed3c740c605cd00
                                                                                                  • Instruction Fuzzy Hash: 7B71B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5B32 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: d7cd5bc7cfc5fbef5aa969ffd647c7b16cf0df8072f0c95c82da88475522ce0c
                                                                                                  • Instruction ID: 581b0e4529076dfbf16968b10c3d8a64f176d5ee10e11fffc8932153ae264247
                                                                                                  • Opcode Fuzzy Hash: d7cd5bc7cfc5fbef5aa969ffd647c7b16cf0df8072f0c95c82da88475522ce0c
                                                                                                  • Instruction Fuzzy Hash: 7E71B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76E5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5F2B Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: fb43e7ec631b7525565816ef570ad606b10d0d09f80cccccad6495e45324e1f2
                                                                                                  • Instruction ID: 00fd3a914febfb952354c065790d8ce4a11bc5c753edf188814bf26d3ffd9573
                                                                                                  • Opcode Fuzzy Hash: fb43e7ec631b7525565816ef570ad606b10d0d09f80cccccad6495e45324e1f2
                                                                                                  • Instruction Fuzzy Hash: D171B363A1C60389FA12DB21E5503B9A350AF62785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5B26 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 3832474fa49000fbb9cc3be254a637e16b2b52c033b4c371aa9c4e64b3889c55
                                                                                                  • Instruction ID: ef2f0ded779f81612c8173292ad55e897381232b9ee52a97d45ae8200db94998
                                                                                                  • Opcode Fuzzy Hash: 3832474fa49000fbb9cc3be254a637e16b2b52c033b4c371aa9c4e64b3889c55
                                                                                                  • Instruction Fuzzy Hash: F871B363A1C60389FA12DB21E5543B9A750AF52785F540436DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6323 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 0184c1e28eda053659ff8a9d549a2e2c4c24f05ba77deb39f9488e5f36378e0a
                                                                                                  • Instruction ID: 1b94711b2596a434d97798270e9624ec0964c1f63756660ebbeb387d971b6603
                                                                                                  • Opcode Fuzzy Hash: 0184c1e28eda053659ff8a9d549a2e2c4c24f05ba77deb39f9488e5f36378e0a
                                                                                                  • Instruction Fuzzy Hash: F571B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5F1F Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: b872234f255fd7586404492329b8f16debe9b28c75e5cb79e99b804b02b3ef37
                                                                                                  • Instruction ID: d2db000edb1dba16a4d57d5b60631ac6bacf234ae845cf99a8d2623da310d2e6
                                                                                                  • Opcode Fuzzy Hash: b872234f255fd7586404492329b8f16debe9b28c75e5cb79e99b804b02b3ef37
                                                                                                  • Instruction Fuzzy Hash: D671B363A1C60389FA12DB21E5503B9A350AF52785F540436DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5B1A Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 62611561ccde8c130d725645fc2f8799ce839e9a6b27ea73fe09f7770c0bbf4b
                                                                                                  • Instruction ID: f163a6e0d8f5e8b8e2f06a7bb4f47494d2beadd4713f2a95cf873d5dce902b4b
                                                                                                  • Opcode Fuzzy Hash: 62611561ccde8c130d725645fc2f8799ce839e9a6b27ea73fe09f7770c0bbf4b
                                                                                                  • Instruction Fuzzy Hash: 9071B363A1C60389FA12DB21E5543B9A750AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6317 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 018278847b4b8da3a39f4b211106b47eb5444cd6a8e3f218c0ed39deeb5c9926
                                                                                                  • Instruction ID: e6dbf56774c8dd45036ff4ea2df4ac251c14a633e8dfbac0eca2ba9e8435029d
                                                                                                  • Opcode Fuzzy Hash: 018278847b4b8da3a39f4b211106b47eb5444cd6a8e3f218c0ed39deeb5c9926
                                                                                                  • Instruction Fuzzy Hash: 4271B363A1C60389FA12DB61E5503B9A350AF52785F940435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5F13 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 17794dfff4ab024f6b2d07c8827615385516b0911a7809925ed3c740c605cd00
                                                                                                  • Instruction ID: 57c45b671548c719bd7728650f666cab972c679ece969e35610d716b7d0a4155
                                                                                                  • Opcode Fuzzy Hash: 17794dfff4ab024f6b2d07c8827615385516b0911a7809925ed3c740c605cd00
                                                                                                  • Instruction Fuzzy Hash: E971B363A1C60389FA16DB21E5503B9A750AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E630B Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 919a052a19dabe567f187d5f2680da03eb2656ee1094e6ca07990cc6b35fc4a7
                                                                                                  • Instruction ID: 2f93c26f37871671e4478406479e0a92a7087be2e01b97a43d34a023c7e992f4
                                                                                                  • Opcode Fuzzy Hash: 919a052a19dabe567f187d5f2680da03eb2656ee1094e6ca07990cc6b35fc4a7
                                                                                                  • Instruction Fuzzy Hash: C971B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5F07 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 39379f456b2f5270f66726cfe2de185a2c43bc52d253966aeba85cccf8db0634
                                                                                                  • Instruction ID: bf40d923fb1105bb2cbc886a558fd40782874fdfbb0ac6eb392da90b20fc6585
                                                                                                  • Opcode Fuzzy Hash: 39379f456b2f5270f66726cfe2de185a2c43bc52d253966aeba85cccf8db0634
                                                                                                  • Instruction Fuzzy Hash: CE71B363A1C60389FA12DB21E5543B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E62FF Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: cf4dc451f9ec9cd3fe083abefbc1e388d70db73d52ca782f0122b9397fcee150
                                                                                                  • Instruction ID: 1b94711b2596a434d97798270e9624ec0964c1f63756660ebbeb387d971b6603
                                                                                                  • Opcode Fuzzy Hash: cf4dc451f9ec9cd3fe083abefbc1e388d70db73d52ca782f0122b9397fcee150
                                                                                                  • Instruction Fuzzy Hash: F571B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5EFB Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 989d396c215131b381098601eb77311274d8d02473378389d343a479951eb86b
                                                                                                  • Instruction ID: b141c21bfeed4ac24697efcce2bbdc73ef431b346e7872a834565b6ec94d3b56
                                                                                                  • Opcode Fuzzy Hash: 989d396c215131b381098601eb77311274d8d02473378389d343a479951eb86b
                                                                                                  • Instruction Fuzzy Hash: 7371B363A1C60389FA12DB21E5543B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5D6A Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 7167600c2ad0e910aa01e35a61209bd125f6eec4fb564825d02f878d250016fe
                                                                                                  • Instruction ID: 3e4a1866e7ea15c07e94d7c79f5994b0bd66162fc014827bf3de411e052b3f5e
                                                                                                  • Opcode Fuzzy Hash: 7167600c2ad0e910aa01e35a61209bd125f6eec4fb564825d02f878d250016fe
                                                                                                  • Instruction Fuzzy Hash: 3A71B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5D5E Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: bedd13aacf1ff85976785c41c7c221f7739ed1f22e9480e40b737cf8957fb203
                                                                                                  • Instruction ID: 2bad0f1419da0708339752352b30e37713ac67d3b6b1dd48be7803c029a04d65
                                                                                                  • Opcode Fuzzy Hash: bedd13aacf1ff85976785c41c7c221f7739ed1f22e9480e40b737cf8957fb203
                                                                                                  • Instruction Fuzzy Hash: 8971B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76E5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5D52 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: bbae9a8c013f77e08393ac0c7298178ec732fe3c95b3309311ec54b927ad94ed
                                                                                                  • Instruction ID: 00fd3a914febfb952354c065790d8ce4a11bc5c753edf188814bf26d3ffd9573
                                                                                                  • Opcode Fuzzy Hash: bbae9a8c013f77e08393ac0c7298178ec732fe3c95b3309311ec54b927ad94ed
                                                                                                  • Instruction Fuzzy Hash: D171B363A1C60389FA12DB21E5503B9A350AF62785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5D46 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 2bf341b3fcc74b4d4a9c570b204b16a7e50eacbfe21544121dd4ca2e656c45df
                                                                                                  • Instruction ID: d2db000edb1dba16a4d57d5b60631ac6bacf234ae845cf99a8d2623da310d2e6
                                                                                                  • Opcode Fuzzy Hash: 2bf341b3fcc74b4d4a9c570b204b16a7e50eacbfe21544121dd4ca2e656c45df
                                                                                                  • Instruction Fuzzy Hash: D671B363A1C60389FA12DB21E5503B9A350AF52785F540436DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5D3A Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 7ac7268aeb249af8874b493679ee6d15845833897e3027cd5c83f6e24ab3fe2c
                                                                                                  • Instruction ID: 07eb157d69fa3f4a0e27462eae2b55bd3d87744d5607eb41f9b1b2130b67f92f
                                                                                                  • Opcode Fuzzy Hash: 7ac7268aeb249af8874b493679ee6d15845833897e3027cd5c83f6e24ab3fe2c
                                                                                                  • Instruction Fuzzy Hash: 4F71B363A1C60389FA16DB21E5503B9A350AF62785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5DB2 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 0891bcd3cf46656ec8994cad66245f13d6900c95bba8cbcc804027df47ed2125
                                                                                                  • Instruction ID: 524d95e8765cb3dcdc0042d620e6c8e21f1a218acc9196a3db06af3eed6be036
                                                                                                  • Opcode Fuzzy Hash: 0891bcd3cf46656ec8994cad66245f13d6900c95bba8cbcc804027df47ed2125
                                                                                                  • Instruction Fuzzy Hash: 7471B363A1C60389FA12DB61E5503B9A750AF52785F540835DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5DA6 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 574e3eb3a1593461e40713390c4f647e859991aa0fb7b944da5a95ef21f86426
                                                                                                  • Instruction ID: 61783bbc5fdbe2e04c4c5eb881f1958cf47d8f62bad4366d2ecb042e4d3458d9
                                                                                                  • Opcode Fuzzy Hash: 574e3eb3a1593461e40713390c4f647e859991aa0fb7b944da5a95ef21f86426
                                                                                                  • Instruction Fuzzy Hash: BF71B363A1C60389FA12DB21E5503B9A750AF56785F540436DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5D9A Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 9de90d57998f179b28357c6df04e8027b1beb91a595e6f6bab6f05168f127605
                                                                                                  • Instruction ID: a1a516d53e7ef27b230c27bedaacf0d85bc8edb38b7ac5bef28b7e1c933368d0
                                                                                                  • Opcode Fuzzy Hash: 9de90d57998f179b28357c6df04e8027b1beb91a595e6f6bab6f05168f127605
                                                                                                  • Instruction Fuzzy Hash: D571B363A1C60389FA12DB21E5503B9A750AF56785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5D8E Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 8376e8f584997ffd8c4bfd50fb96c19ca27f1520da82302a918681fe6a07d3ef
                                                                                                  • Instruction ID: 234914ec3354277bae9b5096253ede66af9ac1f6980ecd16a1fd17fd785dbb03
                                                                                                  • Opcode Fuzzy Hash: 8376e8f584997ffd8c4bfd50fb96c19ca27f1520da82302a918681fe6a07d3ef
                                                                                                  • Instruction Fuzzy Hash: 6B71B363A1C60389FA12DB21E5503B9A750AF56785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5D82 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 4ed4fef3cf602ea089f43511397fe0f2c057610f7faff8f60a71f4652587a4c5
                                                                                                  • Instruction ID: cabef54a001c7f1b878847d34e99423b5ab992d849fcd6254aaf601665e3305d
                                                                                                  • Opcode Fuzzy Hash: 4ed4fef3cf602ea089f43511397fe0f2c057610f7faff8f60a71f4652587a4c5
                                                                                                  • Instruction Fuzzy Hash: 1771B363A1C60389FA12DB21E5503B9A750AF56785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5D76 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 5aa9498e38df2948957133b87671cbdc7e4e99e08c1065b17cc07510cac332d2
                                                                                                  • Instruction ID: 7d53f1779f6fc3f480850e460a997a80f562542c5a4c88d95436fe4556f8a7f2
                                                                                                  • Opcode Fuzzy Hash: 5aa9498e38df2948957133b87671cbdc7e4e99e08c1065b17cc07510cac332d2
                                                                                                  • Instruction Fuzzy Hash: E771B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5DEE Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 4b2b325b18e6600f6ee35353a8555ec70688f272ca837d9635202f07725dd55a
                                                                                                  • Instruction ID: 686e98152ea69c1a7d9b24f237835ba07e23936503c1125bed51c5fac9f7b747
                                                                                                  • Opcode Fuzzy Hash: 4b2b325b18e6600f6ee35353a8555ec70688f272ca837d9635202f07725dd55a
                                                                                                  • Instruction Fuzzy Hash: 8771B363A1C60389FA12DB21E5503B9A350AF52785F540436DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E61F0 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: f1d7278efd9bf586cbc12628913417d3bf8b8ab2c19f8b3a92a880390c98857f
                                                                                                  • Instruction ID: 234914ec3354277bae9b5096253ede66af9ac1f6980ecd16a1fd17fd785dbb03
                                                                                                  • Opcode Fuzzy Hash: f1d7278efd9bf586cbc12628913417d3bf8b8ab2c19f8b3a92a880390c98857f
                                                                                                  • Instruction Fuzzy Hash: 6B71B363A1C60389FA12DB21E5503B9A750AF56785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5DE2 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 0f24de26a557cffcc2b5c1172de631ffd5b58e830f0dd160a8d1e103a202b87c
                                                                                                  • Instruction ID: 8308ef73bdcd8d43b2907437be2ed1e1508aa8169fdb6285acf50ba031a1b23a
                                                                                                  • Opcode Fuzzy Hash: 0f24de26a557cffcc2b5c1172de631ffd5b58e830f0dd160a8d1e103a202b87c
                                                                                                  • Instruction Fuzzy Hash: F571B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E61E4 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: e23f90c96920e5e169e69c533c7cabfef7bcd5adf6750919f436fca5408c7f47
                                                                                                  • Instruction ID: 61783bbc5fdbe2e04c4c5eb881f1958cf47d8f62bad4366d2ecb042e4d3458d9
                                                                                                  • Opcode Fuzzy Hash: e23f90c96920e5e169e69c533c7cabfef7bcd5adf6750919f436fca5408c7f47
                                                                                                  • Instruction Fuzzy Hash: BF71B363A1C60389FA12DB21E5503B9A750AF56785F540436DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5DD6 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 06ec8afe68de0e7c95e3fb2d7e96eec9c24c4dec178829c8d59de7329bb95776
                                                                                                  • Instruction ID: 313b621c933932322137be35ab24953c089274f530ce87239d7654c5084014de
                                                                                                  • Opcode Fuzzy Hash: 06ec8afe68de0e7c95e3fb2d7e96eec9c24c4dec178829c8d59de7329bb95776
                                                                                                  • Instruction Fuzzy Hash: 2971B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E61D8 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: e2c546ee92a80230f2b13abf509fb28da14bf94092ae0fd92c28a22d6a8b30b0
                                                                                                  • Instruction ID: 8969169525f40d513b4a0d865eafd6854a3774adc17ce6084935569a6b9c4b18
                                                                                                  • Opcode Fuzzy Hash: e2c546ee92a80230f2b13abf509fb28da14bf94092ae0fd92c28a22d6a8b30b0
                                                                                                  • Instruction Fuzzy Hash: FE71B363A1C60389FA12DB21E5503B9A750AF56785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5DCA Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: fb8b569e879b729c01834cf21b00f7e60602b494b26e72090e2dfa9b7b0535d5
                                                                                                  • Instruction ID: 7c0f23257938b0e8e706c75f955dacf3acf0936e5a1c6e57da0198f08ad767d4
                                                                                                  • Opcode Fuzzy Hash: fb8b569e879b729c01834cf21b00f7e60602b494b26e72090e2dfa9b7b0535d5
                                                                                                  • Instruction Fuzzy Hash: 4771B363A1C60389FA12DB21E5503B9A750AF62785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E61CC Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: e027324d0e98445f8b674db502021c7967aa3f347ac1fcce6722838837dc9a57
                                                                                                  • Instruction ID: 524d95e8765cb3dcdc0042d620e6c8e21f1a218acc9196a3db06af3eed6be036
                                                                                                  • Opcode Fuzzy Hash: e027324d0e98445f8b674db502021c7967aa3f347ac1fcce6722838837dc9a57
                                                                                                  • Instruction Fuzzy Hash: 7471B363A1C60389FA12DB61E5503B9A750AF52785F540835DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5DBE Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 91ffc1693e4652388a752c1d5ee47cb0ca1abf1339e073fc106f75fa74ba097a
                                                                                                  • Instruction ID: 41803038b2e7745f04f61918b1666aa3a5b13a26b145937fc89daf3c08cf598e
                                                                                                  • Opcode Fuzzy Hash: 91ffc1693e4652388a752c1d5ee47cb0ca1abf1339e073fc106f75fa74ba097a
                                                                                                  • Instruction Fuzzy Hash: 4871B363A1C60389FA12DB21E5503B9A750AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5E2A Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: fb8b569e879b729c01834cf21b00f7e60602b494b26e72090e2dfa9b7b0535d5
                                                                                                  • Instruction ID: e43fad5552fb4ad9f721d61aec0990f41a2c525dc8dfa833db17f2fc964d9160
                                                                                                  • Opcode Fuzzy Hash: fb8b569e879b729c01834cf21b00f7e60602b494b26e72090e2dfa9b7b0535d5
                                                                                                  • Instruction Fuzzy Hash: 1A71B363A1C60389FA12DB21E5543B9A750AF62785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E622C Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: fe5f6f4b7f6f373e35750274ded0f3d4d123d807c271bd9ac93c2b913de669ea
                                                                                                  • Instruction ID: 76303a8e2c5ce899101eb3f37ece551443364c85ecb96f9cc9501912e1837801
                                                                                                  • Opcode Fuzzy Hash: fe5f6f4b7f6f373e35750274ded0f3d4d123d807c271bd9ac93c2b913de669ea
                                                                                                  • Instruction Fuzzy Hash: 1A71B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5E1E Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 91ffc1693e4652388a752c1d5ee47cb0ca1abf1339e073fc106f75fa74ba097a
                                                                                                  • Instruction ID: 876ae38e23f14d0c72c2477704b12cb21e85a0bf8b4e50f9ac67aeb63dd52ae0
                                                                                                  • Opcode Fuzzy Hash: 91ffc1693e4652388a752c1d5ee47cb0ca1abf1339e073fc106f75fa74ba097a
                                                                                                  • Instruction Fuzzy Hash: 5971B363A1C60389FA12DB21E5543B9A750AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6220 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 84160bb77d74993d8654b1ad7f6c3bc9d1e71c76802eff19d89f6f8e908c4829
                                                                                                  • Instruction ID: c96398e1e23f9d0e391389a40c16cae31c010e51304d6f2e3f14dfe9315e39d2
                                                                                                  • Opcode Fuzzy Hash: 84160bb77d74993d8654b1ad7f6c3bc9d1e71c76802eff19d89f6f8e908c4829
                                                                                                  • Instruction Fuzzy Hash: 6971B363A1C60389FA12DB21E5543B9A350AF52785F540435DE0EC76D6FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5E12 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 7d873f6b7a1ba9424c2a510b9472fb114706f58fb3d6068b41614366bfe3df1f
                                                                                                  • Instruction ID: e6dbf56774c8dd45036ff4ea2df4ac251c14a633e8dfbac0eca2ba9e8435029d
                                                                                                  • Opcode Fuzzy Hash: 7d873f6b7a1ba9424c2a510b9472fb114706f58fb3d6068b41614366bfe3df1f
                                                                                                  • Instruction Fuzzy Hash: 4271B363A1C60389FA12DB61E5503B9A350AF52785F940435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6214 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 84160bb77d74993d8654b1ad7f6c3bc9d1e71c76802eff19d89f6f8e908c4829
                                                                                                  • Instruction ID: 938728e7dba16def0241564f786174f20cf1c864e3966cc7683ac6568c043479
                                                                                                  • Opcode Fuzzy Hash: 84160bb77d74993d8654b1ad7f6c3bc9d1e71c76802eff19d89f6f8e908c4829
                                                                                                  • Instruction Fuzzy Hash: 4371B363A1C60389FA12DB21E5543B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5E06 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: e018d993263c5b9d7d1f26870625e9d30bdd7eee5a74ed61515bf1634c70f6fa
                                                                                                  • Instruction ID: cc613bbb8b5d47b84baa8be5f42edf3bf1047f09be6af47052930e77fac0850a
                                                                                                  • Opcode Fuzzy Hash: e018d993263c5b9d7d1f26870625e9d30bdd7eee5a74ed61515bf1634c70f6fa
                                                                                                  • Instruction Fuzzy Hash: E071B363A1C60389FA12DB21E5503B9A350AF52785F540436DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6208 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: e548ac87e354430e6461fd4453f36b54261f3060e3f04764d1d9df34ade81359
                                                                                                  • Instruction ID: 6d2b2562cec359dfd78a95f4e1326eca285bf4ae42b5ca70a0bb5b12c03392ee
                                                                                                  • Opcode Fuzzy Hash: e548ac87e354430e6461fd4453f36b54261f3060e3f04764d1d9df34ade81359
                                                                                                  • Instruction Fuzzy Hash: AB71B363A1C60389FA16DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5DFA Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: ac70b78d1475c5c10c5bf3bd92eb6ad6fc3cbec50d953f89693dd5b862269f9c
                                                                                                  • Instruction ID: 607b0713710eefcdad2c6ab35b33f2cada92361f8503187120ad1d80f62c066f
