rms | bdba65b52977eb62aba2c7372c1e348d186ff85fedea5aeb12971f6e1463061d

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/12/2023, 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d0d1e6db6ece466654e6e073d494918.exe
Size

4.0MB
MD5

6d0d1e6db6ece466654e6e073d494918
SHA1

84e969d9a3397c391a6a00cf0dff4cea5eea9749
SHA256

bdba65b52977eb62aba2c7372c1e348d186ff85fedea5aeb12971f6e1463061d
SHA512

9b5109eb4734b51e463693d1e794d9d55cecff5280e1806945142b7445d9d6ca0b5dc02dd7dc120a9b1d59ffb4357e5dfbab852d7bdf2f715e1e8c28ade0f081
SSDEEP

98304:SXz+7xDq3yXD2JWm+NaRpHJomk4l4JTVJHg:aKFqCXD2JOorxk4lWHHg

Score

10^/10

rms discovery evasion rat trojan upx

Malware Config

Signatures

RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
trojan rat rms

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
3640	attrib.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	6d0d1e6db6ece466654e6e073d494918.exe

Executes dropped EXE 7 IoCs

pid	Process
3592	rutserv.exe
1504	rutserv.exe
1748	rutserv.exe
560	rutserv.exe
4580	rfusclient.exe
3060	rfusclient.exe
2328	rfusclient.exe

UPX packed file 35 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023206-36.dat	upx
behavioral2/files/0x0006000000023224-52.dat	upx
behavioral2/files/0x0006000000023224-49.dat	upx
behavioral2/files/0x000a0000000231fc-48.dat	upx
behavioral2/memory/3592-53-0x0000000000400000-0x0000000000ABB000-memory.dmp	upx
behavioral2/memory/3592-55-0x0000000000400000-0x0000000000ABB000-memory.dmp	upx
behavioral2/files/0x0006000000023224-41.dat	upx
behavioral2/files/0x0006000000023224-56.dat	upx
behavioral2/files/0x000700000002320f-39.dat	upx
behavioral2/files/0x000a0000000231fc-38.dat	upx
behavioral2/memory/1504-59-0x0000000000400000-0x0000000000ABB000-memory.dmp	upx
behavioral2/memory/1504-57-0x0000000000400000-0x0000000000ABB000-memory.dmp	upx
behavioral2/files/0x0006000000023224-60.dat	upx
behavioral2/memory/1748-61-0x0000000000400000-0x0000000000ABB000-memory.dmp	upx
behavioral2/files/0x0006000000023224-63.dat	upx
behavioral2/files/0x000a0000000231fc-66.dat	upx
behavioral2/memory/4580-68-0x0000000000400000-0x00000000009B9000-memory.dmp	upx
behavioral2/memory/1748-67-0x0000000000400000-0x0000000000ABB000-memory.dmp	upx
behavioral2/memory/3060-69-0x0000000000400000-0x00000000009B9000-memory.dmp	upx
behavioral2/files/0x000a0000000231fc-65.dat	upx
behavioral2/files/0x000a0000000231fc-74.dat	upx
behavioral2/memory/2328-77-0x0000000000400000-0x00000000009B9000-memory.dmp	upx
behavioral2/memory/2328-75-0x0000000000400000-0x00000000009B9000-memory.dmp	upx
behavioral2/memory/560-78-0x0000000000400000-0x0000000000ABB000-memory.dmp	upx
behavioral2/memory/4580-79-0x0000000000400000-0x00000000009B9000-memory.dmp	upx