                                                                                                  • Opcode Fuzzy Hash: ac70b78d1475c5c10c5bf3bd92eb6ad6fc3cbec50d953f89693dd5b862269f9c
                                                                                                  • Instruction Fuzzy Hash: 7B71B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E61FC Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: fe5f6f4b7f6f373e35750274ded0f3d4d123d807c271bd9ac93c2b913de669ea
                                                                                                  • Instruction ID: 7d53f1779f6fc3f480850e460a997a80f562542c5a4c88d95436fe4556f8a7f2
                                                                                                  • Opcode Fuzzy Hash: fe5f6f4b7f6f373e35750274ded0f3d4d123d807c271bd9ac93c2b913de669ea
                                                                                                  • Instruction Fuzzy Hash: E771B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5C6E Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 9bec890f8274a68868b6a48fd113f48d6d6f31fc0b702a35060a2268c99c17eb
                                                                                                  • Instruction ID: efefaa2e991664afd6e7d528a4ec392ddec8ea03a8f03cfe6d4662db245d0742
                                                                                                  • Opcode Fuzzy Hash: 9bec890f8274a68868b6a48fd113f48d6d6f31fc0b702a35060a2268c99c17eb
                                                                                                  • Instruction Fuzzy Hash: 9671B363A1C60389FA12DB61E5543B9A760AF52785F540835DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5C62 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: e9bc1df8ba0ee46fb3e551e20512fbf21561fff3234cd597ccd3285ad7a879b0
                                                                                                  • Instruction ID: e18ad9381ab7a2041bdc3a1b90390c46bf52ea31e1cd7268514469ded3abe037
                                                                                                  • Opcode Fuzzy Hash: e9bc1df8ba0ee46fb3e551e20512fbf21561fff3234cd597ccd3285ad7a879b0
                                                                                                  • Instruction Fuzzy Hash: 8571B363A1C60389FA12DB21E5503B9A350AF62785F540835DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5C56 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: ba5cc45b170d64934174da68edb334f47e61e9124311548a5f689ba9065f3fb8
                                                                                                  • Instruction ID: 32d1479de7b53a8c369d85d5c6a17bdd5ac5609727a8cc4aabffa0e4ed666f95
                                                                                                  • Opcode Fuzzy Hash: ba5cc45b170d64934174da68edb334f47e61e9124311548a5f689ba9065f3fb8
                                                                                                  • Instruction Fuzzy Hash: 7971B363A1C60389FA12DB61E5503B9A350AF62785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5C4A Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 5c7d4254dc7125bd6a01760d26ee4222b232564450fc3c2c33683aed2a51fe5e
                                                                                                  • Instruction ID: ee9eb5231ffb04f93fd5c81de77457dd4ef72a95a1b8180b1021e087b578f603
                                                                                                  • Opcode Fuzzy Hash: 5c7d4254dc7125bd6a01760d26ee4222b232564450fc3c2c33683aed2a51fe5e
                                                                                                  • Instruction Fuzzy Hash: F471B363A1C60389FA12DB21E5503B9A350AF62785F540436DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5C3E Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 040e7077b4e3ce65713a8c7413dca7d49b89b2dfcbdeadd7423d3a6e638cf77a
                                                                                                  • Instruction ID: dc884af8a54e2446124ce318339e322f1ea17b07133ea57c7bfd7737bb04bd58
                                                                                                  • Opcode Fuzzy Hash: 040e7077b4e3ce65713a8c7413dca7d49b89b2dfcbdeadd7423d3a6e638cf77a
                                                                                                  • Instruction Fuzzy Hash: 5571B363A1C60389FA12DB21E5503B9A350AF62785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5CAA Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: f926a220a59f58abf7a1b89fb2420ff23fc41d861c3ff0d5ea6d32f8663b5156
                                                                                                  • Instruction ID: b8aeeffadec2a65f16763c030b546010744329319f36b0a7101aaf7fc2780793
                                                                                                  • Opcode Fuzzy Hash: f926a220a59f58abf7a1b89fb2420ff23fc41d861c3ff0d5ea6d32f8663b5156
                                                                                                  • Instruction Fuzzy Hash: 1571B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5C9E Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: efeafbfa4e572677c82cbefafa89cda5a1d8a80305df983b1745180bd1ffa4fd
                                                                                                  • Instruction ID: caace9a214d8879ebff27308bc4baedfdc8e56abe8e1e72092eb8fbb76eece37
                                                                                                  • Opcode Fuzzy Hash: efeafbfa4e572677c82cbefafa89cda5a1d8a80305df983b1745180bd1ffa4fd
                                                                                                  • Instruction Fuzzy Hash: A371B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5C92 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: f09e53e95a5c70a319158c44dac92669976a2334cea6a7c4c9a5f552d632c70a
                                                                                                  • Instruction ID: ef2f0ded779f81612c8173292ad55e897381232b9ee52a97d45ae8200db94998
                                                                                                  • Opcode Fuzzy Hash: f09e53e95a5c70a319158c44dac92669976a2334cea6a7c4c9a5f552d632c70a
                                                                                                  • Instruction Fuzzy Hash: F871B363A1C60389FA12DB21E5543B9A750AF52785F540436DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5C86 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: fe5a74ffd406b7185669d6e17053228f75fc83ee91eccf6e7a98c4bcd94dddac
                                                                                                  • Instruction ID: e43fad5552fb4ad9f721d61aec0990f41a2c525dc8dfa833db17f2fc964d9160
                                                                                                  • Opcode Fuzzy Hash: fe5a74ffd406b7185669d6e17053228f75fc83ee91eccf6e7a98c4bcd94dddac
                                                                                                  • Instruction Fuzzy Hash: 1A71B363A1C60389FA12DB21E5543B9A750AF62785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5C7A Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 702b378c2b5d42d465bbd8b035dd1f4598e0e8153d60136b049246bed60c4afa
                                                                                                  • Instruction ID: f163a6e0d8f5e8b8e2f06a7bb4f47494d2beadd4713f2a95cf873d5dce902b4b
                                                                                                  • Opcode Fuzzy Hash: 702b378c2b5d42d465bbd8b035dd1f4598e0e8153d60136b049246bed60c4afa
                                                                                                  • Instruction Fuzzy Hash: 9071B363A1C60389FA12DB21E5543B9A750AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5CF2 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: cde1d2e244ff631795244f66ec3fe13f4b09a7eadc6432b2cb97cc71261faa65
                                                                                                  • Instruction ID: b141c21bfeed4ac24697efcce2bbdc73ef431b346e7872a834565b6ec94d3b56
                                                                                                  • Opcode Fuzzy Hash: cde1d2e244ff631795244f66ec3fe13f4b09a7eadc6432b2cb97cc71261faa65
                                                                                                  • Instruction Fuzzy Hash: 7371B363A1C60389FA12DB21E5543B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E60EA Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 5843c9413ea632ec1b089410128f26bb7d9ce2ce403c0da2398b2140b0a9219f
                                                                                                  • Instruction ID: 607b0713710eefcdad2c6ab35b33f2cada92361f8503187120ad1d80f62c066f
                                                                                                  • Opcode Fuzzy Hash: 5843c9413ea632ec1b089410128f26bb7d9ce2ce403c0da2398b2140b0a9219f
                                                                                                  • Instruction Fuzzy Hash: 7B71B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5CE6 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 1c38227aae4afd6504c9d5efe1ff24dbcb6a0a5402a66744ad53ef628cdbe9db
                                                                                                  • Instruction ID: 6a617984a38fdf47e5c0bf9eb4709e8832e2fcaa262f7617082c46125359373f
                                                                                                  • Opcode Fuzzy Hash: 1c38227aae4afd6504c9d5efe1ff24dbcb6a0a5402a66744ad53ef628cdbe9db
                                                                                                  • Instruction Fuzzy Hash: 6171B363A1C60389FA12DB21E5543B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E60DE Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 3755fe8cba3d0531cd7ef182604b58f05b709c32c23bf51f9085158147d28336
                                                                                                  • Instruction ID: e6dbf56774c8dd45036ff4ea2df4ac251c14a633e8dfbac0eca2ba9e8435029d
                                                                                                  • Opcode Fuzzy Hash: 3755fe8cba3d0531cd7ef182604b58f05b709c32c23bf51f9085158147d28336
                                                                                                  • Instruction Fuzzy Hash: 4271B363A1C60389FA12DB61E5503B9A350AF52785F940435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5CDA Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: d79356ba4ee4fe492a9761a4d67eaee98d24c0f4005ae01bbe3a4e119b07c229
                                                                                                  • Instruction ID: c96398e1e23f9d0e391389a40c16cae31c010e51304d6f2e3f14dfe9315e39d2
                                                                                                  • Opcode Fuzzy Hash: d79356ba4ee4fe492a9761a4d67eaee98d24c0f4005ae01bbe3a4e119b07c229
                                                                                                  • Instruction Fuzzy Hash: 6971B363A1C60389FA12DB21E5543B9A350AF52785F540435DE0EC76D6FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E60D2 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: b2a3f4f7c9fd9030b0d31537cb97c0b59a9d5d2b48df46b48e38531d02455a59
                                                                                                  • Instruction ID: 313b621c933932322137be35ab24953c089274f530ce87239d7654c5084014de
                                                                                                  • Opcode Fuzzy Hash: b2a3f4f7c9fd9030b0d31537cb97c0b59a9d5d2b48df46b48e38531d02455a59
                                                                                                  • Instruction Fuzzy Hash: 2971B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5CCE Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 54bfed08e9b2ec872ee244b720c7ae6a3161085f41226e384b5f4b3f177e9704
                                                                                                  • Instruction ID: 76303a8e2c5ce899101eb3f37ece551443364c85ecb96f9cc9501912e1837801
                                                                                                  • Opcode Fuzzy Hash: 54bfed08e9b2ec872ee244b720c7ae6a3161085f41226e384b5f4b3f177e9704
                                                                                                  • Instruction Fuzzy Hash: 1A71B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5CC2 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 3b68c40252f8439a0ac1cba330778e6c919d0888cd6d2ee458fc0fd2297b895b
                                                                                                  • Instruction ID: 42fb1464c69c1395b4063d0f87e67acda02300847b7f4bb2e63d1ef5fbe94509
                                                                                                  • Opcode Fuzzy Hash: 3b68c40252f8439a0ac1cba330778e6c919d0888cd6d2ee458fc0fd2297b895b
                                                                                                  • Instruction Fuzzy Hash: 5771B363A1C60389FA12DB21E5503B9A350AF62785F540435DE0EC76D6FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5CB6 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 28f74113031bc570f414031a73484035dbeb340582dee5f5106d1820c8edd4b5
                                                                                                  • Instruction ID: 581b0e4529076dfbf16968b10c3d8a64f176d5ee10e11fffc8932153ae264247
                                                                                                  • Opcode Fuzzy Hash: 28f74113031bc570f414031a73484035dbeb340582dee5f5106d1820c8edd4b5
                                                                                                  • Instruction Fuzzy Hash: 7E71B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76E5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5D2E Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 3ad73da1974930d5b8448b884e2bd2658d70eab794d8f785b333a27ffa93bc30
                                                                                                  • Instruction ID: 57c45b671548c719bd7728650f666cab972c679ece969e35610d716b7d0a4155
                                                                                                  • Opcode Fuzzy Hash: 3ad73da1974930d5b8448b884e2bd2658d70eab794d8f785b333a27ffa93bc30
                                                                                                  • Instruction Fuzzy Hash: E971B363A1C60389FA16DB21E5503B9A750AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5D22 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 7e264b06bb0257337e145ec08484dbf3d5ec4ad0073b228488696bbf53a2ccb5
                                                                                                  • Instruction ID: 4ddfe12970208473d30a003df20a274b9255c24c17a62b9d9cfbfb1fed6a3717
                                                                                                  • Opcode Fuzzy Hash: 7e264b06bb0257337e145ec08484dbf3d5ec4ad0073b228488696bbf53a2ccb5
                                                                                                  • Instruction Fuzzy Hash: A571B363A1C60389FA16DB21E5503B9A350AF52785F540436DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5D16 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: bd7ff39905bae454b79139926dc57ebb65e97b3f5c5dfe419d8a3cf43a1e6962
                                                                                                  • Instruction ID: bf40d923fb1105bb2cbc886a558fd40782874fdfbb0ac6eb392da90b20fc6585
                                                                                                  • Opcode Fuzzy Hash: bd7ff39905bae454b79139926dc57ebb65e97b3f5c5dfe419d8a3cf43a1e6962
                                                                                                  • Instruction Fuzzy Hash: CE71B363A1C60389FA12DB21E5543B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5D0A Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 0d4e5f8891c346b8868e2dab4b07f8622b090d20be1f313082a35e038b15c444
                                                                                                  • Instruction ID: 938728e7dba16def0241564f786174f20cf1c864e3966cc7683ac6568c043479
                                                                                                  • Opcode Fuzzy Hash: 0d4e5f8891c346b8868e2dab4b07f8622b090d20be1f313082a35e038b15c444
                                                                                                  • Instruction Fuzzy Hash: 4371B363A1C60389FA12DB21E5543B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5CFE Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 3985d36879c8eb223d85ce17db186938de1109dc5bba8e13e840764f2e41ab2e
                                                                                                  • Instruction ID: ed37bb48a62d1a536068637477b4a40ceaabac32abcfaba3a071d6cb41bc9523
                                                                                                  • Opcode Fuzzy Hash: 3985d36879c8eb223d85ce17db186938de1109dc5bba8e13e840764f2e41ab2e
                                                                                                  • Instruction Fuzzy Hash: 1E71B363A1C60389FA12DB21E5543B9A350AF52785F540436DE0EC76E5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5F73 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 3b8e3e58f9e3c3a6a5b54000f9a57ce84072238473d6e39fc6867ba2e3fa8dbf
                                                                                                  • Instruction ID: 581b0e4529076dfbf16968b10c3d8a64f176d5ee10e11fffc8932153ae264247
                                                                                                  • Opcode Fuzzy Hash: 3b8e3e58f9e3c3a6a5b54000f9a57ce84072238473d6e39fc6867ba2e3fa8dbf
                                                                                                  • Instruction Fuzzy Hash: 7E71B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76E5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5B6E Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 2c91bba07df7a0c27187b8664c7cb70f0f374ee06206f895f402d824f420733f
                                                                                                  • Instruction ID: 57c45b671548c719bd7728650f666cab972c679ece969e35610d716b7d0a4155
                                                                                                  • Opcode Fuzzy Hash: 2c91bba07df7a0c27187b8664c7cb70f0f374ee06206f895f402d824f420733f
                                                                                                  • Instruction Fuzzy Hash: E971B363A1C60389FA16DB21E5503B9A750AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5F67 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: 2a0c6ec1d041b72ddddc039929d00c5ff13afa7fc61b98ae20f075b017674bae
                                                                                                  • Instruction ID: 8308ef73bdcd8d43b2907437be2ed1e1508aa8169fdb6285acf50ba031a1b23a
                                                                                                  • Opcode Fuzzy Hash: 2a0c6ec1d041b72ddddc039929d00c5ff13afa7fc61b98ae20f075b017674bae
                                                                                                  • Instruction Fuzzy Hash: F571B363A1C60389FA12DB21E5503B9A350AF52785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5B62 Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: c755be6ee580a372bc3425d80ecd5311d65515674cf6bffc2e124be0e5d3e19c
                                                                                                  • Instruction ID: 4ddfe12970208473d30a003df20a274b9255c24c17a62b9d9cfbfb1fed6a3717
                                                                                                  • Opcode Fuzzy Hash: c755be6ee580a372bc3425d80ecd5311d65515674cf6bffc2e124be0e5d3e19c
                                                                                                  • Instruction Fuzzy Hash: A571B363A1C60389FA16DB21E5503B9A350AF52785F540436DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5F5B Relevance: 47.4, APIs: 14, Strings: 13, Instructions: 167stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmp$DefaultInfoLanguageLocaleUser_wassertstrlen
                                                                                                  • String ID: @echo off$Keyboard id '%s' is not supported - falling back to 'us'$Successfully wrote 'AUTOEXEC.BAT'$Unable to find an EGA file with codepage %d [%s]$Will use DOS keyboard '%s' [%s]$Will use codepage %d [%s]$\AUTOEXEC.BAT$dos_locale.c$echo Using %s keyboard with %s codepage [%d]$ega.cpi$ega.cpx$kbdrv >= 0$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 3461812164-2272696623
                                                                                                  • Opcode ID: e24ba807743f3513e0de4ac0fb77508ae7d7895017700bc878a0887e088869fd
                                                                                                  • Instruction ID: 7c0f23257938b0e8e706c75f955dacf3acf0936e5a1c6e57da0198f08ad767d4
                                                                                                  • Opcode Fuzzy Hash: e24ba807743f3513e0de4ac0fb77508ae7d7895017700bc878a0887e088869fd
                                                                                                  • Instruction Fuzzy Hash: 4771B363A1C60389FA12DB21E5503B9A750AF62785F540435DE0EC76D5FE3FE444830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2F88A0 Relevance: 40.5, APIs: 16, Strings: 7, Instructions: 217fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Resource$Find$??3@ByteCharErrorLastMultiSizeofWide_calloc_dbg$CloseCreateFileHandleLoadLock
                                                                                                  • String ID: Could not write ICONDIRENTRY[%d] offset: %s.$Could not write ICONDIRENTRY[%d]: %s.$Could not write icon data #%d: %s.$Could not write icon header: %s.$Created: %s$Unable to create icon '%s': %s.$icon
                                                                                                  • API String ID: 2887069497-3370838488
                                                                                                  • Opcode ID: 7e29f0d67c2a597392b691385272aadad9b0423f967ef1f1af5c34bcdd250a4c
                                                                                                  • Instruction ID: 2f12fbf6bc3b27e6ce8688a6599e0d210c1a032d0385ae423fb42ecd6096f357
                                                                                                  • Opcode Fuzzy Hash: 7e29f0d67c2a597392b691385272aadad9b0423f967ef1f1af5c34bcdd250a4c
                                                                                                  • Instruction Fuzzy Hash: 6981E4A3A0C64685EB209B52E80037AE690BF96BD4F144535EF5DDB7D5FE3EE004830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E1A5D Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 243COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Count64Tickrandsrand
                                                                                                  • String ID: %sReading and comparing$%sUsing offset %zu for fake device check$%sWeird value (%lld) in do_read$%sWriting test pattern 0x%02X$@$@$@$Bad Blocks: $Too many bad blocks, aborting test
                                                                                                  • API String ID: 1682302131-3416689196
                                                                                                  • Opcode ID: 23618e0b80ddde482f8df8fdd8df5a9631f525a98cb369fbfefc0173bf8f7ed1
                                                                                                  • Instruction ID: c10b1bc5f3b61163dcd2d45727b867ee01d89708f17a35f2c4467ba25316ab75
                                                                                                  • Opcode Fuzzy Hash: 23618e0b80ddde482f8df8fdd8df5a9631f525a98cb369fbfefc0173bf8f7ed1
                                                                                                  • Instruction Fuzzy Hash: 32B19C63B1865289FB12DB26E4403B9A3A1BB66790F444132DA1DC77E0FE7EE445D30B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2EA96E Relevance: 33.7, APIs: 11, Strings: 8, Instructions: 405fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked_snprintf$??3@ControlDeviceFile$CloseDebugHandleOutputPointerReadStringmemcmp
                                                                                                  • String ID: Could not get layout for drive 0x%02x: %s$Could not set drive layout: %s$ESP name: '%S'$ESP toggling data could not be stored$ESP toggling is only available for Windows 10 or later$No partition to toggle$S:\$ToggleEsp%02u
                                                                                                  • API String ID: 3868360781-3209890215
                                                                                                  • Opcode ID: c4eba6d61ad7200c83b917bc57440d5b674001b832e8244579917439429bad1a
                                                                                                  • Instruction ID: bbae9e258a6e6dd07644ba51946a6626071f5f70bb82296d2e84286ba5fdded1
                                                                                                  • Opcode Fuzzy Hash: c4eba6d61ad7200c83b917bc57440d5b674001b832e8244579917439429bad1a
                                                                                                  • Instruction Fuzzy Hash: 2402F733A0C68289FB218B25E6403BEA791FB95784F144135DF8D87B99EE7EE4448706
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3250DA Relevance: 26.6, APIs: 10, Strings: 5, Instructions: 367COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked_snprintf$Count64ItemTick
                                                                                                  • String ID: %0.1f%%$%d:%02d:%02d$%s/s$---$-:--:--
                                                                                                  • API String ID: 2935744316-2345170430
                                                                                                  • Opcode ID: a4179df98a030a8bc1839e8165fd5dfccd0c5600797da8295776ace9725cc8a0
                                                                                                  • Instruction ID: d06fe109c3f4123c61fa2911a1082184b8b93bb04fff396cd55277eda8d1456d
                                                                                                  • Opcode Fuzzy Hash: a4179df98a030a8bc1839e8165fd5dfccd0c5600797da8295776ace9725cc8a0
                                                                                                  • Instruction Fuzzy Hash: B4E1F463F1DB4A85F7518B19A8007B5E292BF77794F249631C80ED3790FF3EA542824A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED32770E Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 128threadsynchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • WARNING: Found stale '%s [%d]' image mounted on '%s' - Attempting to unmount it..., xrefs: 00007FF6ED32774E
                                                                                                  • Unable to start mount-image thread, xrefs: 00007FF6ED3277CE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonCheckedThread$ByteCharMultiWide$??3@Create$CodeDebugExitObjectOpenOutputPrioritySingleStringWait_calloc_dbg
                                                                                                  • String ID: Unable to start mount-image thread$WARNING: Found stale '%s [%d]' image mounted on '%s' - Attempting to unmount it...
                                                                                                  • API String ID: 1082516893-1449705827
                                                                                                  • Opcode ID: addbe85f4e6c5e3b9d914be0437f412e82100e6bf59135b874fcb0381d9778d3
                                                                                                  • Instruction ID: a1e816806933503698df0f2a46183cae3310655a44b722fe25f05e80b85b0581
                                                                                                  • Opcode Fuzzy Hash: addbe85f4e6c5e3b9d914be0437f412e82100e6bf59135b874fcb0381d9778d3
                                                                                                  • Instruction Fuzzy Hash: 9F51B173E09A4685E7208B25B8117BAE2A1BFA6794F244235DA4DC7794FF3ED400874A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED325DE4 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 135registrystringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseOpenstrlen$CreateQueryValue
                                                                                                  • String ID: Akeo Consulting\Rufus$SOFTWARE
                                                                                                  • API String ID: 3133987365-171322771
                                                                                                  • Opcode ID: 28a09bdf7f2598230fa4d312e69b6d38a7f1651852c4cd5a86b0db1fa8317974
                                                                                                  • Instruction ID: bbe4a7a6b1bff06459a0b58c3e398e2bef863da2332a9081a93a7f9419138cc2
                                                                                                  • Opcode Fuzzy Hash: 28a09bdf7f2598230fa4d312e69b6d38a7f1651852c4cd5a86b0db1fa8317974
                                                                                                  • Instruction Fuzzy Hash: 8E51C133A0874596EB60CB15F8407AAE291FB99788F544235EE8D83E98FF3DD501CB45
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED317E90 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@AdjustDebugErrorLastLookupOutputPrivilegePrivilegesStringTokenValueisspace
                                                                                                  • String ID: Could not %s '%S' privilege: %s$Could not lookup '%S' privilege: %s$Error assigning privileges: %s$disable$enable
                                                                                                  • API String ID: 2886955876-2029876165
                                                                                                  • Opcode ID: db1f6fb86619f6fcde4db89fc65530e2a1b15d29dc247f02473b290c45f4a837
                                                                                                  • Instruction ID: 7432c49c601a74b57459988c0eec288f85497f28440a81ec032f632e1f4cbb30
                                                                                                  • Opcode Fuzzy Hash: db1f6fb86619f6fcde4db89fc65530e2a1b15d29dc247f02473b290c45f4a837
                                                                                                  • Instruction Fuzzy Hash: D521A4A3F09A43D1E7109B61A8043FBE291AF66780F184135ED4DC7B85FE3ED548874A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E967D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@DebugDriveLogicalOutputStringStringsisalphastrlentoupper
                                                                                                  • String ID: GetLogicalDriveStrings failed: %s$GetLogicalDriveStrings: Buffer too small (required %lu vs. %zu)
                                                                                                  • API String ID: 1944063171-1948686756
                                                                                                  • Opcode ID: 0b71be2e739fa7ba36202a2ac2b7f70784fabd338fde674c370671010fcdd55d
                                                                                                  • Instruction ID: cdfba5d8e17ace511c03f0b672be4469d98e99677d32889ab414c4de844dcc9a
                                                                                                  • Opcode Fuzzy Hash: 0b71be2e739fa7ba36202a2ac2b7f70784fabd338fde674c370671010fcdd55d
                                                                                                  • Instruction Fuzzy Hash: 5A11CE53F1C51749FA616B319A143B982824F67780F584032CE2DCB6C1FE2EA949831B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3565D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 232COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF6ED35675D
                                                                                                  • Unknown pseudo relocation protocol version %d., xrefs: 00007FF6ED356920
                                                                                                  • Unknown pseudo relocation bit size %d., xrefs: 00007FF6ED356914
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                                                                                                  • API String ID: 0-1286557213
                                                                                                  • Opcode ID: f3657d661976ab74ccf1f48f98df40adf86fb9e369f1e5e684a3bf79badb1e2a
                                                                                                  • Instruction ID: 207555998473004d7f744d2b0259db4eb2b16ed0579b9665f45a009971fb1b8c
                                                                                                  • Opcode Fuzzy Hash: f3657d661976ab74ccf1f48f98df40adf86fb9e369f1e5e684a3bf79badb1e2a
                                                                                                  • Instruction Fuzzy Hash: BD91B277E0955386EA209B24D900379E261FF77B64F248231DD2D977D8FE3EE801860A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED347235 Relevance: .1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cc343435156ec6b63dd97ff3c47bfd632e81e957c7c642a1f7b813120482f358
                                                                                                  • Instruction ID: f1f0b82edc5ebd91f78094b65214bb829f15b68d35511964f8d6e70a24acc609
                                                                                                  • Opcode Fuzzy Hash: cc343435156ec6b63dd97ff3c47bfd632e81e957c7c642a1f7b813120482f358
                                                                                                  • Instruction Fuzzy Hash: C221FCB38041A147E296DA1AD8547BA73D1F796388FC68232EF45D3186DE3E584BC2C6
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3FB1F0 Relevance: .1, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7305c554d4875f57f1914fb618b29c2131153c0db91bb9576baecfeb3e6878a9
                                                                                                  • Instruction ID: 9fcc02370e82e68c77e4d5db9442bb05f43bcb7277b416f874e779bc37f998d1
                                                                                                  • Opcode Fuzzy Hash: 7305c554d4875f57f1914fb618b29c2131153c0db91bb9576baecfeb3e6878a9
                                                                                                  • Instruction Fuzzy Hash: C61118EBC4DAC91BF2524E2448662AC6F50EBB3A8075D40B6C299872D3FC2F6904C716
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E4F57 Relevance: 66.8, APIs: 19, Strings: 19, Instructions: 333stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonCheckedstrlen$??3@$CreateDebugDirectoryKeyboardLayoutNameOutputString_snprintfmemcmpstrncat
                                                                                                  • String ID: unexpected binary data$ unexpected file size$%X, %X$%s\%s\diskcopy.dll$'diskcopy.dll' was either not found or is invalid$.$?$COMMAND.COM$Could not set timestamps: %s$Could not write file '%s': %s.$FAT File %s would be out of bounds: %zX, %zX$IO.SYS$LOCALE\$Patching COMMAND.COM...$Patching IO.SYS...$Rufus$Successfully wrote '%s' (%zu bytes)$Unable to create file '%s': %s.$invalid path supplied for MS-DOS FAT extraction
                                                                                                  • API String ID: 1689280645-3509110999
                                                                                                  • Opcode ID: 6d476a8dfaef1345c7e0d79717b45fa533831d31947a979835018ad4de221714
                                                                                                  • Instruction ID: 5095fef24edc500eb22ba528664d3137de055dfcd7899c61ebbb587c2ba9ee67
                                                                                                  • Opcode Fuzzy Hash: 6d476a8dfaef1345c7e0d79717b45fa533831d31947a979835018ad4de221714
                                                                                                  • Instruction Fuzzy Hash: 82F1E263A1868289EB11DF25E4003EEA390EB96784F444132DE5DC7B99FF7EE105C70A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2FA061 Relevance: 54.6, APIs: 18, Strings: 13, Instructions: 346stringtimeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@$strlen$CloseHandle_snprintf$Count64DebugErrorFileItemLastOutputStringTickTime_calloc_dbgisspacestrcmp
                                                                                                  • String ID: Could not replace file: %s$ Could not set timestamp: %s$ Error reading UDF file %s$ Error writing file: %s$ File name sanitized to '%s'$ NOTE: This is usually caused by a poorly designed security solution. See https://bit.ly/40qDtyF. This file will be skipped for now, but you should really look into using a *SMARTER* antivirus solution.$ Replaced with local version %s$ Unable to create file: %s$%s%s/%s$%s/syslinux-%s/%s$Error allocating file name$Rufus$autorun.inf
                                                                                                  • API String ID: 420817406-3481953354
                                                                                                  • Opcode ID: 1056d998e5d6e5d8613d29e13ed7eb7db6a0a5e053c21af0ee1f85cedc24b675
                                                                                                  • Instruction ID: f6baeb9ede0ab6c68c048c04fd4f8416309820bd804e603eb97ed2f9cc688104
                                                                                                  • Opcode Fuzzy Hash: 1056d998e5d6e5d8613d29e13ed7eb7db6a0a5e053c21af0ee1f85cedc24b675
                                                                                                  • Instruction Fuzzy Hash: 70E1A323E0D64348EA10EB21E9043BDA390AF96B94F584531EE5DD77D6FE3EE404870A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED327063 Relevance: 54.4, APIs: 13, Strings: 18, Instructions: 180libraryloaderstringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc$??3@$_waccessstrlenstrncat
                                                                                                  • String ID: 7-Zip$NONE$Software\7-Zip\Path$WIM apply method supported: %s$WIM extraction method(s) supported: %s%s%s$WIMApplyImage$WIMCloseHandle$WIMCreateFile$WIMExtractImagePath$WIMGetImageInformation$WIMLoadImage$WIMRegisterMessageCallback$WIMSetTemporaryPath$WIMUnregisterMessageCallback$Wimgapi$Windows\Boot\EFI\bootmgfw.efi$\7z.exe$wimgapi.dll
                                                                                                  • API String ID: 1482292118-2529235838
                                                                                                  • Opcode ID: ffaaa8bec56af51475a7b7cb955cf4267f0cc75bacc12b5e7ed4e14efc369b3a
                                                                                                  • Instruction ID: 0ba979e9f2ef3058a384171f6166162d4c0f975f609717c01912485242acb87a
                                                                                                  • Opcode Fuzzy Hash: ffaaa8bec56af51475a7b7cb955cf4267f0cc75bacc12b5e7ed4e14efc369b3a
                                                                                                  • Instruction Fuzzy Hash: C3A10DA6E0960B90FA54DB10E8553F4A3A1BF33794F940235D84DC76A1FF7EA548C28E
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED32AD38 Relevance: 49.2, APIs: 9, Strings: 19, Instructions: 242sleepstringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked_snprintf$Sleepstrchr$??3@DebugDefineDeviceOutputString_wassertisspace
                                                                                                  • String ID: %s%s$%s\bcdboot.exe %s\Windows /v /f %s /s %s$%s\bcdedit.exe /store %s\EFI\Microsoft\Boot\BCD /set {default} recoveryenabled no$ALL$BIOS$Could not format EFI System Partition$Could not mount ISO for Windows To Go installation$Disabling use of the Windows Recovery Environment using command:$Enabling boot using command:$Failed to apply Windows To Go image$Failed to enable boot$Mounted ISO as '%s'$Setting the target's internal drives offline using command:$Setting up EFI System Partition$UEFI$Windows To Go mode selected$dism /Image:%s\ /Apply-Unattend:%s$strchr(cmd, '%') == NULL$wue.c
                                                                                                  • API String ID: 2142259945-2104242538
                                                                                                  • Opcode ID: 8c3488f43c1badab8398c7dc660b16d28206809b25ac94c8d41392b768024077
                                                                                                  • Instruction ID: 3abe66171e7341e137f5d30ed9801e6026570d54c9237ba6b15822fa3d285862
                                                                                                  • Opcode Fuzzy Hash: 8c3488f43c1badab8398c7dc660b16d28206809b25ac94c8d41392b768024077
                                                                                                  • Instruction Fuzzy Hash: 96B18067E0868795FB109B12E8107B9A351AFA6788F880031DD4DC77A5FF3EE805C34A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED34DDA3 Relevance: 46.7, APIs: 8, Strings: 23, Instructions: 177COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memcmp
                                                                                                  • String ID: )$)$FAT $FAT12 $FAT16 $FAT32 $MSWIN4.0$MSWIN4.1$NTFS $filesystem type "????????" not supported$impossible cluster size on an FAT volume$impossible sector size$impossibly large number of clusters on an FAT volume$invalid media signature (not an FAT/NTFS volume?)$less than 4084 clusters but claims FAT16$less than 65525 clusters but claims FAT32$missing FAT32 signature$more than 4084 clusters but claims FAT12$negative number of data sectors on an FAT volume$unknown OEM name but claims NTFS$unsupported sectors size$zero FAT sectors$zero FAT sectors (FAT12/16)
                                                                                                  • API String ID: 1475443563-4075823600
                                                                                                  • Opcode ID: 5198105b9007de4f0d3377689e804ab935e14a49c2db98b6f64e03a05a3e1bb2
                                                                                                  • Instruction ID: 08fc8df99481d59415b8ccea81bec2ad66efb48401d3cabe38e64ecbc589684b
                                                                                                  • Opcode Fuzzy Hash: 5198105b9007de4f0d3377689e804ab935e14a49c2db98b6f64e03a05a3e1bb2
                                                                                                  • Instruction Fuzzy Hash: 32714253E0C25344FBA4CB12A40077992A19F32B85F885436D91CE76CAFF2FE54AD30A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E235A Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 195stringsleepCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Setup$ButtonChecked$ClassDevice$ChangeInfoInstallParamsState$??3@DebugDestroyDevsEnumInstanceListOutputSleepString_wassertstrcmpstrlen
                                                                                                  • String ID: $<NULL>$Could not cycle device (D1): %s$Could not cycle device (D2): %s$Could not cycle device (E1): %s$Could not cycle device (E2): %s$Could not find a device to cycle!$Could not get classes for device cycling: %s$dev.c$index < MAX_DRIVES
                                                                                                  • API String ID: 98966288-2759268175
                                                                                                  • Opcode ID: 009dcf4c51a5d8b54878a5e89396c54a6c505a0c1948fd4525a35cb3509d3a74
                                                                                                  • Instruction ID: 9ea252b972a096c55bb515c2583c3cdd341cc5508186c658ca1b102bce7d3522
                                                                                                  • Opcode Fuzzy Hash: 009dcf4c51a5d8b54878a5e89396c54a6c505a0c1948fd4525a35cb3509d3a74
                                                                                                  • Instruction Fuzzy Hash: 8E71D463B0864389FA118B22EA5437AA390AF56BC0F544135DE1ECB7D5FE3ED405870A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED327D3C Relevance: 38.7, APIs: 14, Strings: 8, Instructions: 184stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$ButtonChecked$??3@$strncat$DebugFileMoveOutputString_access_snprintf
                                                                                                  • String ID: 7z.exe did not extract %s$ Could not launch 7z.exe: %s$ Could not rename %s to %s: %s$"%s" -y e "%s" %s%s$#\$Extracting: %s (From %s)$Opening: %s:[%d] (7-Zip)$Windows\Boot\EFI\bootmgfw.efi
                                                                                                  • API String ID: 2735052962-4022968062
                                                                                                  • Opcode ID: dba6d978383f306cc235706bdf0ec8ee53f4417de1e74ccff3ec6ee9614ba46a
                                                                                                  • Instruction ID: 8180beab5f3861dd4af7338127b4dcec4769814c0307167dc4c4f60258506f9e
                                                                                                  • Opcode Fuzzy Hash: dba6d978383f306cc235706bdf0ec8ee53f4417de1e74ccff3ec6ee9614ba46a
                                                                                                  • Instruction Fuzzy Hash: 4061B497F0D68344FA559B12B8143BAD291AFA7BC4F5C0031DD4DC7B96FE2EE805824A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3285A3 Relevance: 38.7, APIs: 11, Strings: 11, Instructions: 178libraryloaderstringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc$ErrorLast$??3@_strcmpi$ByteCharMultiWidestrlen
                                                                                                  • String ID: .vhd$.vhdx$<NULL>$AttachVirtualDisk$Could not mount image '%s': %s$Could not obtain physical path for mounted image '%s': %s$Could not open image '%s': %s$GetVirtualDiskPhysicalPath$OpenVirtualDisk$Unable to locate %s() in '%s.dll': %s$VirtDisk
                                                                                                  • API String ID: 1087351203-1752336597
                                                                                                  • Opcode ID: 5d63d36c1d0b9c6078f5350ecffa564c058e9411155bbe4420b2ebf56294503c
                                                                                                  • Instruction ID: 36475cd522193cda93cd8596287ba46154fb446cb6aa4900aa3d24a0fe15ff1c
                                                                                                  • Opcode Fuzzy Hash: 5d63d36c1d0b9c6078f5350ecffa564c058e9411155bbe4420b2ebf56294503c
                                                                                                  • Instruction Fuzzy Hash: 5C81A267E0DA4784FA109B95B8003B9E390AF67798F540131C94DCBBA5FF7EE508874A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED350E52 Relevance: 36.9, APIs: 13, Strings: 8, Instructions: 184stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _calloc_dbg$??3@strlen$strcmp$_wassert
                                                                                                  • String ID: Bad directory information for %s$Couldn't calloc(1, %d)$_root->type == _STAT_DIR$can't allocate %lu bytes$iso9660_fs.c$offset == (blocks * ISO_BLOCKSIZE)$p_stat != ((void *)0)$p_stat->rr.psz_symlink != ((void *)0)
                                                                                                  • API String ID: 3521467936-2230183723
                                                                                                  • Opcode ID: 185eb3878ba8b32ee18d31f3a2c27df06dc4505d04fab512fb3aa254d369affd
                                                                                                  • Instruction ID: 65620552697453cba062ccbbc446419afd2861701c7d45410e2ec721ee2112e8
                                                                                                  • Opcode Fuzzy Hash: 185eb3878ba8b32ee18d31f3a2c27df06dc4505d04fab512fb3aa254d369affd
                                                                                                  • Instruction Fuzzy Hash: 5A61A417B0854345FA54AB12A4503BAA292AF77BC4F884535DD0DCBBC6FE2FE445830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2EA478 Relevance: 36.9, APIs: 13, Strings: 8, Instructions: 128stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Volume$MountPoint$ErrorLast$Namestrcmp$DefineDeleteDevice_strnicmptoupper
                                                                                                  • String ID: %s is already mounted, but volume GUID could not be checked: %s$%s is mounted, but volume GUID doesn't match: expected %s, got %s$%s was remounted as %c: (second time lucky!)$%s was successfully mounted as %c:$?:$Could not mount %s as %c:$Retrying after dismount...$Warning: Could not delete volume mountpoint '%s': %s
                                                                                                  • API String ID: 3497335266-1119813344
                                                                                                  • Opcode ID: 55abe8eab01530325e17b4b4afe272a6af9bbe3e9549e2bf161b4c93fd8c1bb9
                                                                                                  • Instruction ID: 75e16f76c14c5ee6d7501e4dab9a98efa6fbaf0222530b933ce8fe771624ec84
                                                                                                  • Opcode Fuzzy Hash: 55abe8eab01530325e17b4b4afe272a6af9bbe3e9549e2bf161b4c93fd8c1bb9
                                                                                                  • Instruction Fuzzy Hash: D1416B57F1854398FE119B32AA043BA96555F67BC0F480432DE0ECB795FD2EE505831B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E7232 Relevance: 33.6, APIs: 4, Strings: 15, Instructions: 323COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@DebugErrorLastOutputString_wassertwnsprintf
                                                                                                  • String ID: (DriveIndex >= DRIVE_INDEX_MIN) && (DriveIndex <= DRIVE_INDEX_MAX)$Could not access the requested Disk interface: %s$Could not create VDS Loader Instance: %s$Could not get VDS Provider: %s$Could not get VDS Software Provider Packs: %s$Could not get VDS Software Provider: %s$Could not load VDS Service: %s$Could not query VDS Disk Interface: %s$Could not query VDS Disk Properties: %s$Could not query VDS Service Providers: %s$Could not query VDS Software Provider Pack: %s$Could not query VDS disks: %s$VDS Service is not ready: %s$\\?\PhysicalDrive%lu$drive.c