behavioral2/memory/3060-80-0x0000000000400000-0x00000000009B9000-memory.dmp	upx
behavioral2/memory/3060-82-0x0000000000400000-0x00000000009B9000-memory.dmp	upx
behavioral2/memory/560-88-0x0000000000400000-0x0000000000ABB000-memory.dmp	upx
behavioral2/memory/3060-90-0x0000000000400000-0x00000000009B9000-memory.dmp	upx
behavioral2/memory/560-92-0x0000000000400000-0x0000000000ABB000-memory.dmp	upx
behavioral2/memory/3060-94-0x0000000000400000-0x00000000009B9000-memory.dmp	upx
behavioral2/memory/560-105-0x0000000000400000-0x0000000000ABB000-memory.dmp	upx
behavioral2/memory/3060-107-0x0000000000400000-0x00000000009B9000-memory.dmp	upx
behavioral2/memory/560-112-0x0000000000400000-0x0000000000ABB000-memory.dmp	upx
behavioral2/memory/560-123-0x0000000000400000-0x0000000000ABB000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 20 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\ProHackInc\NewProduct\vp8decoder.dll	6d0d1e6db6ece466654e6e073d494918.exe
File created	C:\Program Files\rtsd\rutserv.exe	cmd.exe
File created	C:\Program Files\rtsd\vp8decoder.dll	cmd.exe
File opened for modification	C:\Program Files\rtsd\vp8encoder.dll	cmd.exe
File opened for modification	C:\Program Files\rtsd\vp8encoder.dll	attrib.exe
File opened for modification	C:\Program Files (x86)\ProHackInc\NewProduct\rfusclient.exe	6d0d1e6db6ece466654e6e073d494918.exe
File created	C:\Program Files (x86)\ProHackInc\NewProduct\Uninstall.ini	6d0d1e6db6ece466654e6e073d494918.exe
File opened for modification	C:\Program Files\rtsd\rutserv.exe	cmd.exe
File opened for modification	C:\Program Files\rtsd\vp8decoder.dll	cmd.exe
File opened for modification	C:\Program Files (x86)\ProHackInc\NewProduct\install.bat	6d0d1e6db6ece466654e6e073d494918.exe
File opened for modification	C:\Program Files (x86)\ProHackInc\NewProduct\rutserv.exe	6d0d1e6db6ece466654e6e073d494918.exe
File created	C:\Program Files\rtsd\rfusclient.exe	cmd.exe
File opened for modification	C:\Program Files (x86)\ProHackInc\NewProduct\regedit.reg	6d0d1e6db6ece466654e6e073d494918.exe
File opened for modification	C:\Program Files (x86)\ProHackInc\NewProduct\vp8encoder.dll	6d0d1e6db6ece466654e6e073d494918.exe
File opened for modification	C:\Program Files (x86)\ProHackInc\NewProduct\Uninstall.exe	6d0d1e6db6ece466654e6e073d494918.exe
File opened for modification	C:\Program Files\rtsd\rfusclient.exe	cmd.exe
File created	C:\Program Files\rtsd\vp8encoder.dll	cmd.exe
File opened for modification	C:\Program Files\rtsd\rfusclient.exe	attrib.exe
File opened for modification	C:\Program Files\rtsd\rutserv.exe	attrib.exe
File opened for modification	C:\Program Files\rtsd\vp8decoder.dll	attrib.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 2 IoCs