                                                                                                  • API String ID: 2018657444-3038476110
                                                                                                  • Opcode ID: 5e81bc52902d714293994e6f6a0ac46213eab43ea67628db7fa725d409a82682
                                                                                                  • Instruction ID: bd1f1d6b5fe6a98b8edb64a47f2807c298610792091c281d488474bcd9900d36
                                                                                                  • Opcode Fuzzy Hash: 5e81bc52902d714293994e6f6a0ac46213eab43ea67628db7fa725d409a82682
                                                                                                  • Instruction Fuzzy Hash: 0FE13937B08A4686EF61DB25D5903AE63A1EB99B84F504435CF4E877A4EF3ED408C306
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E396B Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 149stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: 00007??3@DeviceEnumErrorF931InterfacesLastSetupstrlenstrstr
                                                                                                  • String ID: $ Matched with ID[%03d]: %s$Could not get children of '%s'$Could not locate device node for '%s'$Found VHD device '%s'$Found card reader device '%s'$NOTE: Matched instance from sibling for '%s'$SCSI Dis$SetupDiEnumDeviceInterfaces failed: %s$UAS Devi$ice$ice$k Device
                                                                                                  • API String ID: 1167082051-600936590
                                                                                                  • Opcode ID: 8e997ecb6ffb1d43c83dcb32d19bdf7ca51b58dc53ddd8371c1d0fbbf9809edb
                                                                                                  • Instruction ID: 6865d002987147c636d30a143ae610c1776fffe53c4a932828088ba12ae41dd5
                                                                                                  • Opcode Fuzzy Hash: 8e997ecb6ffb1d43c83dcb32d19bdf7ca51b58dc53ddd8371c1d0fbbf9809edb
                                                                                                  • Instruction Fuzzy Hash: B1716173A0C68699E772CB25E5443BAA3A1EB91782F844035DE4DC7698FF3DE444C70A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E553C Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 177stringfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$ButtonChecked$CloseCreateHandlestrncat$??3@DebugDirectoryFileOutputString
                                                                                                  • String ID: Could not write file '%s': %s.$LOCALE\$Successfully wrote '%s' (%d bytes)$Unable to create file '%s': %s.$invalid path supplied for FreeDOS extraction
                                                                                                  • API String ID: 2244612145-1534342996
                                                                                                  • Opcode ID: a4aaa510bcca076eac33bf07c1bee0e3a7b5bfdce570e5922af2c02414eb47ff
                                                                                                  • Instruction ID: 58d244bcf3818fc2c817858169659b826f43e8f8026a36904f6a6a95e8d77436
                                                                                                  • Opcode Fuzzy Hash: a4aaa510bcca076eac33bf07c1bee0e3a7b5bfdce570e5922af2c02414eb47ff
                                                                                                  • Instruction Fuzzy Hash: B071F563B0868685EB10DB22F4003AEA761FB967C0F444132EE4D87B99EF7EE545C705
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E66CF Relevance: 29.8, APIs: 10, Strings: 7, Instructions: 89stringfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$fputs$fclosefopenfprintfstrcmpstrncat
                                                                                                  • String ID: @echo off$Successfully wrote 'AUTOEXEC.BAT'$Will use codepage %d [%s]$\AUTOEXEC.BAT$echo Using %s keyboard with %s codepage [%d]$ega12$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 2798684770-1312814310
                                                                                                  • Opcode ID: 9c782066558ef85f9c8a5a4326b96fb5b68c985cfb17e98e7c7e40fdf15f8c2f
                                                                                                  • Instruction ID: fe1f6345426e1200af53443690014c4e0ede29f99fe8a9778444720170e3ffc7
                                                                                                  • Opcode Fuzzy Hash: 9c782066558ef85f9c8a5a4326b96fb5b68c985cfb17e98e7c7e40fdf15f8c2f
                                                                                                  • Instruction Fuzzy Hash: 8631D253B0960285FA01EB25F8513BD96A1AF967C4F940435DE0ECB796FE3FE844830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6723 Relevance: 29.8, APIs: 10, Strings: 7, Instructions: 89stringfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$fputs$fclosefopenfprintfstrcmpstrncat
                                                                                                  • String ID: @echo off$Successfully wrote 'AUTOEXEC.BAT'$Will use codepage %d [%s]$\AUTOEXEC.BAT$echo Using %s keyboard with %s codepage [%d]$ega15.cpx$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 2798684770-1699836411
                                                                                                  • Opcode ID: d0d40668e74d84701c8bee4b5f9a69be7b6a231cf020fa63bb3afb08060bb8a0
                                                                                                  • Instruction ID: b302e07105465865e7827b112c328b79670d27b12edb9cd530c7ad2074c8f62e
                                                                                                  • Opcode Fuzzy Hash: d0d40668e74d84701c8bee4b5f9a69be7b6a231cf020fa63bb3afb08060bb8a0
                                                                                                  • Instruction Fuzzy Hash: 0531D353B0D60285FA01EB25F8513BD96A1AF967C4F940435DE0ECB796FE3EE844830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E65A9 Relevance: 29.8, APIs: 10, Strings: 7, Instructions: 89stringfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$fputs$fclosefopenfprintfstrcmpstrncat
                                                                                                  • String ID: @echo off$Successfully wrote 'AUTOEXEC.BAT'$Will use codepage %d [%s]$\AUTOEXEC.BAT$echo Using %s keyboard with %s codepage [%d]$ega.cpx$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 2798684770-2175901530
                                                                                                  • Opcode ID: a178bc64c1a8312474e26dee50b158b77463b8095b94b2419836aca9d301cb58
                                                                                                  • Instruction ID: adb16d3fe930663cd11fd556413e39a3bcb88d46d621a99512cd36a9d8cf06f3
                                                                                                  • Opcode Fuzzy Hash: a178bc64c1a8312474e26dee50b158b77463b8095b94b2419836aca9d301cb58
                                                                                                  • Instruction Fuzzy Hash: B931D353B0960285FA01EB25F8513FD92A1AF967C4F940435DE0ECB796FE3EE844830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E659D Relevance: 29.8, APIs: 10, Strings: 7, Instructions: 89stringfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$fputs$fclosefopenfprintfstrcmpstrncat
                                                                                                  • String ID: @echo off$Successfully wrote 'AUTOEXEC.BAT'$Will use codepage %d [%s]$\AUTOEXEC.BAT$echo Using %s keyboard with %s codepage [%d]$ega9.cpx$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 2798684770-3568477321
                                                                                                  • Opcode ID: 38a76b858dc0f9194bd2aa31fa9ed5500feeac70cf19cddb0935b47289cd895e
                                                                                                  • Instruction ID: 1b41e2554bd1b806f5a6ec8e62d6bfca09f35273973d7d06954a5a41d278e277
                                                                                                  • Opcode Fuzzy Hash: 38a76b858dc0f9194bd2aa31fa9ed5500feeac70cf19cddb0935b47289cd895e
                                                                                                  • Instruction Fuzzy Hash: BC31D253B0D60285FA01EB25F8513BD92A1AF967C4F940435DE0ECB796FE3EE844830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E65D4 Relevance: 29.8, APIs: 10, Strings: 7, Instructions: 89stringfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$fputs$fclosefopenfprintfstrcmpstrncat
                                                                                                  • String ID: @echo off$Successfully wrote 'AUTOEXEC.BAT'$Will use codepage %d [%s]$\AUTOEXEC.BAT$echo Using %s keyboard with %s codepage [%d]$ega8.cpx$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 2798684770-3124674504
                                                                                                  • Opcode ID: 66599ae607d01473d3ff58430cec9abcbc3ddf7dfcc309c344344c498eadb2cc
                                                                                                  • Instruction ID: 4178f42e14d010a6f68131d6a1da28c588cd5b19ec7ba41faf1bd3e52dd1af2a
                                                                                                  • Opcode Fuzzy Hash: 66599ae607d01473d3ff58430cec9abcbc3ddf7dfcc309c344344c498eadb2cc
                                                                                                  • Instruction Fuzzy Hash: E431D253B0D60285FA01EB25F8513BD92A1AF967C4F940435DE0ECB796FE3EE844830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E6862 Relevance: 29.8, APIs: 10, Strings: 7, Instructions: 89stringfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$fputs$fclosefopenfprintfstrcmpstrncat
                                                                                                  • String ID: @echo off$Successfully wrote 'AUTOEXEC.BAT'$Will use codepage %d [%s]$\AUTOEXEC.BAT$echo Using %s keyboard with %s codepage [%d]$ega3.cpx$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 2798684770-3408413825
                                                                                                  • Opcode ID: b6c931a550dfef7ce168c8c7ba5fce96d57f31db3a1e77dbf1e6082f36822bd9
                                                                                                  • Instruction ID: d690d06191a79ea50ee96144656ab0cf4e29f76439dc614ef2d1a6005e079a92
                                                                                                  • Opcode Fuzzy Hash: b6c931a550dfef7ce168c8c7ba5fce96d57f31db3a1e77dbf1e6082f36822bd9
                                                                                                  • Instruction Fuzzy Hash: CF31D353B0960285FA01EB25F8513BD92A1AF967C4F940435DE0ECB796FE3EE844830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E687D Relevance: 29.8, APIs: 10, Strings: 7, Instructions: 89stringfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$fputs$fclosefopenfprintfstrcmpstrncat
                                                                                                  • String ID: @echo off$Successfully wrote 'AUTOEXEC.BAT'$Will use codepage %d [%s]$\AUTOEXEC.BAT$echo Using %s keyboard with %s codepage [%d]$ega14.cpx$set PATH=.;\;\LOCALE
                                                                                                  • API String ID: 2798684770-199060154
                                                                                                  • Opcode ID: d8874b6b2b1a5809bd8e19ecb98cb188693148b705faa4ea02d0dcf95a615c5d
                                                                                                  • Instruction ID: 2230e92095bf771a1f2da8b6b99eb8056140f7442d133f4e2c0c237dcfd59ec0
                                                                                                  • Opcode Fuzzy Hash: d8874b6b2b1a5809bd8e19ecb98cb188693148b705faa4ea02d0dcf95a615c5d
                                                                                                  • Instruction Fuzzy Hash: 4531D253B0960285FA01EB25F8513BD92A1AF967C4F940435DE0ECB796FE3EE844830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2EF983 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 182fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLaststrlen$File$??3@strstr$BuffersCloseCreateFlushHandleWrite_calloc_dbg_snprintf
                                                                                                  • String ID: (%s) %s$Could not allocate buffer for download$Could not download complete file - read: %lld bytes, expected: %lld bytes$Error writing file '%s': %s$Error writing file '%s': Only %d/%d bytes written$No buffer pointer provided for download$Successfully downloaded '%s'$Unable to create file '%s': %s
                                                                                                  • API String ID: 2675024107-1076146802
                                                                                                  • Opcode ID: 91b59cbf66dba111028b056228a58e6ee0ca5045ab8c3d4e82f0c34dc1a6941e
                                                                                                  • Instruction ID: 04c00421b93318cba41ac764ddac4b7e1c60118fcc85c794a2b097cd89592854
                                                                                                  • Opcode Fuzzy Hash: 91b59cbf66dba111028b056228a58e6ee0ca5045ab8c3d4e82f0c34dc1a6941e
                                                                                                  • Instruction Fuzzy Hash: 0981D323B0964286E6209B16E51037AA390FF96B90F640631DE5DD7BD5FF3EE409870E
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED30798C Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 164libraryloadersynchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Process$??3@AddressCodeControlCurrentDeviceExitMutexProcRelease_snprintf_wassert
                                                                                                  • String ID: NtClose$NtDll$Process search thread is not started!$Timeout while retrieving conflicting process list$Unable to locate %s() in '%s.dll': %s$WARNING: The following application(s) or service(s) are accessing the drive:$You should close these applications before retrying the operation.$blocking_process.hLock != NULL$process.c
                                                                                                  • API String ID: 2583728277-2568210052
                                                                                                  • Opcode ID: a9f69d55b1a6573e4b1bc27415d4dd5dd655b34c7b56f15c0123b2fc522e2f56
                                                                                                  • Instruction ID: f42a8865aac7fc4aa3eeb398d26b78d3872c609eb48a3508565539dd645b1bea
                                                                                                  • Opcode Fuzzy Hash: a9f69d55b1a6573e4b1bc27415d4dd5dd655b34c7b56f15c0123b2fc522e2f56
                                                                                                  • Instruction Fuzzy Hash: 86719B67A0CA4791EA90CB51E8503BAA360AFA67C4F540031DD4EC37A5FE7EE945C30A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E7CD5 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 111stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$DeviceQuery_mbsdup_snprintf_wassertstrncat
                                                                                                  • String ID: (DriveIndex >= DRIVE_INDEX_MIN) && (DriveIndex <= DRIVE_INDEX_MAX)$Could not find a DOS volume name for '%s': %s$Error: Could not find a partition at offset %lld on this disk$Error: Searching for a partition on a non matching disk$Harddisk%luPartition%lu$NO_LABEL$drive.c
                                                                                                  • API String ID: 1443924321-611631350
                                                                                                  • Opcode ID: ced8aedaa3729adb79b587d0738507530c5fbdd81f0c83be6b891f86f805f3bb
                                                                                                  • Instruction ID: 3cf9ad283b1b7264a5722dc898b275378c0b6886e66d0fde565bfeba6381ec5f
                                                                                                  • Opcode Fuzzy Hash: ced8aedaa3729adb79b587d0738507530c5fbdd81f0c83be6b891f86f805f3bb
                                                                                                  • Instruction Fuzzy Hash: C441F363B0C14795FF559B21E9003BA9250AF66784F844432DE1DCBA95FF7FA909830B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E21E7 Relevance: 26.3, APIs: 6, Strings: 9, Instructions: 89fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$Count64Tick$??3@CloseControlCreateDebugDeviceFileHandleOutputString_wassertisspace
                                                                                                  • String ID: Failed to cycle port: %s$?$Could not open %s: %s$Cycling port %d (reset) on %s$Please wait for the device to re-appear...$The device you are trying to reset does not appear to be a USB device...$You must wait at least 10 seconds before trying to reset a device$dev.c$index < MAX_DRIVES
                                                                                                  • API String ID: 1942857200-2484221902
                                                                                                  • Opcode ID: 96b366ab8f48e003bd59a67291f7669214c15b0f58c3cac13e25ad9292da150c
                                                                                                  • Instruction ID: ceef5e6731cb4c4e931d081fb596a3fb52a8d7497ac9888ada6d5253f8c82d71
                                                                                                  • Opcode Fuzzy Hash: 96b366ab8f48e003bd59a67291f7669214c15b0f58c3cac13e25ad9292da150c
                                                                                                  • Instruction Fuzzy Hash: 59419173A0860285EB10DB61F9403ADA3A0EF66B94F544236DE6DC7795FF3ED005870A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED32BF7B Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 90COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _close_errno_fputcharprintf$??3@
                                                                                                  • String ID: Error: Could not open '%s' (errno: %d)$Error: The library has not been initialized$Error: This compression format is not supported for directory extraction
                                                                                                  • API String ID: 526922384-442647022
                                                                                                  • Opcode ID: f2ee0ea2d26b9f4fd770c4a772a8fdf7c06ff439212cc5422c81ed25b24c1f42
                                                                                                  • Instruction ID: 83f280836101263f5aa039bbf28760ff091dd1140c4a4c70e8c84d619f72b8d5
                                                                                                  • Opcode Fuzzy Hash: f2ee0ea2d26b9f4fd770c4a772a8fdf7c06ff439212cc5422c81ed25b24c1f42
                                                                                                  • Instruction Fuzzy Hash: B5418E23F08A1685F7649B20A8003BCA260AF62768F544235D96DC7AD5FE3FE409874B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E8AA3 Relevance: 24.3, APIs: 1, Strings: 15, Instructions: 326COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetLastError.KERNEL32 ref: 00007FF6ED2E8F98
                                                                                                    • Part of subcall function 00007FF6ED318339: OutputDebugStringW.KERNEL32 ref: 00007FF6ED3183A2
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183D4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183E4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183F4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED318404
                                                                                                    • Part of subcall function 00007FF6ED318339: ??3@YAXPEAX@Z.MSVCRT ref: 00007FF6ED318424
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@DebugErrorLastOutputString
                                                                                                  • String ID: VOL GUID: '%S'$Could not create VDS Loader Instance: %s$Could not get VDS Provider: %s$Could not get VDS Software Provider Packs: %s$Could not get VDS Software Provider: %s$Could not load VDS Service: %s$Could not query VDS Service Providers: %s$Could not query VDS Software Provider Pack: %s$Could not query VDS Volume Interface: %s$Could not query VDS Volume Properties: %s$Could not query VDS VolumeMF3 GUID PathNames: %s$Could not query VDS VolumeMF3 Interface: %s$Could not query VDS volumes: %s$FOUND VOLUME: '%S'$VDS Service is not ready: %s
                                                                                                  • API String ID: 3904870292-2054541878
                                                                                                  • Opcode ID: 2be9b8b5f736c6a44b583f880bb547a77bc38ff6dbc44655e8714e26e3b4b9ad
                                                                                                  • Instruction ID: 78cab560214ac636809dff47b9cdf73d3c05f8dfb27225c9c1cf515bd7275167
                                                                                                  • Opcode Fuzzy Hash: 2be9b8b5f736c6a44b583f880bb547a77bc38ff6dbc44655e8714e26e3b4b9ad
                                                                                                  • Instruction Fuzzy Hash: 70E14E67708A4685EB21DB75D55036DA3A1EBD8B84F504436DF8EC77A4EE3ED808C306
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3151C0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 196stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$_snprintf_strnicmpstrncat
                                                                                                  • String ID: %+d$@$Device score: $HDD$UFD
                                                                                                  • API String ID: 3189120363-316068202
                                                                                                  • Opcode ID: ef65ab105277897f8184cb434962bfc78330dfe5d81b5c058cc80cf30200f6b3
                                                                                                  • Instruction ID: 3d05064dc9b5bcb992aa7ad16f704306eadfe821499dbdd232d7b1dbd2b44584
                                                                                                  • Opcode Fuzzy Hash: ef65ab105277897f8184cb434962bfc78330dfe5d81b5c058cc80cf30200f6b3
                                                                                                  • Instruction Fuzzy Hash: A9711613A0D68286EB608B65E84037EA7A1FB667C0F440631DD4E87B95FF7ED54AC306
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED350258 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 240stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@_calloc_dbg$strcmpstrncpy
                                                                                                  • String ID: $%d %d %d, '%c%c' (%d, %d)$Couldn't calloc(1, %d)$Non consecutive multiextent file parts for '%s'$Non-contiguous data extents with '%s'$XA signature not found in ISO9660's system use area; ignoring XA attributes for this file entry.
                                                                                                  • API String ID: 4139757052-3437042569
                                                                                                  • Opcode ID: 357345c7db4ff1db02a328a822bd9ce16f6d5d2358fdc24d3ea66bbdca470a40
                                                                                                  • Instruction ID: 8a772cec6f14abd6e9b945b481ff67b1904570f48b13cc79c908bd2e79914030
                                                                                                  • Opcode Fuzzy Hash: 357345c7db4ff1db02a328a822bd9ce16f6d5d2358fdc24d3ea66bbdca470a40
                                                                                                  • Instruction Fuzzy Hash: 22A1D563A0C68245EB708F25D4107BDA791EB66788F484435EE8E87789FE7FE444C706
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED32747C Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 143registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _snprintf$CloseEnumInfoOpenQuery
                                                                                                  • String ID: ($SOFTWARE\Microsoft\WIMMount\Mounted Images$SOFTWARE\Microsoft\WIMMount\Mounted Images\%s\Image Index$SOFTWARE\Microsoft\WIMMount\Mounted Images\%s\Mount Path$SOFTWARE\Microsoft\WIMMount\Mounted Images\%s\WIM Path
                                                                                                  • API String ID: 939282104-304465030
                                                                                                  • Opcode ID: bdae4b37842d67bde5f7b8b8a55033bf8cc5dc14092c01f15ddd9aa2f42b77c2
                                                                                                  • Instruction ID: eb038ab7fed714436a13ffd276871e79d6b91b59a719307f3ac02529e9ab7e7d
                                                                                                  • Opcode Fuzzy Hash: bdae4b37842d67bde5f7b8b8a55033bf8cc5dc14092c01f15ddd9aa2f42b77c2
                                                                                                  • Instruction Fuzzy Hash: 676162B3A0868185E7608B15F8447EAF790FB95794F500236DE8D83BA8EF3DD144CB49
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E8530 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 139COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast_wassertwnsprintf
                                                                                                  • String ID: (DriveIndex >= DRIVE_INDEX_MIN) && (DriveIndex <= DRIVE_INDEX_MAX)$Could not clean up VDS mountpoints: %s$Could not create VDS Loader Instance: %s$Could not load VDS Service: %s$Could not query VDS Service Providers: %s$Could not refresh VDS layout: %s$VDS Service is not ready: %s$\\?\PhysicalDrive%lu$drive.c
                                                                                                  • API String ID: 4245397174-1834460001
                                                                                                  • Opcode ID: 9826f74f774d37097a3a89b838db8dfa9184461372cdadbe4be283c9291e466a
                                                                                                  • Instruction ID: 7613a80f889bf188510a0733c77549466158c0ee8bd49f38b65229ce21e5441c
                                                                                                  • Opcode Fuzzy Hash: 9826f74f774d37097a3a89b838db8dfa9184461372cdadbe4be283c9291e466a
                                                                                                  • Instruction Fuzzy Hash: 3E515E36B09B4686EB119B75D45037AA3A1ABD9B84F404435DF4ECBB90FE3ED404870A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED32BC98 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 82COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno$_open_osfhandle$_fputcharprintf
                                                                                                  • String ID: Error: Could not get source descriptor (errno: %d)$Error: Could not get target descriptor (errno: %d)$Error: The library has not been initialized$Error: Unsupported compression format
                                                                                                  • API String ID: 534484639-358100754
                                                                                                  • Opcode ID: 659a8093d40a816437c788a078e73d574c781d6035fded0696ad26e1926aaf0a
                                                                                                  • Instruction ID: be666d521f7de29df132cb62713d2cfbd7be8829fda8ee9097e59b339b489deb
                                                                                                  • Opcode Fuzzy Hash: 659a8093d40a816437c788a078e73d574c781d6035fded0696ad26e1926aaf0a
                                                                                                  • Instruction Fuzzy Hash: EC314F63F0854785FB109B20E8407B8A364EF76758F540231C91DCBAE5FE3EE045974A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED34E6F6 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 50libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$AddressProc$LibraryLoad
                                                                                                  • String ID: GetDiskFreeSpace() not found in KERNEL32.DLL!$GetDiskFreeSpaceA$GetVolumePathName() not found in KERNEL32.DLL!$GetVolumePathNameA$KERNEL32.DLL not found!$kernel32.dll
                                                                                                  • API String ID: 2386773288-3042459999
                                                                                                  • Opcode ID: d3745a4057dbc535a27e5e4fdf07bd7f1793d36f473ee657ee425f58b15cf67a
                                                                                                  • Instruction ID: 09e6cacde77a9dfefd8af918160066d4001a1516483d46f8dffca3203b348f7b
                                                                                                  • Opcode Fuzzy Hash: d3745a4057dbc535a27e5e4fdf07bd7f1793d36f473ee657ee425f58b15cf67a
                                                                                                  • Instruction Fuzzy Hash: 3F116A67A09A0681FB54CF24E8443B8B7A0EF66794F548032C80C97698FF3FE942C349
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2FBD8D Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 185COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@$DebugOutputString_calloc_dbg_malloc_dbgstrcmp
                                                                                                  • String ID: Detected EFI bootloader(s) (from '%s'):$BOOT $Could not get ISO-9660 file information for file %s$Could not open image '%s' as an ISO-9660 file system$EFI $Error reading ISO-9660 file %s at LSN %lu$FAT access error
                                                                                                  • API String ID: 1482545383-2595121241
                                                                                                  • Opcode ID: 27c6eb8d63a47f0365d470b97253e51e744ea00599083408316ded1ad4076ae6
                                                                                                  • Instruction ID: e5b083e7fb60c25b79babd2745eaa7d38bb1843847c7a2f611be17d3c32fbc59
                                                                                                  • Opcode Fuzzy Hash: 27c6eb8d63a47f0365d470b97253e51e744ea00599083408316ded1ad4076ae6
                                                                                                  • Instruction Fuzzy Hash: 29710623A1C65785EA20DB21E4403BAA3A0EF96744F544536EE4DC7799FE3FE405C70A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E15D1 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 160COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _realloc_dbgfflushfprintfmemcpy
                                                                                                  • String ID: %s%lu$%sError %d adding to in-memory bad block list$Bad Blocks: $Block %lu: %s error$corruption$read$write
                                                                                                  • API String ID: 3971101709-1495116288
                                                                                                  • Opcode ID: 07718ef1942ceb62ab44840abb87c83af94018ae20f6a403d097561168ed9fa6
                                                                                                  • Instruction ID: e36ab9eaff3be065c9ed13c2439983b1a47c4a0bcd281e0c17ce0d117dd00f9d
                                                                                                  • Opcode Fuzzy Hash: 07718ef1942ceb62ab44840abb87c83af94018ae20f6a403d097561168ed9fa6
                                                                                                  • Instruction Fuzzy Hash: 9C51C173B1952289EB168B25D6403B962A1BB25F84F488436CE0EC76C4FF3EE404D30B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E7891 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 116registrystringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseOpenstrlen$CreateQueryValue
                                                                                                  • String ID: Akeo Consulting\Rufus$SOFTWARE$\
                                                                                                  • API String ID: 3133987365-3445580060
                                                                                                  • Opcode ID: 6dfa461abfbe4cf0c573c0d320de729b9aa759ba9ddf406a62ad4a2e621d0665
                                                                                                  • Instruction ID: c3665376c77555c5940eff5e275a821afdbdf5ef19ef900a3ad0e4c7c683eafc
                                                                                                  • Opcode Fuzzy Hash: 6dfa461abfbe4cf0c573c0d320de729b9aa759ba9ddf406a62ad4a2e621d0665
                                                                                                  • Instruction Fuzzy Hash: A541CF33718B858AEB11CB25F8107AAB2A1FB88784F544135EE9D83B98EF3DD101CB05
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED355B1C Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 112stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@ByteCharMultiWide$_calloc_dbg_malloc_dbg_wassertstrcmp
                                                                                                  • String ID: UCS-2BE$le_src != ((void *)0)$utf8.c
                                                                                                  • API String ID: 442007427-1091201221
                                                                                                  • Opcode ID: 09ad8cac8a695b849ad79013405d066b51e44181933e111fa3f0eb52cc0f6f1b
                                                                                                  • Instruction ID: d6fbae067b828fe4edae2743c57ea5ab6383c1162d4950f311d4751a3701362d
                                                                                                  • Opcode Fuzzy Hash: 09ad8cac8a695b849ad79013405d066b51e44181933e111fa3f0eb52cc0f6f1b
                                                                                                  • Instruction Fuzzy Hash: 31414723A0974245EB659F25B8407B9A691AF667A4F485334DE5DC77C1FF7EE000C20A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED341709 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 109libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc$??3@ByteCharMultiWidewcslen
                                                                                                  • String ID: $0$@$NtDelayExecution$NtOpenFile$Ntdll$Unable to locate %s() in '%s.dll': %s
                                                                                                  • API String ID: 4160361738-1857838082
                                                                                                  • Opcode ID: 02516a48f2d45d638426c34bc53abf7b557d9a707916b9c9a7a5f865916ca954
                                                                                                  • Instruction ID: 2de97da2a2eb24bc5ffd30c1f26656785e83bb930da98fefbc01cbd289476fe6
                                                                                                  • Opcode Fuzzy Hash: 02516a48f2d45d638426c34bc53abf7b557d9a707916b9c9a7a5f865916ca954
                                                                                                  • Instruction Fuzzy Hash: C041C373908B4685E720DF51F8043A6B6A0FBA6798F540134EE8D877A5EF3EE149C709
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED32A625 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 98COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@_snprintf_wstat64
                                                                                                  • String ID: Error writing file: %s$%s\EFI\Microsoft\Boot\SKUSiPolicy.p7b$%s\SecureBootUpdates\SKUSiPolicy.p7b$Copying: %s (%s) (from %s)
                                                                                                  • API String ID: 2773587724-2490069341
                                                                                                  • Opcode ID: 66c183e2e321af6f477847779fe9c9115fc0a9e34351ad9322891df894e1462a
                                                                                                  • Instruction ID: bbeef38a00fa458ba8252c6ed1b0d3d273431586bd45bb0d77b5aa152b66ea51
                                                                                                  • Opcode Fuzzy Hash: 66c183e2e321af6f477847779fe9c9115fc0a9e34351ad9322891df894e1462a
                                                                                                  • Instruction Fuzzy Hash: D831B357E0C68745FA519B56AC003B6E392AF62B88F484032DD0D8B795FE7EE445C24E
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3552B2 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 70stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _mbsdup$??3@_calloc_dbg_wassertstrtok
                                                                                                  • String ID: _str != ((void *)0)$str != ((void *)0)$strv != ((void *)0)$util.c
                                                                                                  • API String ID: 2676021263-2304516504
                                                                                                  • Opcode ID: 84d24ea8374fb4072c1fa3c8717f01c7e1debe9ebcb2c9288621fd06ed43baaf
                                                                                                  • Instruction ID: 908acd08a29e8f2aaa4ee932142e3183b17399b1e1e6799c890134a1af556d4e
                                                                                                  • Opcode Fuzzy Hash: 84d24ea8374fb4072c1fa3c8717f01c7e1debe9ebcb2c9288621fd06ed43baaf
                                                                                                  • Instruction Fuzzy Hash: 7F21F523B1E50790FE259B15A81037AD2506F77784F484934DD0ECB695FE6EF905C34A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED315DAE Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 132stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmpstrlen$??3@_malloc_dbg
                                                                                                  • String ID: <NULL>$could not duplicate string for hash table$hash table is full (%d entries)
                                                                                                  • API String ID: 2250639221-3392006599
                                                                                                  • Opcode ID: 0fc0f29130e9beb553b2ee805d23c2d9bc41f3c31f95e731ca006204f376758b
                                                                                                  • Instruction ID: 6e93c6d21281c72ef799cdcd9a8ef24912cec43b487388a9f220e144e52e64b3
                                                                                                  • Opcode Fuzzy Hash: 0fc0f29130e9beb553b2ee805d23c2d9bc41f3c31f95e731ca006204f376758b
                                                                                                  • Instruction Fuzzy Hash: 0841C323F0965385EA54EB15984437AE6A6BFA6784F48C135DD0DC7781FE3EE8098305
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2F79FF Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorFileLast$??3@CloseCreateHandleRead
                                                                                                  • String ID: Read error: %s$Could not open file: %s$Rufus\grub4dos-0.4.6a\grldr
                                                                                                  • API String ID: 1269725737-1546548195
                                                                                                  • Opcode ID: 957e819686cdaefe403837f3b74b930c3fe17185b1be3b933d70f797c1ee76b6
                                                                                                  • Instruction ID: 0a8534e284e69862654995dcef68405140551a63527ad2f01a828c167bdd4202
                                                                                                  • Opcode Fuzzy Hash: 957e819686cdaefe403837f3b74b930c3fe17185b1be3b933d70f797c1ee76b6
                                                                                                  • Instruction Fuzzy Hash: B641F523B095424AFA149B21A9147B9A751BB56BB4F144330DE2E87BC4EF3ED505830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2FE531 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 108stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlenstrncat$_snprintf
                                                                                                  • String ID: 'UEFI-CSM' means that the device will only boot in BIOS emulation mode (also known as 'Legacy Mode') under UEFI, and not in native UEFI mode.$MSG_%03u UNTRANSLATED$\ltrch$lch
                                                                                                  • API String ID: 3293242662-2911598336
                                                                                                  • Opcode ID: 0835f0d03f0ed8c8803542fe4d8b1c4aecb6efbada5e49d84a594435e88d11b4
                                                                                                  • Instruction ID: 18c888d6a75b24afe9983d15b9f2271a2bfd1018583d2556ef2e302a66c68026
                                                                                                  • Opcode Fuzzy Hash: 0835f0d03f0ed8c8803542fe4d8b1c4aecb6efbada5e49d84a594435e88d11b4
                                                                                                  • Instruction Fuzzy Hash: C741E267A1874286FB118B14F8003B8A751EF96780F584036DA0EC77A0FE7EE501CB0A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED341500 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 78libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@ByteCharMultiWide$DebugHandleLibraryLoadModuleOutputString_calloc_dbgisspace
                                                                                                  • String ID: Error: MAX_LIBRARY_HANDLES is too small$NtOpenFile$Unable to load '%S.dll': %s
                                                                                                  • API String ID: 3199631866-1880273833
                                                                                                  • Opcode ID: 979b3a0f0afb1039494b077555864372c70d4c5113601cd034330ed2e4f3b4db
                                                                                                  • Instruction ID: 5767ccf793bcf78e60add4dbc7d03fa1409b67cd9d41a21540a4451a5b2003ca
                                                                                                  • Opcode Fuzzy Hash: 979b3a0f0afb1039494b077555864372c70d4c5113601cd034330ed2e4f3b4db
                                                                                                  • Instruction Fuzzy Hash: 3921CA63E0DA0384F6609F61A8503B9E691AF66794F184575D95EC77D2FE3EE001830E
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3180A1 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 37registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@DebugErrorLastLoadOutputString_wassert
                                                                                                  • String ID: (key == HKEY_LOCAL_MACHINE) || (key == HKEY_USERS)$Could not unmount offline registry hive: %s$HKCU$HKLM$Unmounted offline registry hive '%s\%s'$stdfn.c
                                                                                                  • API String ID: 1105876800-3579100176
                                                                                                  • Opcode ID: 210541835c46b5962913d6d7d2ab03e57703ee0b248965bdc47ade6242710827
                                                                                                  • Instruction ID: 1d5cb31f1ec432a9af2caecf8049c0ca99df726d8d911540550bd75c4b369bf3
                                                                                                  • Opcode Fuzzy Hash: 210541835c46b5962913d6d7d2ab03e57703ee0b248965bdc47ade6242710827
                                                                                                  • Instruction Fuzzy Hash: 64018063B09A07E0EA009B25EC802A6A361AF26390F944535D81CC76E4FE2EE449C30E
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3512C2 Relevance: 15.2, APIs: 5, Strings: 5, Instructions: 199stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memchrmemcmp$strstr
                                                                                                  • String ID: $CD001$Expecting the PVD sector header MSF to be 0x16, is: %x$Expecting the PVD sector mode to be Mode 1 is: %x$Expecting the PVD sector mode to be Mode 2 is: %x
                                                                                                  • API String ID: 4093074746-2178616967
                                                                                                  • Opcode ID: 90ab9f1d691271b7e60e30203c140cc8ffc935cabf1526813e9bbff1b5364d0b
                                                                                                  • Instruction ID: 3a7db0879d605448325404598ce8a35fb49bea43703977f2de6c16dc2873580a
                                                                                                  • Opcode Fuzzy Hash: 90ab9f1d691271b7e60e30203c140cc8ffc935cabf1526813e9bbff1b5364d0b
                                                                                                  • Instruction Fuzzy Hash: 9681D773A0964245E711CB25A5003BAF6A2EBA6784F440431EE4EC77DAFE7EE541C70A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED353F27 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 108COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wassert$??3@
                                                                                                  • String ID: _cdio_list_length (p_list) > 0$ds.c$p_list->begin != p_list->end$p_list->begin == p_list->end$p_node != ((void *)0)$prev_node->next != ((void *)0)
                                                                                                  • API String ID: 1989182458-736553515
                                                                                                  • Opcode ID: 160ce982bdfc357b902e75faea005f6eb38f6f8d3e7440cdea05c2c2ffc08d64
                                                                                                  • Instruction ID: 2b366a6d14f2604d86191f8da2cd7ae2bd82d9354d8722a8dadd1d5fda1ba3f6
                                                                                                  • Opcode Fuzzy Hash: 160ce982bdfc357b902e75faea005f6eb38f6f8d3e7440cdea05c2c2ffc08d64
                                                                                                  • Instruction Fuzzy Hash: 33419727B0AA0685FE289B12E940379E261AF66FC0F588131CD0DC7798FE3EE4418346
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E971B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DefineDeleteDeviceMountPointVolumestrlen
                                                                                                  • String ID: #:\$ABORTED: Cannot use an image that is located on the target drive!$Failed to delete mountpoint %s: %s$Failed to get a drive letter$No drive letter was assigned...