evasion

pid	Process
1108	taskkill.exe
1500	taskkill.exe

Runs .reg file with regedit 1 IoCs

pid	Process
4672	regedit.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3592	rutserv.exe
3592	rutserv.exe
3592	rutserv.exe
3592	rutserv.exe
3592	rutserv.exe
3592	rutserv.exe
1504	rutserv.exe
1504	rutserv.exe
1748	rutserv.exe
1748	rutserv.exe
560	rutserv.exe
560	rutserv.exe
560	rutserv.exe
560	rutserv.exe
560	rutserv.exe
560	rutserv.exe
4580	rfusclient.exe
4580	rfusclient.exe

Suspicious behavior: SetClipboardViewer 1 IoCs

pid	Process
2328	rfusclient.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1108	taskkill.exe
Token: SeDebugPrivilege	1500	taskkill.exe
Token: SeDebugPrivilege	3592	rutserv.exe
Token: SeDebugPrivilege	1748	rutserv.exe
Token: SeTakeOwnershipPrivilege	560	rutserv.exe
Token: SeTcbPrivilege	560	rutserv.exe
Token: SeTcbPrivilege	560	rutserv.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3592	rutserv.exe
1504	rutserv.exe
1748	rutserv.exe
560	rutserv.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2132	3064	6d0d1e6db6ece466654e6e073d494918.exe	91
PID 3064 wrote to memory of 2132	3064	6d0d1e6db6ece466654e6e073d494918.exe	91
PID 3064 wrote to memory of 2132	3064	6d0d1e6db6ece466654e6e073d494918.exe	91
PID 2132 wrote to memory of 1108	2132	cmd.exe	92
PID 2132 wrote to memory of 1108	2132	cmd.exe	92
PID 2132 wrote to memory of 1108	2132	cmd.exe	92
PID 2132 wrote to memory of 1500	2132	cmd.exe	94
PID 2132 wrote to memory of 1500	2132	cmd.exe	94
PID 2132 wrote to memory of 1500	2132	cmd.exe	94
PID 2132 wrote to memory of 4140	2132	cmd.exe	95
PID 2132 wrote to memory of 4140	2132	cmd.exe	95
PID 2132 wrote to memory of 4140	2132	cmd.exe	95
PID 2132 wrote to memory of 4672	2132	cmd.exe	96
PID 2132 wrote to memory of 4672	2132	cmd.exe	96
PID 2132 wrote to memory of 4672	2132	cmd.exe	96
PID 2132 wrote to memory of 3640	2132	cmd.exe	99
PID 2132 wrote to memory of 3640	2132	cmd.exe	99
PID 2132 wrote to memory of 3640	2132	cmd.exe	99
PID 2132 wrote to memory of 3592	2132	cmd.exe	97
PID 2132 wrote to memory of 3592	2132	cmd.exe	97
PID 2132 wrote to memory of 3592	2132	cmd.exe	97
PID 2132 wrote to memory of 1504	2132	cmd.exe	100
PID 2132 wrote to memory of 1504	2132	cmd.exe	100
PID 2132 wrote to memory of 1504	2132	cmd.exe	100
PID 2132 wrote to memory of 1748	2132	cmd.exe	102
PID 2132 wrote to memory of 1748	2132	cmd.exe	102
PID 2132 wrote to memory of 1748	2132	cmd.exe	102
PID 560 wrote to memory of 3060	560	rutserv.exe	103
PID 560 wrote to memory of 4580	560	rutserv.exe	104
PID 560 wrote to memory of 3060	560	rutserv.exe	103
PID 560 wrote to memory of 3060	560	rutserv.exe	103
PID 560 wrote to memory of 4580	560	rutserv.exe	104
PID 560 wrote to memory of 4580	560	rutserv.exe	104
PID 4580 wrote to memory of 2328	4580	rfusclient.exe	107
PID 4580 wrote to memory of 2328	4580	rfusclient.exe	107
PID 4580 wrote to memory of 2328	4580	rfusclient.exe	107

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3640	attrib.exe

C:\Users\Admin\AppData\Local\Temp\6d0d1e6db6ece466654e6e073d494918.exe
"C:\Users\Admin\AppData\Local\Temp\6d0d1e6db6ece466654e6e073d494918.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ProHackInc\NewProduct\install.bat" "
  2⤵
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:2132
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im 4t4t5
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1108
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im g4rgt
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1500
- - C:\Windows\SysWOW64\reg.exe
    reg delete "70t9j" /f
    3⤵
    PID:4140
- - C:\Windows\SysWOW64\regedit.exe
    regedit /s "regedit.reg"
    3⤵
    - Runs .reg file with regedit
    PID:4672
- - C:\Program Files\rtsd\rutserv.exe
    rutserv.exe /silentinstall
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3592
- - C:\Windows\SysWOW64\attrib.exe
    attrib +s +h "C:\Program Files\rtsd\*.*"
    3⤵
    - Sets file to hidden
    - Drops file in Program Files directory
    - Views/modifies file attributes
    PID:3640
- - C:\Program Files\rtsd\rutserv.exe
    rutserv.exe /firewall
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1504
- - C:\Program Files\rtsd\rutserv.exe
    rutserv.exe /start
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1748

C:\Program Files\rtsd\rutserv.exe
"C:\Program Files\rtsd\rutserv.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:560
- C:\Program Files\rtsd\rfusclient.exe
  "C:\Program Files\rtsd\rfusclient.exe" /tray
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Program Files\rtsd\rfusclient.exe
  "C:\Program Files\rtsd\rfusclient.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4580
- - C:\Program Files\rtsd\rfusclient.exe
    "C:\Program Files\rtsd\rfusclient.exe" /tray
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: SetClipboardViewer
    PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ProHackInc\NewProduct\install.bat

Filesize
864B

MD5
762d397f5115695e6730b5e65171ed5f

SHA1
d0a22dbe480cb9b0e9f7d78fe2d55fcf687b8050

SHA256
86cf30803b8c50f223aa4967878b7521edd2d96c10f02189c12900e96846c459

SHA512
0df80d223c8543156ee5050bd3b80fc96768136912e28f09fc99c57237ee8b9d94e28fe8d0859c5bc588a3b6b77e865dee8e09876cc5795bf9affb7d9a435dc8

Download Submit
C:\Program Files (x86)\ProHackInc\NewProduct\regedit.reg

Filesize
12KB

MD5
2edcbd983afe6216e4f3880bc88cb0a5

SHA1
4a4c0a969960d74c0c7430370dab2dda22eece16

SHA256
cd1de48eb8664eecf2f99a95e2e9c1165657570de3e468117eb00e2ef6f37fa4

SHA512
353005e914bc7799e1c6689c82169d4517e8f3ca83fa40bc5def3328a0b30670e8b3abc933908a3520fc629f04bc6ecbbe7fdef3fe97eb033f8b12623dfecb76

Download Submit
C:\Program Files (x86)\ProHackInc\NewProduct\rfusclient.exe

Filesize
409KB

MD5
cabfa7431a17e514bcb621f6decaab9b

SHA1
5e455d082a51ec28b5c9be65f18eda05f089a42c

SHA256
90c8c966d2c03f4d3b64f3d15fe6ca90bb87f6d228b8d2507a22080870fd27b7

SHA512
f468bf15edd99d82b18f9a7d6f6d4a39aaa437d6b3b5475b5b3744e2bb29ef8cc5ac98db4920e5755dfb4f40cb9e2a764e71e20e587ae2ffda9a9cb4260be986

Download Submit
C:\Program Files (x86)\ProHackInc\NewProduct\rutserv.exe

Filesize
581KB

MD5
ef78b9807c1575ab87e68de73bb237fe

SHA1
389d479bbbf39ae7d47583251d3d59cc33f03edc

SHA256
f902d05cf0f81a951bb04e1e33a78f821ff0d1f57e4ab2633a2ca3fd5de3e76f

SHA512
7d474b7e1a7316ae47a5579236dc96b882e081b6d07b40c73a2190bfc01ba291d58fbe51742a3f1ef7845deab4fb90231ed865555f5efa902eb46615d21d6f73

Download Submit
C:\Program Files (x86)\ProHackInc\NewProduct\vp8decoder.dll

Filesize
179KB

MD5
f20ff5b59a8fe9094d0d87f29625653e

SHA1
2eeb851071e76d888ac2441504271f5803ea7aa3

SHA256
dda082ee8f9f4461e89e27ad9c7e022e96c3e290eff6f161f140123269af2ec2

SHA512
f1002900cacf104141e6fc032090c82a2acb504f9249cd3e93198a05c401c22933c9dd4552161de4103834d96bd5a3e5a6d33b95fb15529d8fe353e2874a28ac

Download Submit
C:\Program Files (x86)\ProHackInc\NewProduct\vp8encoder.dll

Filesize
120KB

MD5
25da32696900eb2eb7e922ad7b506e75

SHA1
c182fcccdfdf329e09bb8c62a6b00dba2c6bf25e

SHA256
675c25e86bb5007517735523f65621814ed18a0db94ef69ae41756b89582995a

SHA512
bb2019b426eb62143bc6467e075902e12140a629605c67671ce024ff2d3d4f9a8bbe6f5cc999bf74d9bc57dd82608260259357c37f7c19bec176d674a31e5cf5

Download Submit
C:\Program Files\rtsd\rfusclient.exe

Filesize
520KB

MD5
e1dc540c8295d8e7bec7e2c8a711bfef

SHA1
eef5d073cccd46caee5e8cd05e205997c0f06a12

SHA256
2bf57084535e3682cd52bc4f1fdbd47761ea5b9bd5ef5a1e0e2662aa5d3854ac

SHA512
5293b296db42f5be65923eeb3e9897a17306a8939fd34e6918107b02dabc82b5cf060d333e2b5051bf249e21ddd9115993abdd3f55f8d7a6ee4f10849a14723f

Download Submit
C:\Program Files\rtsd\rfusclient.exe

Filesize
108KB

MD5
7570adf4b1a8f58370aa47efc068f91e

SHA1
fe072480062d011a9a5b334424743a5560cf17f4

SHA256
c8875c0e3535a295e33ea4cd61cf1f60c7473dd23e2892c9ccdeae0f50ab8a76

SHA512
c3060ffe888665b9b9076a0a152cb1837b94ef969a9698c7b86c316b127ec82a419a42d4e656af8ccbbb55361dad3562639d88fba60d8f0e7658e0d3146850f5