                                                                                                  • API String ID: 2986757764-3865212242
                                                                                                  • Opcode ID: e78689028bb197ed5e42372225cf6f20e031b9eb4ad70b4794c19180487f7ce3
                                                                                                  • Instruction ID: 01af78c0abb8e89c9b04ba661a639f8c0bf52ae9a4c83d6146b82fdb85982c41
                                                                                                  • Opcode Fuzzy Hash: e78689028bb197ed5e42372225cf6f20e031b9eb4ad70b4794c19180487f7ce3
                                                                                                  • Instruction Fuzzy Hash: A431B663E0D65258FB62DB22AA4077AA690AF55784F440132DE4DC7795FE3EE408860F
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2ECE57 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@ByteCharMultiWide$DebugHandleLibraryLoadModuleOutputString_calloc_dbgisspace
                                                                                                  • String ID: Error: MAX_LIBRARY_HANDLES is too small$Unable to load '%S.dll': %s
                                                                                                  • API String ID: 3199631866-2510904519
                                                                                                  • Opcode ID: 3c943c451def0dc242e1485ce09f41f6b2f56e91647755c180ac8d6d8d806126
                                                                                                  • Instruction ID: c7dc85d83eb73d24b7e29c74e1e3c0e52026f45501cb98db2cc35f183cc7ab60
                                                                                                  • Opcode Fuzzy Hash: 3c943c451def0dc242e1485ce09f41f6b2f56e91647755c180ac8d6d8d806126
                                                                                                  • Instruction Fuzzy Hash: 6521F623A0974388E6229BB6B910379A691AF95B84F1C4135DE5EC37D1FE3EF040930E
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED325CE6 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,00000000,00007FF6ED3AE240,00007FF6ED328516,?,?,?,?,00007FF6ED2EE144), ref: 00007FF6ED325D1C
                                                                                                  • _calloc_dbg.MSVCRT ref: 00007FF6ED325D2D
                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,00000000,00007FF6ED3AE240,00007FF6ED328516,?,?,?,?,00007FF6ED2EE144), ref: 00007FF6ED325D51
                                                                                                  • GetModuleHandleW.KERNEL32 ref: 00007FF6ED325D5E
                                                                                                  • LoadLibraryExW.KERNEL32 ref: 00007FF6ED325D8F
                                                                                                    • Part of subcall function 00007FF6ED318339: OutputDebugStringW.KERNEL32 ref: 00007FF6ED3183A2
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183D4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183E4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183F4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED318404
                                                                                                    • Part of subcall function 00007FF6ED318339: ??3@YAXPEAX@Z.MSVCRT ref: 00007FF6ED318424
                                                                                                  • ??3@YAXPEAX@Z.MSVCRT ref: 00007FF6ED325DD1
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@ByteCharMultiWide$DebugHandleLibraryLoadModuleOutputString_calloc_dbgisspace
                                                                                                  • String ID: Error: MAX_LIBRARY_HANDLES is too small$Unable to load '%S.dll': %s
                                                                                                  • API String ID: 3199631866-2510904519
                                                                                                  • Opcode ID: 0d184daf3efaa1196ded09f83d900656e8c7baf3fd3abae0c638d879a6a0b13b
                                                                                                  • Instruction ID: c3d599bb077e07e88ab10972811239c70151414e183e3316da2d35bc6e115869
                                                                                                  • Opcode Fuzzy Hash: 0d184daf3efaa1196ded09f83d900656e8c7baf3fd3abae0c638d879a6a0b13b
                                                                                                  • Instruction Fuzzy Hash: 85210A23E0E69284E6209F26B804379E691AF66B88F184735DA4DC77D4FD3DE140824A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED34D1F6 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 69fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$File$??3@DebugErrorLastOutputPointerReadString
                                                                                                  • String ID: Read: %d, Expected: %I64u$ StartSector: 0x%08I64x, nSectors: 0x%I64x, SectorSize: 0x%I64x$read_sectors: Could not access sector 0x%08I64x - %s$read_sectors: Read error %s$read_sectors: nSectors x SectorSize is too big
                                                                                                  • API String ID: 2506482402-1228637891
                                                                                                  • Opcode ID: 4e363aaf4a90504b67ea10549448b3370f6c632c0205bf2cc613cbcc1b7cc798
                                                                                                  • Instruction ID: 9ec49f757c6a1b145ef21587e5b1dc73b966fa968198309ab7694fd04492ec26
                                                                                                  • Opcode Fuzzy Hash: 4e363aaf4a90504b67ea10549448b3370f6c632c0205bf2cc613cbcc1b7cc798
                                                                                                  • Instruction Fuzzy Hash: 0221A562B0854781E6109B52F8017A9E264AF637D0F445232ED2DD7BE5FE3EE405C70A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E46DA Relevance: 13.7, APIs: 9, Instructions: 164stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$strncat$_snprintf
                                                                                                  • String ID:
                                                                                                  • API String ID: 2356463325-0
                                                                                                  • Opcode ID: 36755837fe2cbae026c7f373763067cfec8c8b4cc05e37701350f6e2e91456dc
                                                                                                  • Instruction ID: f259161efdda53ee6343c9f6adc694a4f0176f599951a9a9222b06a0da446070
                                                                                                  • Opcode Fuzzy Hash: 36755837fe2cbae026c7f373763067cfec8c8b4cc05e37701350f6e2e91456dc
                                                                                                  • Instruction Fuzzy Hash: 2B716F53D0D2C24CFA769631A6143FD66829B86784F480035CF8E87AC6EE6EE945C61E
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2FEE3A Relevance: 13.6, APIs: 6, Strings: 3, Instructions: 77stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strlen$strstr
                                                                                                  • String ID: %3F$%3f$/
                                                                                                  • API String ID: 1237951486-1662459113
                                                                                                  • Opcode ID: c27d063949703733b6b218a38aaf33b1f41bbec08d51bcae6d3d689db94a5857
                                                                                                  • Instruction ID: 307b22ac90d6921a656e310705fc977f27f6e835d7ec2501401d16d4415ce854
                                                                                                  • Opcode Fuzzy Hash: c27d063949703733b6b218a38aaf33b1f41bbec08d51bcae6d3d689db94a5857
                                                                                                  • Instruction Fuzzy Hash: 1D21D057B095864CFF569B24E5203BC96829FA6790F9C8530CE0DC77C6FE6EA804831B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED31B9B1 Relevance: 13.6, APIs: 9, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLastObjectSelect$??3@ButtonCheckedExtentPoint32ReleaseText
                                                                                                  • String ID:
                                                                                                  • API String ID: 767972537-0
                                                                                                  • Opcode ID: 54d66551f536ae27b838bdae4a82d523a15fc2fb8a48cb7f3c7c85269c0dcfbc
                                                                                                  • Instruction ID: 95d664f0124f795301e10adc6eef8d3ff4599d08e98dae81387ed76f96ef2371
                                                                                                  • Opcode Fuzzy Hash: 54d66551f536ae27b838bdae4a82d523a15fc2fb8a48cb7f3c7c85269c0dcfbc
                                                                                                  • Instruction Fuzzy Hash: 23219057B0960745FA556B22680477AD290AF6BFE4F180131DD1E87790FE3EA04A8709
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED34238F Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 110libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc
                                                                                                  • String ID: ($($H$NtDeviceIoControlFile$NtDll
                                                                                                  • API String ID: 190572456-608373126
                                                                                                  • Opcode ID: c351324ceabcf7573a893f8c299faf64b6822f5054e5bed33b14f65a61471656
                                                                                                  • Instruction ID: a4c9f970a0337f1f4dc476cff8384955e1943383882d54f9a9beab60d9e5d44c
                                                                                                  • Opcode Fuzzy Hash: c351324ceabcf7573a893f8c299faf64b6822f5054e5bed33b14f65a61471656
                                                                                                  • Instruction Fuzzy Hash: C0418F77608B4186E764CB15F8503AAF7A5FB96394F508035EA8D83BA8EF3ED045CB05
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED34FEFE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$_calloc_dbg_strncollstrcmpstrlen
                                                                                                  • String ID: Memory allocation error$UCS-2BE
                                                                                                  • API String ID: 3098256541-567144350
                                                                                                  • Opcode ID: 8a414c6ebabb84952568b6f05aa286425b98c145ceeb1a801134c1d88d866233
                                                                                                  • Instruction ID: 62b56681917a557d1a1f8df158ad9dc01fa455983e5a1a3609a9accce84efc1b
                                                                                                  • Opcode Fuzzy Hash: 8a414c6ebabb84952568b6f05aa286425b98c145ceeb1a801134c1d88d866233
                                                                                                  • Instruction Fuzzy Hash: 2731DE27A0D6825AFB618A2594103B9E7919F77B85F5C4032DA0DC73D6FE2FA406C30A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED353D54 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _calloc_dbg_wassert
                                                                                                  • String ID: ds.c$p_list != ((void *)0)$p_new_node != ((void *)0)
                                                                                                  • API String ID: 673040347-4264426357
                                                                                                  • Opcode ID: 20b2b21e0d07ab66170b99036cc744513b0d809e66e49b7efb9f4bc2460d896c
                                                                                                  • Instruction ID: 752538c41d39f9124554fdfa2f06b71850e767138478026cfc7e5e6036b680ba
                                                                                                  • Opcode Fuzzy Hash: 20b2b21e0d07ab66170b99036cc744513b0d809e66e49b7efb9f4bc2460d896c
                                                                                                  • Instruction Fuzzy Hash: 12317373A0BA05C1EB259F11E8403A5B6E5FB66B84F88C035C95C8B358FE3ED951C385
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E9114 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ControlDevice
                                                                                                  • String ID: (empty data)$Could not get device number for device %s %s$Device Number for device %s is too big (%d) - ignoring device$Ignoring drive '%s' as it spans multiple disks (RAID?)$NOTE: This may be due to an excess of Virtual Drives, such as hidden ones created by the XBox PC app
                                                                                                  • API String ID: 2352790924-301887804
                                                                                                  • Opcode ID: 4da7f331cf36c95364879b2c48938950b1db6773dcfb3ace1d3f0a09b054fa5d
                                                                                                  • Instruction ID: 3442f473a2ff13e7c9fe41ca8cf83e27bd5c688e27e3e5c8a555f06b5060b0c9
                                                                                                  • Opcode Fuzzy Hash: 4da7f331cf36c95364879b2c48938950b1db6773dcfb3ace1d3f0a09b054fa5d
                                                                                                  • Instruction Fuzzy Hash: 8731B833A1C64295E771DB25F54476AB761EB96380F540132EF4CCBA94EF3ED4448B0A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED355659 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide_calloc_dbg$??3@_errno_wassert_wstat64
                                                                                                  • String ID: _cdio_stdio.c$could not retrieve file info for `%s': %s$ud != ((void *)0)
                                                                                                  • API String ID: 778036207-2377034285
                                                                                                  • Opcode ID: b6b56a73164e154cc4af61eb63260779827080e2946aa0df5db74b5be9e89988
                                                                                                  • Instruction ID: 3eb536521f2760448af287ca7180d6bb4af6cb9f8067417f8eb9a5328da3a832
                                                                                                  • Opcode Fuzzy Hash: b6b56a73164e154cc4af61eb63260779827080e2946aa0df5db74b5be9e89988
                                                                                                  • Instruction Fuzzy Hash: ED318E67A0AB4281EE119F11F4403B9F3A1AFA6790F900236D94E877A5FE3EF505C706
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2EA64D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@$DebugDriveLogicalOutputStringStrings_strncoll
                                                                                                  • String ID: Could not find an unused drive letter$Mount operation failed: %s$Mounting '%s' as '%s'$Unexpected volume name: '%s'
                                                                                                  • API String ID: 2674253910-4227630204
                                                                                                  • Opcode ID: e1c90688731af1a7dc404195eaae7865b77f7e14efc1c0622efdc23fd6cbc2cf
                                                                                                  • Instruction ID: 8f315268780d7f77d4e271f1d6423f5d6715fbc0dd21417501fcde9e210d023a
                                                                                                  • Opcode Fuzzy Hash: e1c90688731af1a7dc404195eaae7865b77f7e14efc1c0622efdc23fd6cbc2cf
                                                                                                  • Instruction Fuzzy Hash: 02217F63E0961399FA229F61AA003BA93515F63BD4F480035DE0DDB795FE2EE404831A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3184B7 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@ButtonChecked$DebugOutputString_malloc_dbg_wfopen_sfclosefseek
                                                                                                  • String ID: Error: Can't allocate %d bytes buffer for file '%s'$Error: Can't open file '%s'$Error: Can't read '%s'
                                                                                                  • API String ID: 3545441874-3367414655
                                                                                                  • Opcode ID: 3c39455cdf93a488e7cef3239f5cbd71f2b33f982f854dca0095878800339cd1
                                                                                                  • Instruction ID: d9ef03c7358e54ece06372e45f730dd44632dbe892f1a61f7f15eaaf18a5de09
                                                                                                  • Opcode Fuzzy Hash: 3c39455cdf93a488e7cef3239f5cbd71f2b33f982f854dca0095878800339cd1
                                                                                                  • Instruction Fuzzy Hash: E311A103B0A61360F905AA13A8127BA95916F6BBC4E484435ED0DCFB82FD3EA415830E
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3191A4 Relevance: 12.1, APIs: 8, Instructions: 58synchronizationthreadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLastObjectSingleWait$??3@CancelCloseCreateHandleSynchronousThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2781424815-0
                                                                                                  • Opcode ID: 69751fc452366edb3d1c4ad63c7fbe1474031d02bc6337ec35620c989107d844
                                                                                                  • Instruction ID: 8d43bb31f3cf899e2a5a11c286f28d78b3454b73bfb710601585337feebc63d8
                                                                                                  • Opcode Fuzzy Hash: 69751fc452366edb3d1c4ad63c7fbe1474031d02bc6337ec35620c989107d844
                                                                                                  • Instruction Fuzzy Hash: 8C21C773A0878A86E710DF15F840269F7A1FB967A0F144235E5AD87B98EF3CD0458B05
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED341DBD Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: sprintf
                                                                                                  • String ID: %s %I64u %I64u$?$?$\DosDevices\%c:
                                                                                                  • API String ID: 590974362-3273439481
                                                                                                  • Opcode ID: a0f0e483fa57f62a3a31774f118a6ccf3dfc901fad915ab74a60ea3ffbb1398c
                                                                                                  • Instruction ID: c4a0d1950571ffdda6fef4537414ffd38a35e94cc1e9f23f8c2cac25e361cc81
                                                                                                  • Opcode Fuzzy Hash: a0f0e483fa57f62a3a31774f118a6ccf3dfc901fad915ab74a60ea3ffbb1398c
                                                                                                  • Instruction Fuzzy Hash: C031CB6B90DAC644F7748B16A4443BBA7919763784F084031DA8D876C6EF3FD486C70A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED32B9C0 Relevance: 10.6, APIs: 7, Instructions: 78COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@ByteCharMultiWide_calloc_dbg$_wsopen_s
                                                                                                  • String ID:
                                                                                                  • API String ID: 2869389393-0
                                                                                                  • Opcode ID: e5b16693cb30340c74130e824415bf3438a8c4db99cf468b3e2b7f2e102ac98c
                                                                                                  • Instruction ID: a0d9dd96c209487d4b39522008df6a415e47026b1b7bb309a91e4d02bcd14db1
                                                                                                  • Opcode Fuzzy Hash: e5b16693cb30340c74130e824415bf3438a8c4db99cf468b3e2b7f2e102ac98c
                                                                                                  • Instruction Fuzzy Hash: D1216D73B0A50145E7609B27B800376E5D1BF9ABA8F088234ED6DC77D5FE3DD4018605
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED34E510 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseCreateErrorFileHandleLast_mbscpy
                                                                                                  • String ID: Unable to open volume handle!$\\.\
                                                                                                  • API String ID: 7305648-1070796138
                                                                                                  • Opcode ID: 40ab33696e4337c5000f91d52aa50e56778866e53d2c73e137fffd66085b5d28
                                                                                                  • Instruction ID: a77fb85d1ce2c7075115f945d464eb73d5731551be5c3fb6dbfd5f266b289515
                                                                                                  • Opcode Fuzzy Hash: 40ab33696e4337c5000f91d52aa50e56778866e53d2c73e137fffd66085b5d28
                                                                                                  • Instruction Fuzzy Hash: 94110473A0CB4584E710CB60F8043ADB2E1EBAAB90F644236DA6D977C4EF7ED1458706
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E836E Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _mbsdup_snprintf_wassert
                                                                                                  • String ID: (DriveIndex >= DRIVE_INDEX_MIN) && (DriveIndex <= DRIVE_INDEX_MAX)$\\.\PhysicalDrive%lu %I64u %I64u$drive.c
                                                                                                  • API String ID: 1939489421-2222077928
                                                                                                  • Opcode ID: ce07e503f3ddfc6678e6327ddc12f539f704cce69dcb8b95d3de8c1798cf3610
                                                                                                  • Instruction ID: c3c6e90e8150a01091a35ac6a72ad85d4086eb1d7ae38f8c784865481bcc2d8a
                                                                                                  • Opcode Fuzzy Hash: ce07e503f3ddfc6678e6327ddc12f539f704cce69dcb8b95d3de8c1798cf3610
                                                                                                  • Instruction Fuzzy Hash: 32115473B1964685EB118724E8543B9B350EBAA784F540532CB8EC77A0FF3ED595C30A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E7C40 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _mbsdup_snprintf_wassert
                                                                                                  • String ID: (DriveIndex >= DRIVE_INDEX_MIN) && (DriveIndex <= DRIVE_INDEX_MAX)$\\.\PhysicalDrive%lu$drive.c
                                                                                                  • API String ID: 1939489421-1537767423
                                                                                                  • Opcode ID: 4599e152ba0cf57882bc44d01c0e5fb7ac300333ef2ca2a7f87272a87706ccda
                                                                                                  • Instruction ID: 94c9b9a50976e8a3162a65f5ba68404e14ab8d3ba3e5f11b88ccfbc239127235
                                                                                                  • Opcode Fuzzy Hash: 4599e152ba0cf57882bc44d01c0e5fb7ac300333ef2ca2a7f87272a87706ccda
                                                                                                  • Instruction Fuzzy Hash: 51E012A2A1854BD2FA018B11E8443E99720ABA6784F545431C51E875A4FE3ED249D34B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E88D0 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 134COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00007FF6ED2E7232: _wassert.MSVCRT ref: 00007FF6ED2E7277
                                                                                                    • Part of subcall function 00007FF6ED2E7232: wnsprintfW.SHLWAPI ref: 00007FF6ED2E7294
                                                                                                    • Part of subcall function 00007FF6ED2E7232: SetLastError.KERNEL32 ref: 00007FF6ED2E771A
                                                                                                  • SetLastError.KERNEL32 ref: 00007FF6ED2E8A7A
                                                                                                    • Part of subcall function 00007FF6ED318339: OutputDebugStringW.KERNEL32 ref: 00007FF6ED3183A2
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183D4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183E4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED3183F4
                                                                                                    • Part of subcall function 00007FF6ED318339: IsDlgButtonChecked.USER32 ref: 00007FF6ED318404
                                                                                                    • Part of subcall function 00007FF6ED318339: ??3@YAXPEAX@Z.MSVCRT ref: 00007FF6ED318424
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$ErrorLast$??3@DebugOutputString_wassertwnsprintf
                                                                                                  • String ID: Could not delete partition: %s$Could not locate disk - Aborting.$Deleting partition%s:$Looks like Windows has "lost" our disk - Forcing a VDS rescan...$No partition to delete on disk
                                                                                                  • API String ID: 3592427268-2932070658
                                                                                                  • Opcode ID: 7457c32578fd0cfab7a321a874a2fcfe5304dac995f0ba0c71bdb51bb4d6e970
                                                                                                  • Instruction ID: 68a7c94f867a639f107a840ca71d997668168303361e75c3e273649196ab72e6
                                                                                                  • Opcode Fuzzy Hash: 7457c32578fd0cfab7a321a874a2fcfe5304dac995f0ba0c71bdb51bb4d6e970
                                                                                                  • Instruction Fuzzy Hash: 7A51B523F1DA0385EB529B22D54037AA790AF95BD4F040475DE4ECBB95FE3EE804871A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED33F070 Relevance: 9.1, APIs: 6, Instructions: 71stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strchr$??3@_malloc_dbg_mbscpystrlen
                                                                                                  • String ID:
                                                                                                  • API String ID: 4041784285-0
                                                                                                  • Opcode ID: 2bfb45e04e91346edfa105e758bb3974c9c4ce0ca59d60af55580bbca5f13986
                                                                                                  • Instruction ID: 0d174460868b844e6b4f6e84ac6d738060c06006fe44f0606f1d711d8668e1fa
                                                                                                  • Opcode Fuzzy Hash: 2bfb45e04e91346edfa105e758bb3974c9c4ce0ca59d60af55580bbca5f13986
                                                                                                  • Instruction Fuzzy Hash: 9121F81BF0924244FE66AA19F90837993A54FA6BC4F984030DD1DCB795FE3EE841C30A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3518FE Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$_calloc_dbg
                                                                                                  • String ID: Couldn't calloc(1, %lu)$Invalid directory buffer sector size %u
                                                                                                  • API String ID: 1412086356-3125111140
                                                                                                  • Opcode ID: 686efc6336530f380297f36ed605b0098eccc85497a97f01aa7606c532e60b09
                                                                                                  • Instruction ID: 4b84a3ae1eb900112d92a6634ad37614d703deed6de2eddc077f1d84f6590c99
                                                                                                  • Opcode Fuzzy Hash: 686efc6336530f380297f36ed605b0098eccc85497a97f01aa7606c532e60b09
                                                                                                  • Instruction Fuzzy Hash: 94411613B0D64245FA95AA1155013BAE693AFA3BC4F184430DD4E87BC7FE3FE441860A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED315A5B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$??3@_calloc_dbg
                                                                                                  • String ID: dism /Apply-Ffu /ApplyDrive:%s /ImageFile:"%s"
                                                                                                  • API String ID: 1777246229-1011486706
                                                                                                  • Opcode ID: 920945cc5245c4b939543327c5126100b0a15795a4837b57f59f91be9f9d651b
                                                                                                  • Instruction ID: 51f5b318cc10eef321433e0ec9be7333e1a7fe0d708b20f52be5dd457a301f49
                                                                                                  • Opcode Fuzzy Hash: 920945cc5245c4b939543327c5126100b0a15795a4837b57f59f91be9f9d651b
                                                                                                  • Instruction Fuzzy Hash: FD115523B0B55248F662972A781133AD8916F9A7A0F180731CE0CC7BC0FD3C98808308
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED302932 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$??3@_calloc_dbg
                                                                                                  • String ID: IgnoreUsb%02d
                                                                                                  • API String ID: 1777246229-104278519
                                                                                                  • Opcode ID: b95cbe2b48881db0e64763e72b0b7bedaf5d738f8891d8a57ac88998e569445a
                                                                                                  • Instruction ID: ddfa7c8e310f254e15b0b60c034ca45b5f72d158f5cc31f26e08fe9400596959
                                                                                                  • Opcode Fuzzy Hash: b95cbe2b48881db0e64763e72b0b7bedaf5d738f8891d8a57ac88998e569445a
                                                                                                  • Instruction Fuzzy Hash: B3112527B0B51145F6319626B901336D5C16F9A7E0F184635DE4DC7BD4FD3C94808309
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2EBDA1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$ControlDevice$??3@DebugOutputString
                                                                                                  • String ID: Could not delete drive layout: %s$Could not refresh drive layout: %s$Initializing disk...