Download Submit
C:\Program Files\rtsd\rfusclient.exe

Filesize
285KB

MD5
db06941194f4058e09f0ed459d60ab46

SHA1
779f20cfcfd0d18af3e8449d7b61f48813fbb416

SHA256
d624c644198a4a393b2f3c90b196fbe167d1faba8ea671e597b85e86193a40db

SHA512
e906cd98af1e2ca0e1e9ebdcb65f9722db612cbf499bd45ab19260f953dfbba9b119f0ae0992b78ba796ec00ee5ebb3d5dba1af0fcb6c4414ceff336d5421fb7

Download Submit
C:\Program Files\rtsd\rfusclient.exe

Filesize
260KB

MD5
c5805b8db176260bc934acd6e8748e8c

SHA1
b82b50a572842e505fafeeb43d2036e7fe78e197

SHA256
8c72e99b6b22f354c94b79e58179384129610f4eb40e19663fc343fcdd4c782d

SHA512
73e09d243de38f0433304a8215b611bf83a57db1e3c98d6b0ecb8f206d059d48251565dbe7e9368788eae9c4cad17387db76c32b70757fb5b527cb87a120b24b

Download Submit
C:\Program Files\rtsd\rfusclient.exe

Filesize
181KB

MD5
85017daefb8d8176132fd1b0b94cf4f2

SHA1
eed58ae9b097470ee60048705160e81656a181e4

SHA256
65d8b518d666416c0fa16c7eb777d6a5c86fd7e8a72016659919115e37af7b9c

SHA512
d8fe9b12a54d9dc69061cf963b70d9d17a06ab9f7dd1f01617668331ce975597e2d33c7e43c57528ad735ad7883e42accd5249c574cfdcdf82cde33cc2fb2ead

Download Submit
C:\Program Files\rtsd\rutserv.exe

Filesize
222KB

MD5
eded3c8c4bbf10e04506e0259f7586a7

SHA1
d167c099c2e3f7134d5330a8a8c175d76c05b03f

SHA256
61ce9fc6772346614a9795ef73986d884bedbcf0b5dd75ee9ea6027f273505a2

SHA512
7c1f057f6ec55a5742cfd15992d3e7dc2f2282c75730537bebfc8a010bad85018e05cdc5614bb76f2a33ad72162053976068f4d063be563e30668e075682fb31

Download Submit
C:\Program Files\rtsd\rutserv.exe

Filesize
92KB

MD5
1e85177a3218518c226d582e06bbc0e9

SHA1
51d76b910743bc333500b860d553c4e81c2c1b11

SHA256
ddea7cf570c543c832cfb8c2068a0fabefeace8683ff9e8d6a2b6dc4cf79d284

SHA512
8291259d8d8ec8f18252931a53b554e655aa1f2338615f0ebdc0ca590015c56bea71c4a9f1ffb9a486a27123abcece2f5399fac95874b72b47b9016eddaa0dda

Download Submit
C:\Program Files\rtsd\rutserv.exe

Filesize
127KB

MD5
8b4832d3e28c726f734189f9179755f2

SHA1
eedd1090a1cff27658d93de3906b9eb05eec7718

SHA256
54ba2f379b1d54ca537fdee334f98f83f8e74dfc4a1ecde4e1181a2b0e9d82d0

SHA512
7e65cce5e7956a00e6055480f9c4b87ae06fa5a30595cbb59b87706aa730490c8902cb9a4cd2a3fa9fd2adcf5e1fcc5444a740debd4221d2927a94e96c072237

Download Submit
C:\Program Files\rtsd\rutserv.exe

Filesize
22KB

MD5
1697e54efd93df3f95feb5bbc71f804f

SHA1
4bd4be9c7d89c9f298560ed859a098aa3788df44

SHA256
bc2fcd2abaaed0bbcaa47b4aa6c6ed4cd543201a9b3757b34524f0a6ad54429d

SHA512
0ca0612330c92024b551e609c032bfb8faf4fb0eb575b7375e6bf68e6baf0db607ad158485b60c376ec9b4d5e720d34230040be741e5a2e9765b80b7ec0cccdc