                                                                                                  • API String ID: 1787274119-270021911
                                                                                                  • Opcode ID: 6c6ce49a6cf94c406d4cb13ce276354470abd103c573a5c4b0e96b08f336e708
                                                                                                  • Instruction ID: 147a0f2e72cac953c423467c4ab61539fffd6e7866531faebb0eaddbedeb331a
                                                                                                  • Opcode Fuzzy Hash: 6c6ce49a6cf94c406d4cb13ce276354470abd103c573a5c4b0e96b08f336e708
                                                                                                  • Instruction Fuzzy Hash: 34110133B1824281E760CB21F9017AAA6A1E7A67C0F944136EF4D83F58EE3EC0458B09
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2F1ED7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wassert$??3@_mbsdup_snprintfstrncpy
                                                                                                  • String ID: ext2fs != NULL$format_ext.c
                                                                                                  • API String ID: 1509963017-678589360
                                                                                                  • Opcode ID: 83fe45d0e70060ebdc15b4c33b53a09bcf1615b0129a5b409d53d2080bb38f38
                                                                                                  • Instruction ID: 0fb7bc3fcdb33b5d89a81766c046ce93ab9b8ab5837752aa0b6160976a51b566
                                                                                                  • Opcode Fuzzy Hash: 83fe45d0e70060ebdc15b4c33b53a09bcf1615b0129a5b409d53d2080bb38f38
                                                                                                  • Instruction Fuzzy Hash: 77110323F1971648EB629720A9407795790AF65B80F940535EE8DD7795FF3ED400870A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2F9698 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _mbsdupstrlen
                                                                                                  • String ID: *?<>$:|$Could not allocate string for sanitized path
                                                                                                  • API String ID: 947779515-3181534604
                                                                                                  • Opcode ID: 56e967a187b05f0e2be528e9d9664c7b2e441fef55943a46ec9ea8d1a25d589d
                                                                                                  • Instruction ID: a4f13bd0c6565643ace8da382bc35c3aba4a9ad95fc9d166e2d33ce85443de4a
                                                                                                  • Opcode Fuzzy Hash: 56e967a187b05f0e2be528e9d9664c7b2e441fef55943a46ec9ea8d1a25d589d
                                                                                                  • Instruction Fuzzy Hash: 57012463E0D24648FB219F21A90037D5A428F59388F588830DF4E93385FE3EA482870E
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E59C9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wassertstrcmp
                                                                                                  • String ID: <NULL>$dos_locale.c$i < ARRAYSIZE(kb_hr_list)
                                                                                                  • API String ID: 3294212248-930204651
                                                                                                  • Opcode ID: 7febbc6157f5584747c466473c23fb0814b616dd1177d845e0829ca0d609b09e
                                                                                                  • Instruction ID: d8c3a07afb9b52c2fede54a5eda042dd8774da2812cc414b9afc5d038d5c0634
                                                                                                  • Opcode Fuzzy Hash: 7febbc6157f5584747c466473c23fb0814b616dd1177d845e0829ca0d609b09e
                                                                                                  • Instruction Fuzzy Hash: 5701DB63B2965299FE12CB23AA816B992106F15BD4F584072CE1E87794FD1DE847C309
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E1866 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@_calloc_dbg_malloc_dbg
                                                                                                  • String ID: %sError %d while creating in-memory bad blocks list$Bad Blocks:
                                                                                                  • API String ID: 2766757376-3542412519
                                                                                                  • Opcode ID: 7327d3067ca72507c588dd91031d441c1b497eb96f85afdee00287070000e5cf
                                                                                                  • Instruction ID: 177f10f08c099dcfdd6689da5a0698288174c0566461536d3ddaab2cd92d4172
                                                                                                  • Opcode Fuzzy Hash: 7327d3067ca72507c588dd91031d441c1b497eb96f85afdee00287070000e5cf
                                                                                                  • Instruction Fuzzy Hash: 6F019E63B1A60246FA169B20F82137D9190AF27780F844539CE5DCB7C2FE3EA446830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED32844B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42threadsynchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$Thread$??3@CodeCreateDebugExitObjectOutputPrioritySingleStringWait
                                                                                                  • String ID: Unable to start apply-image thread
                                                                                                  • API String ID: 4257512602-1979240548
                                                                                                  • Opcode ID: a10201b73a95b38be6180b80a79881819f4446f1f094c92b9ad6a546169d55e2
                                                                                                  • Instruction ID: 165cc5b67c962350675c69567beaefca2ac6bf76d36a8c5d8353c4c082f13178
                                                                                                  • Opcode Fuzzy Hash: a10201b73a95b38be6180b80a79881819f4446f1f094c92b9ad6a546169d55e2
                                                                                                  • Instruction Fuzzy Hash: 42119073A1DA4686E740CF15FC41666B3A0FFA6784B205135EA8EC3B24EF3DE4148B09
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E987B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@DebugDriveLogicalOutputStringStringsstrlentoupper
                                                                                                  • String ID: GetLogicalDriveStrings failed: %s$GetLogicalDriveStrings: Buffer too small (required %lu vs. %zu)
                                                                                                  • API String ID: 3581211268-1948686756
                                                                                                  • Opcode ID: f5976e8a6849061ad2301e922e81d82f62f9aa23edbb4d70e5fd252ecf1cc18e
                                                                                                  • Instruction ID: 6e1609996bc8e0d21f6ec9b0294cec79056191c602d8c0a5c9be3eb0398219b9
                                                                                                  • Opcode Fuzzy Hash: f5976e8a6849061ad2301e922e81d82f62f9aa23edbb4d70e5fd252ecf1cc18e
                                                                                                  • Instruction Fuzzy Hash: 52014B22E0C90785FA21EB31A8543B992854F26780F584133DD1DCB695FD2FE989820B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3284FC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@AddressCloseHandleProc
                                                                                                  • String ID: DetachVirtualDisk$Unable to locate %s() in '%s.dll': %s$VirtDisk
                                                                                                  • API String ID: 214645501-2283464381
                                                                                                  • Opcode ID: f10d02f1c9f8c2ddd281f3c3c09a4937ebc3c960716485c1c625a8c428c9a555
                                                                                                  • Instruction ID: 8a51ae622ecbab95f5ea819c78134056d6c26891a15cd96b23870f50d3af6d53
                                                                                                  • Opcode Fuzzy Hash: f10d02f1c9f8c2ddd281f3c3c09a4937ebc3c960716485c1c625a8c428c9a555
                                                                                                  • Instruction Fuzzy Hash: 0B113056E1964750FA109B55A8403B8E350AF77774FA40332C53CC76E1FF7EA549824B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E436E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$DeviceSetup$??3@DetailErrorInterfaceLast$DebugEnumInterfacesOutputString_calloc_dbgisspace
                                                                                                  • String ID: SetupDiEnumDeviceInterfaces failed: %s$SetupDiGetDeviceInterfaceDetail (actual) failed: %s
                                                                                                  • API String ID: 2406233800-987825663
                                                                                                  • Opcode ID: c46f5e70d58c30f85775d55184837090d87872ff9944e6cfbd36f78a40e599d8
                                                                                                  • Instruction ID: 6bb7f4af80ed827e76c7d38caa187d41a3d33515df216360dd04d0517013ddd6
                                                                                                  • Opcode Fuzzy Hash: c46f5e70d58c30f85775d55184837090d87872ff9944e6cfbd36f78a40e599d8
                                                                                                  • Instruction Fuzzy Hash: AAF06227E0C54794E922D761E8443FE9211AF66780F540131DE6DCBA96BE2EE109930F
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2F9D4D Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 57stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked_snprintf$??3@DebugOutputStringstrlen
                                                                                                  • String ID: (%s)$Extracting: %s
                                                                                                  • API String ID: 1090919755-3801983982
                                                                                                  • Opcode ID: cfa39014cd7ff6a86c4b2d9524d36c407e87fc297a7f42e912f4e92930b73ddf
                                                                                                  • Instruction ID: 1c368b16f8d740167ddf6212a893fefc53f2cdc5f7abd5caafe0ad32dab44bf4
                                                                                                  • Opcode Fuzzy Hash: cfa39014cd7ff6a86c4b2d9524d36c407e87fc297a7f42e912f4e92930b73ddf
                                                                                                  • Instruction Fuzzy Hash: D7113D13B1859255F710DB66BC01BFDA6019F96BC4F588032ED1D97B85EE3ED106C709
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2F9EC9 Relevance: 7.5, APIs: 5, Instructions: 35fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$ByteCharErrorLastMultiWide$CopyFile_calloc_dbg
                                                                                                  • String ID:
                                                                                                  • API String ID: 1555738092-0
                                                                                                  • Opcode ID: 491a34a6f45c1fff1c650a1e758a8b87942fd4f8b8b07a3614ca26c3a9881852
                                                                                                  • Instruction ID: 8fa794ca344ff682ed28a4c63bdd7af493f2c51e2d2af18b46359ba31eebf9ab
                                                                                                  • Opcode Fuzzy Hash: 491a34a6f45c1fff1c650a1e758a8b87942fd4f8b8b07a3614ca26c3a9881852
                                                                                                  • Instruction Fuzzy Hash: 54F08253F4A21B0AFD4927226D157BC82565F9AFD0F2C4830EE0DDB742FC3EA8964609
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED329455 Relevance: 7.5, APIs: 5, Instructions: 35fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$ByteCharErrorLastMultiWide$CopyFile_calloc_dbg
                                                                                                  • String ID:
                                                                                                  • API String ID: 1555738092-0
                                                                                                  • Opcode ID: 5df4b4c2c7f0854dda8b60ebddfc22d180800432c2bc881ac0c5e00dedeac8fa
                                                                                                  • Instruction ID: 98b8a98f282f1f22f19d9e3aff215128a05dfbfe892e0d19c685384315da7b43
                                                                                                  • Opcode Fuzzy Hash: 5df4b4c2c7f0854dda8b60ebddfc22d180800432c2bc881ac0c5e00dedeac8fa
                                                                                                  • Instruction Fuzzy Hash: D4F08253F4A61A46FC0967626C153B892565FABFD5F0C0834DD0E8B782FD2FA8464319
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E2AD1 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@
                                                                                                  • String ID:
                                                                                                  • API String ID: 613200358-0
                                                                                                  • Opcode ID: 89c208837c46ae855143847ed9561ec0b6f3ee156f3ff72d8e35340d30f28659
                                                                                                  • Instruction ID: 92c65198563350413a0f331d0dd40696b829199e744d86350cf98077f033e9aa
                                                                                                  • Opcode Fuzzy Hash: 89c208837c46ae855143847ed9561ec0b6f3ee156f3ff72d8e35340d30f28659
                                                                                                  • Instruction Fuzzy Hash: 79F0F023B1545241FB16AB36FA513BD4331AF98FC8F080031EF0DCB689EE29D8928346
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED34D450 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _malloc_dbg
                                                                                                  • String ID: FAT #%d sector at address: %d$write_data: Len is too big$write_data: Please increase MAX_DATA_LEN in file.h
                                                                                                  • API String ID: 1527718024-3051004782
                                                                                                  • Opcode ID: d339f2bb0bb23eeea5ddfa90867fa298fc27e0c97970da29e19b9adb636b6530
                                                                                                  • Instruction ID: fd87797600537039e10e01245050fc06cec74c6e7d093597b39c22f123aa6cae
                                                                                                  • Opcode Fuzzy Hash: d339f2bb0bb23eeea5ddfa90867fa298fc27e0c97970da29e19b9adb636b6530
                                                                                                  • Instruction Fuzzy Hash: DD213723B0978456EA44DB15A8007A6A359FFA97E5F485232FE1D837D9FE3EE101C304
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2EC863 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseControlDeviceHandlestrcmp
                                                                                                  • String ID: ReFS
                                                                                                  • API String ID: 249608633-1511913779
                                                                                                  • Opcode ID: 7210108e1223e0b154117e0c2a9263f8ddfccbd182992a325cb3fffecb691758
                                                                                                  • Instruction ID: dcd3e0204c2aaa9f2c82de33a5e17f60c73c2c5e199cc1ea1f3cb5156ada91a9
                                                                                                  • Opcode Fuzzy Hash: 7210108e1223e0b154117e0c2a9263f8ddfccbd182992a325cb3fffecb691758
                                                                                                  • Instruction Fuzzy Hash: C9319733A18A4285FB62C631EA003BAA391EB95760F444231DE6D836C8FF7EE0448706
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED35169B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memchr$??3@_calloc_dbg_errno_wstat64strcmpstrstr
                                                                                                  • String ID: CD-XA001
                                                                                                  • API String ID: 3591908248-1216230894
                                                                                                  • Opcode ID: 950b3d1498bc116c1d1dece670d97efefa860a2577ab8ce8f729fbcb2ce89f4b
                                                                                                  • Instruction ID: f215795dc332ba757bab712c8dff9ad50d070c4cc58b38737b04887ea80892ce
                                                                                                  • Opcode Fuzzy Hash: 950b3d1498bc116c1d1dece670d97efefa860a2577ab8ce8f729fbcb2ce89f4b
                                                                                                  • Instruction Fuzzy Hash: 6F112613A0929254FB159E22A4517B9A282AF73788F4C0031ED0D8F3C7FE7EA840C369
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED34E5C5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ControlDeviceErrorLast
                                                                                                  • String ID: $NtfsSectGetFileVcnExtent(): Unknown status!
                                                                                                  • API String ID: 2645620995-729193338
                                                                                                  • Opcode ID: 95df37a6f9990a4aa53defd7244112a6ed4de1c198099c467c610a0cef7762fa
                                                                                                  • Instruction ID: 2a8dd416690532a1ddd300501a94becdae46610443d9fd6994d7adbd9f68fca8
                                                                                                  • Opcode Fuzzy Hash: 95df37a6f9990a4aa53defd7244112a6ed4de1c198099c467c610a0cef7762fa
                                                                                                  • Instruction Fuzzy Hash: 38119D73A09B4581EB108B10E44036EB3A4EB6A7A4F240232DAAC937A4FF3FE455D745
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E1931 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@$DebugKillOutputStringTimer
                                                                                                  • String ID: %sInvalid pattern type
                                                                                                  • API String ID: 1431809100-2170484346
                                                                                                  • Opcode ID: 3b88e6c975c4027e50ee95d28d79d7ef4c5e0cf668ec7ab7aaff8acfd66c9488
                                                                                                  • Instruction ID: b450996c5d8f2022359fcb55585c04a37b237d7d00b7e0cf811dbeecb38ff689
                                                                                                  • Opcode Fuzzy Hash: 3b88e6c975c4027e50ee95d28d79d7ef4c5e0cf668ec7ab7aaff8acfd66c9488
                                                                                                  • Instruction Fuzzy Hash: 76112E37B09642CAE712CF16E540369B3A0BB65750F444172DA1CD37A0EF3EE495CB0A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E1962 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@$DebugKillOutputStringTimer
                                                                                                  • String ID: %sInvalid number of passes
                                                                                                  • API String ID: 1431809100-2111395334
                                                                                                  • Opcode ID: 346ae9ac6c150222d603783464e55fe63c4e1e2e66b03d6465a50a5906a6dffe
                                                                                                  • Instruction ID: d9e24dad5f5bb74be671149114452551ee567192154a0ff9d7d1f956ecf3d873
                                                                                                  • Opcode Fuzzy Hash: 346ae9ac6c150222d603783464e55fe63c4e1e2e66b03d6465a50a5906a6dffe
                                                                                                  • Instruction Fuzzy Hash: 6B11FE37B09652CAE712CB16E950369B3A0BB66750F044172DA1CD77A0EF3DE495CB0A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E7B0D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseControlCreateDeviceFileHandle
                                                                                                  • String ID: \\.\MountPointManager
                                                                                                  • API String ID: 33631002-3276014075
                                                                                                  • Opcode ID: 97a8cd0f9cd589204bda788c9bb6e6f780d14c296d3f3c67ef1360bf68cf6663
                                                                                                  • Instruction ID: 9699421a6115725ccf5b694a0b84afcdb45e345fac2bd9b5ee8da98a17aeafc8
                                                                                                  • Opcode Fuzzy Hash: 97a8cd0f9cd589204bda788c9bb6e6f780d14c296d3f3c67ef1360bf68cf6663
                                                                                                  • Instruction Fuzzy Hash: BF01F173A28A9482D720CF28B800787B6A0FB98764F144335EEAD83B94EF3DC1058B04
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED318597 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@$DebugOutputString_wfopen_sfclosefwrite
                                                                                                  • String ID: Error: Can't create '%s'$Error: Can't write '%s'
                                                                                                  • API String ID: 323437525-3730943918
                                                                                                  • Opcode ID: c894c90a92d83ce66e1458f03297a0801a098609259c9c18b4c721afa821831b
                                                                                                  • Instruction ID: f911c6f6c1240d91173c0c15774e22a3a29e0109ee7a93bf00b77ceb6997d7a4
                                                                                                  • Opcode Fuzzy Hash: c894c90a92d83ce66e1458f03297a0801a098609259c9c18b4c721afa821831b
                                                                                                  • Instruction Fuzzy Hash: 7EF0AF03B09417A4E8053656AC007F9A5818FB6BC0E4C0030EC0DCFB82FC2EE84A830E
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED35584D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _calloc_dbg_wassert
                                                                                                  • String ID: _cdio_stream.c$new_obj != ((void *)0)
                                                                                                  • API String ID: 673040347-2870839782
                                                                                                  • Opcode ID: 7bcbaedb92fb1b516f2c36b34afaae172e9c3950d7ffea266a3fa15d3f2e4d4a
                                                                                                  • Instruction ID: a20d4ba318e5a0aecd70d5bdfebf277e58213f593d204d23079af545687c4391
                                                                                                  • Opcode Fuzzy Hash: 7bcbaedb92fb1b516f2c36b34afaae172e9c3950d7ffea266a3fa15d3f2e4d4a
                                                                                                  • Instruction Fuzzy Hash: E5E092A2B0550691FB144B16F8407B69261EBA9BD4FD4C130DE0C8B798FE3E9D86C305
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED355266 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@_wassert
                                                                                                  • String ID: strv != ((void *)0)$util.c
                                                                                                  • API String ID: 1581779771-748064884
                                                                                                  • Opcode ID: 1d842beece434f9e3f29036b546bba8880abb0e408daae3d90b345bfbbce6328
                                                                                                  • Instruction ID: 5f4244aa3d19594d95646f0cf944d0f428ce012cd6dd5191d196f2944bce1e99
                                                                                                  • Opcode Fuzzy Hash: 1d842beece434f9e3f29036b546bba8880abb0e408daae3d90b345bfbbce6328
                                                                                                  • Instruction Fuzzy Hash: 62E09A53F0B00682FD199B46E8503BCC2206F37B90F584A30DD0ECB660BE1EB842830A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3538DA Relevance: 6.3, APIs: 5, Instructions: 84stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strcmpstrtok$_calloc_dbg_mbsdupstrncpy
                                                                                                  • String ID:
                                                                                                  • API String ID: 3973424413-0
                                                                                                  • Opcode ID: f17252efe7f905638a9c052c822cf1bfb70d63ae2657653b970e0bbfce93ef23
                                                                                                  • Instruction ID: abede77674d7603c9989429d8bfc502ea836b7a153b79e0f1775d9691f6e7878
                                                                                                  • Opcode Fuzzy Hash: f17252efe7f905638a9c052c822cf1bfb70d63ae2657653b970e0bbfce93ef23
                                                                                                  • Instruction Fuzzy Hash: 7031A193B0D68244EB159A22E4113B9D690AF5BFC4F088035DD4D8B7C6FE2ED401C35A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2EC9D7 Relevance: 6.1, APIs: 4, Instructions: 63stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$_calloc_dbgstrlen
                                                                                                  • String ID:
                                                                                                  • API String ID: 862660693-0
                                                                                                  • Opcode ID: 77c5533f8b9e8cd0a419d9f961c748421bf0b3d96d15e66bf66fc1f8bb91d9e1
                                                                                                  • Instruction ID: 0ede83047922cd735bb2fb0965d6bdaaa26e02cc69efcfa2ffdd574413b8c4a7
                                                                                                  • Opcode Fuzzy Hash: 77c5533f8b9e8cd0a419d9f961c748421bf0b3d96d15e66bf66fc1f8bb91d9e1
                                                                                                  • Instruction Fuzzy Hash: 6511D2A3A0C2464DF766CAB2650037AA5D19F957C4F088134DE4DD7785FE2FF801931A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2ED2D3 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$??3@_calloc_dbg
                                                                                                  • String ID:
                                                                                                  • API String ID: 1777246229-0
                                                                                                  • Opcode ID: ad87030eab3c9286d0dc464baf3720a9390cde6e06d2ddbd992410ad0311e90c
                                                                                                  • Instruction ID: 56af211c87214d30d91c873225c516258de3ce21d7f7554a3e8360bd1a9f2892
                                                                                                  • Opcode Fuzzy Hash: ad87030eab3c9286d0dc464baf3720a9390cde6e06d2ddbd992410ad0311e90c
                                                                                                  • Instruction Fuzzy Hash: 2A112527B0B5514AF7229636B9013BA96C16F897A4F181634DE1CC7BD1FD3DD4808709
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3292CB Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$??3@_calloc_dbg
                                                                                                  • String ID:
                                                                                                  • API String ID: 1777246229-0
                                                                                                  • Opcode ID: fefd0c57849579df965dcb4daf0fe598240f86c67ea154599e2f333cde0e9e39
                                                                                                  • Instruction ID: ee3d60397395c3f3ae87399b7c7c7ab32d86cb71bff728e62ba7c5bdc1e9f34d
                                                                                                  • Opcode Fuzzy Hash: fefd0c57849579df965dcb4daf0fe598240f86c67ea154599e2f333cde0e9e39
                                                                                                  • Instruction Fuzzy Hash: A7112523F0B65145F6619A267811376D5C26FAABA8F184A34DE0DC7BC0FD3CD581830D
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E7144 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$??3@_calloc_dbg
                                                                                                  • String ID:
                                                                                                  • API String ID: 1777246229-0
                                                                                                  • Opcode ID: 6b7230e5116cf9ad04a3634b3516c7f651ca86cc84f701d13f0e948b718020b5
                                                                                                  • Instruction ID: d54ed7301f578a34cc599b25387c43dd4060fbb2cad45d6a420d71ae383e7bb3
                                                                                                  • Opcode Fuzzy Hash: 6b7230e5116cf9ad04a3634b3516c7f651ca86cc84f701d13f0e948b718020b5
                                                                                                  • Instruction Fuzzy Hash: C6110223B0B61149FB2296367D013369581ABC97E4F280635DE0CCBBD0FD3C95808309
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2F9E1C Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$??3@_calloc_dbg
                                                                                                  • String ID:
                                                                                                  • API String ID: 1777246229-0
                                                                                                  • Opcode ID: 37cd013da953a0245aa0972aeb6fb0af0463b25318121fbfc3d4e83a4bd6c17e
                                                                                                  • Instruction ID: b8d0715b1268eb61e88d6d9a8c33ad0e17fd5bfa723038ed14e7a09345b0564a
                                                                                                  • Opcode Fuzzy Hash: 37cd013da953a0245aa0972aeb6fb0af0463b25318121fbfc3d4e83a4bd6c17e
                                                                                                  • Instruction Fuzzy Hash: 1E112523B0B51149F6269A26790137A95C26F897A0F2C0B35DE2CC7BC0FD3C95818309
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED31A4B3 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$??3@_calloc_dbg
                                                                                                  • String ID:
                                                                                                  • API String ID: 1777246229-0
                                                                                                  • Opcode ID: 11970ed7ba8305389cd09627a8f7b449c9634465b7d4775bba00b661fb3f00e3
                                                                                                  • Instruction ID: 08c41cb5d2a83f7b73e56dfcf3954f0cfc0fa05eabb5b6aa044d1ca5df1c620d
                                                                                                  • Opcode Fuzzy Hash: 11970ed7ba8305389cd09627a8f7b449c9634465b7d4775bba00b661fb3f00e3
                                                                                                  • Instruction Fuzzy Hash: C4112523B0B55249F621962A7801336D5816F9ABB5F180634DE5DC7BC0FD3CD8818309
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E2036 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$??3@_calloc_dbg
                                                                                                  • String ID:
                                                                                                  • API String ID: 1777246229-0
                                                                                                  • Opcode ID: f3ab4cf3b603568513711f692c88ae47d254f016c41257194395788980fa8eeb
                                                                                                  • Instruction ID: 17a1bca5fc79538dd9912482994e99dfbe8d03a78bd6db00e3d5d8c5690e2a80
                                                                                                  • Opcode Fuzzy Hash: f3ab4cf3b603568513711f692c88ae47d254f016c41257194395788980fa8eeb
                                                                                                  • Instruction Fuzzy Hash: BE112523B0B51149F6629636BA113369A81AFAA7B0F1C4634DE1DC7BC1FD3E94818309
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED326107 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$??3@_calloc_dbg
                                                                                                  • String ID:
                                                                                                  • API String ID: 1777246229-0
                                                                                                  • Opcode ID: 4bac90d06aff5cf147e511bfac422028840ea1281ae82c2a175f81bc1b8df467
                                                                                                  • Instruction ID: fd0bda6a829239bf5b17370046e509c8306679b82120b5a4e4ce9dc1c835952d
                                                                                                  • Opcode Fuzzy Hash: 4bac90d06aff5cf147e511bfac422028840ea1281ae82c2a175f81bc1b8df467
                                                                                                  • Instruction Fuzzy Hash: 8F110223F0B51145FA2196267C02336D5816FEA7A4F284634DE0DC7BC1FD3CA881C349
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED355980 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$??3@_calloc_dbg
                                                                                                  • String ID:
                                                                                                  • API String ID: 1777246229-0
                                                                                                  • Opcode ID: 26afe7362ce8c25ed791907ae432b753fee417d34887525fc0c84940e1e4dc09
                                                                                                  • Instruction ID: d6591154846e966aa8c8bbe0034b340faa26b100258f759bf6f7c35eaf864171
                                                                                                  • Opcode Fuzzy Hash: 26afe7362ce8c25ed791907ae432b753fee417d34887525fc0c84940e1e4dc09
                                                                                                  • Instruction Fuzzy Hash: 8401F223B0695145E265AA2A6C01276DAD26F9BBE0F1C4734EE5CC3BD0FD3CE4408309
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E70C6 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$FilePointer_calloc_dbg
                                                                                                  • String ID:
                                                                                                  • API String ID: 502740601-0
                                                                                                  • Opcode ID: 6c919cc29867da3198634e087ce66afa08b424d9f79787a9646ceae8d3e4173a
                                                                                                  • Instruction ID: 21a994c0cf7285b2468d7df3ccc47bd0df08929b5300cac71c26e233a24832b7
                                                                                                  • Opcode Fuzzy Hash: 6c919cc29867da3198634e087ce66afa08b424d9f79787a9646ceae8d3e4173a
                                                                                                  • Instruction Fuzzy Hash: 33F0D162B1825246FB559B366D0176AA291AFD5BC0F444030FE0ECBF85EE3DE4024F09
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E350A Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ButtonChecked$??3@DebugDeviceOutputPropertyRegistrySetupString_strcmpiisspace
                                                                                                  • String ID: Unsupported or disabled by policy$<NULL>$Processing '%s' device:
                                                                                                  • API String ID: 2750340583-3331003181
                                                                                                  • Opcode ID: 7166638097097344ba5c3947108693efe13f036b18f79fcf496d1871a64c1ae9
                                                                                                  • Instruction ID: 45c465103f2f205985212791714aebd7f0a525ca5093cf9abd695e00c906067e
                                                                                                  • Opcode Fuzzy Hash: 7166638097097344ba5c3947108693efe13f036b18f79fcf496d1871a64c1ae9
                                                                                                  • Instruction Fuzzy Hash: 8211733390C6C2C9F632CB24E6043B9A791AB55343F549431CE8987794FEAEE484CB4A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2F9F2D Relevance: 6.0, APIs: 4, Instructions: 34fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$??3@CreateFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 1208334873-0
                                                                                                  • Opcode ID: bd2ba08a0d2b2e1dfd65bd17d6a71bff0d549cef06dc571dd3617c7f7d13ad04
                                                                                                  • Instruction ID: 3b98adb9afd4abde8548a15b3f5ff41c311f29cb41ac905a212204a27338f306
                                                                                                  • Opcode Fuzzy Hash: bd2ba08a0d2b2e1dfd65bd17d6a71bff0d549cef06dc571dd3617c7f7d13ad04
                                                                                                  • Instruction Fuzzy Hash: 18F0A473A0834587EB509B29B80066AB6E1FBD87D0F280130EE8D87B14EE3CD4418F05
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E71F1 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$??3@DriveNumberPath
                                                                                                  • String ID:
                                                                                                  • API String ID: 2356231034-0
                                                                                                  • Opcode ID: 53f43e662769c5d6f768f4fc56e6a0cb94195a2e3a5a07c550f2679e122231c0
                                                                                                  • Instruction ID: 5704b564a13ea9b88ed442ec14c77f6068308f724265096f2363d2f93b79a3d0
                                                                                                  • Opcode Fuzzy Hash: 53f43e662769c5d6f768f4fc56e6a0cb94195a2e3a5a07c550f2679e122231c0
                                                                                                  • Instruction Fuzzy Hash: E0E08663F0924A42FD1667757D142F941515FA9B91F1C0030ED1DCB341FD3DD885420A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E20E3 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$??3@DriveNumberPath
                                                                                                  • String ID:
                                                                                                  • API String ID: 2356231034-0
                                                                                                  • Opcode ID: 4ce2613a629ca3c3ce23751f282614086864a73fa97d8241da46b23d575d66b9
                                                                                                  • Instruction ID: a01d4c5f11b4cf2d5eeb68b4cdbbc8f89ae9b6463f0daaf64b371d97d0040d39
                                                                                                  • Opcode Fuzzy Hash: 4ce2613a629ca3c3ce23751f282614086864a73fa97d8241da46b23d575d66b9
                                                                                                  • Instruction Fuzzy Hash: 66E08653F0921A42FD1627757E152F842516FA9BD1F1C0030DD5ECB341FD3E9885421A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E9F31 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseControlDeviceHandle
                                                                                                  • String ID: Could not get layout for drive 0x%02x: %s
                                                                                                  • API String ID: 2349616827-4149846577
                                                                                                  • Opcode ID: 6847897c773e7e6ae8d00f7acfe0e57c0d7fcb932efcca13ffcc24a6ed069187
                                                                                                  • Instruction ID: 193d0a4498d79782b334ffa68bec3ec3c56c91cc255d3e8c259d7b9b4c8b9a88
                                                                                                  • Opcode Fuzzy Hash: 6847897c773e7e6ae8d00f7acfe0e57c0d7fcb932efcca13ffcc24a6ed069187
                                                                                                  • Instruction Fuzzy Hash: 3D31E4237086424AEB218B75E9407AAA291AB457B0F444235EF6DC77C5FE7EE444C70A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED34D2F3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _malloc_dbg
                                                                                                  • String ID: read_data: Len is too big$read_data: Please increase MAX_DATA_LEN in file.h
                                                                                                  • API String ID: 1527718024-3117943643
                                                                                                  • Opcode ID: fba153644841d9d633645a5f915deb0b51f65ca6d1ef2bcd065c987c7e33d3ae
                                                                                                  • Instruction ID: bf2b3bdd293642fb5adb385609ac5167304f27f12d40f780fba9c895d4c17ab7
                                                                                                  • Opcode Fuzzy Hash: fba153644841d9d633645a5f915deb0b51f65ca6d1ef2bcd065c987c7e33d3ae
                                                                                                  • Instruction Fuzzy Hash: 83212713F0564141EE049B16B9113BAA3517BAABE8F485231EE2C837D5EE3EE556C309
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED3415FE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@AddressProc
                                                                                                  • String ID: Ntdll$RtlNtStatusToDosError
                                                                                                  • API String ID: 1488122300-1102361255
                                                                                                  • Opcode ID: d828fbeb86e20aedaf894eb90985925bfd5663f1558a92869cc22291c30423d2
                                                                                                  • Instruction ID: f6f9ad7d962cc878df0f9322c8703304a0435d0aefbb2ec3696b792527edd426
                                                                                                  • Opcode Fuzzy Hash: d828fbeb86e20aedaf894eb90985925bfd5663f1558a92869cc22291c30423d2
                                                                                                  • Instruction Fuzzy Hash: BB0184A7E0990685FA14CB24DC803B8A291EF76350F644535C81EC76E5FE3FE44A8206
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED341EFE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@AddressProc
                                                                                                  • String ID: NtClose$Ntdll
                                                                                                  • API String ID: 1488122300-3466116513
                                                                                                  • Opcode ID: 694f4b106a6329ac9bb9c728044f43d562872ce62e79b317daf082a72388d9e7
                                                                                                  • Instruction ID: dd12fe92bfb64b69dc1eb6e5a77b8ee45f7d7c09e1f76ee5dce6aeb2e349abd3
                                                                                                  • Opcode Fuzzy Hash: 694f4b106a6329ac9bb9c728044f43d562872ce62e79b317daf082a72388d9e7
                                                                                                  • Instruction Fuzzy Hash: 2AE0ED52F49A0A81FE18CB51A8913B0D2D1DF7A754F581074C94DCB3A1FF3EA49B931A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED2E5980 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wassert
                                                                                                  • String ID: dos_locale.c$i < ARRAYSIZE(cp_hr_list)
                                                                                                  • API String ID: 3234217646-510040248
                                                                                                  • Opcode ID: 62f4b9d686e15a7b96353951a222f0652db5790057093418bc9a362205c5fb66
                                                                                                  • Instruction ID: f3d6fa5a3d0705a94b7316cb2b5d7518f10937822cef32833f893b59ef67759e
                                                                                                  • Opcode Fuzzy Hash: 62f4b9d686e15a7b96353951a222f0652db5790057093418bc9a362205c5fb66
                                                                                                  • Instruction Fuzzy Hash: 81E0DFE2A29506C6FF00CB24D8413A963A0AB163D4FE05431CA1EC3224FE2DE696C30A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED354B2D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wassert
                                                                                                  • String ID: msf != 0$sector.c
                                                                                                  • API String ID: 3234217646-3024698422
                                                                                                  • Opcode ID: b5d02ccea9ee934dd82251475b612da95bfff36db7d46f2480434c5208f78ee9
                                                                                                  • Instruction ID: 83ff7cac13cb9407d0fdbc1f4ea887d4d2f0d4cf3746b791fb72f51e9391026e
                                                                                                  • Opcode Fuzzy Hash: b5d02ccea9ee934dd82251475b612da95bfff36db7d46f2480434c5208f78ee9
                                                                                                  • Instruction Fuzzy Hash: B0D05EA3E1D40380FD5C4728DD94371E261AF36341FA00035D10F8B2E87E6F6586870B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED353DE5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wassert
                                                                                                  • String ID: ds.c$p_list != ((void *)0)
                                                                                                  • API String ID: 3234217646-4211348559
                                                                                                  • Opcode ID: 2723e7a7e5e54c62a13f64c471fc8d1e73087067b397bbd475cf0a9bd7cbce73
                                                                                                  • Instruction ID: 3dccacec94767b26378d70035fc814e3fd8ee6866725d734a6679900fb223ca1
                                                                                                  • Opcode Fuzzy Hash: 2723e7a7e5e54c62a13f64c471fc8d1e73087067b397bbd475cf0a9bd7cbce73
                                                                                                  • Instruction Fuzzy Hash: F6D0C916B17A0AD1EE24A70ADD803649660BB26749FE04031C90D83264EE2EE557878A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF6ED353CAF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.68344712855.00007FF6ED2E1000.00000040.00000001.01000000.00000006.sdmp, Offset: 00007FF6ED2E0000, based on PE: true
                                                                                                  • Associated: 0000000B.00000002.68344637288.00007FF6ED2E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3DF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3E7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3EA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3F5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FA000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED3FE000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED40A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B2000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5B4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED5DD000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68344712855.00007FF6ED6B0000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                  • Associated: 0000000B.00000002.68346458769.00007FF6ED6B4000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_7ff6ed2e0000_rufus-4.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wassert
                                                                                                  • String ID: ds.c$p_list != ((void *)0)
                                                                                                  • API String ID: 3234217646-4211348559
                                                                                                  • Opcode ID: b85a03b424f4d2cb62414155c812b073a9bd8fa9dec3346326bbfcbc97b7332c
                                                                                                  • Instruction ID: 9db503a9f65d588a26c133a9123647597aae249597dc1205c7a6c624fce5707f
                                                                                                  • Opcode Fuzzy Hash: b85a03b424f4d2cb62414155c812b073a9bd8fa9dec3346326bbfcbc97b7332c
                                                                                                  • Instruction Fuzzy Hash: C6D0C966B1B94BD2EE24A715D980370A260BB2A705FE00034D50DC3254AE2EE556874A
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%