Download Submit
C:\Program Files\rtsd\rutserv.exe

Filesize
351KB

MD5
4b3cb75f08df69554ba3c33a7631ce4b

SHA1
2499dd027788f7c3fb606b80f0c5c9c73ca1af14

SHA256
a590f2c70bee00a50326b6646d90d8123be34260b012d538c8ecaea0cf071d8e

SHA512
02fe7156ac2698fa2e9f1f2c85ebe03088bee6d15db113608d8246f7dd9a7e52f0924e5f66c1c2a7fb8c71db3d711e2d391ef73edcf8da10cb109a4118f1956f

Download Submit
C:\Program Files\rtsd\rutserv.exe

Filesize
344KB

MD5
52cd956fd5392c508d3b8b25b16a37f7

SHA1
df3f162ed47a638af614ac5fec0bec34cfec69f3

SHA256
b9e299cd412b973b8e84fa2349215de6d77a45f1300cb6f3d01e718935cbb28d

SHA512
9cd8f607288c4f704b7beb4164f09ed83b62a34054edf00589c2c8049e2a63fe3acbfdf8ff46d3851fa99c95b822c60e042d3cfc3c24763badecf8ebf6857f3f

Download Submit
C:\Program Files\rtsd\vp8decoder.dll

Filesize
169KB

MD5
b662e3b3e6196e3afadc2d14fd0389b5

SHA1
7bf707fce8066a8a1abc85cefc0d4fb9c609fd51

SHA256
01d17ba98143ef55bd42862198fd8b20ba799b4210e44bbc428af8ebdbcd1a67

SHA512
33b3bba6cbd647ec22d3dcd8a3a192750ba916f2ff37710580488a5dfe8d8083a90446165ca534c3a9248f6f7a3b73f18a9f22568cfe18dbe6c3ea5278d91bc5

Download Submit
C:\Program Files\rtsd\vp8decoder.dll

Filesize
83KB

MD5
143b4e84863b65ee0b230a56242118c1

SHA1
e1fdfb6e326afb247a88c037d46a1ac56d2562b1

SHA256
9044f8f337c904515559c85b08e8e45ba94c70283f3e7b8c5698b29a0b15cf0f

SHA512
74b141efa0579f1742739814b1fb960b3d1cfe6a635db168d101a51b54ecd6cc55dbbddc2c483ec69139b53b0cc001e80f18819f88c7d2c52bfa5ad8d001e143

Download Submit
C:\Program Files\rtsd\vp8encoder.dll

Filesize
133KB

MD5
cb5abd67057adc764861197a71836674

SHA1
5a13854e2bac1642d4868d1ae05f4b29816da351

SHA256
d0c815ebe19cf14a91cc942532eb395785e72210a925b3d4b7515dbfcdd4e0ff

SHA512
0f86183a3638cd2160b4bff0a8b9b02ebd8f893edc1cdb3a188df2ee9d8490a43cb596f27adbc98c3fd7689d0298350e0312e98651c326dbd62232574ce968f0

Download Submit
C:\Program Files\rtsd\vp8encoder.dll

Filesize
76KB

MD5
a7f1379445e6fdb8ebf98cc38a323492

SHA1
432dcf2e78e891499eebce848f7468429c0e8947

SHA256
99a6f4e6877babc8ee66fc712eb2439e707e676ed4512e36dbf90258f4df4874

SHA512
cb6c027a76198f7c625d0e72c3c28ac139c2bf146bcb9cbea62dfa4f33d1c1804b78cc365503aec64075d8b59151ee7198dd6c387b4d9b6ea37c5b2655073731

Download Submit
memory/560-64-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

Filesize
4KB

Download
memory/560-105-0x0000000000400000-0x0000000000ABB000-memory.dmp

Filesize
6.7MB

Download
memory/560-78-0x0000000000400000-0x0000000000ABB000-memory.dmp

Filesize
6.7MB

Download
memory/560-81-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

Filesize
4KB

Download
memory/560-88-0x0000000000400000-0x0000000000ABB000-memory.dmp

Filesize
6.7MB

Download
memory/560-92-0x0000000000400000-0x0000000000ABB000-memory.dmp

Filesize
6.7MB

Download
memory/560-123-0x0000000000400000-0x0000000000ABB000-memory.dmp

Filesize
6.7MB

Download
memory/560-112-0x0000000000400000-0x0000000000ABB000-memory.dmp

Filesize
6.7MB

Download
memory/1504-58-0x0000000000DD0000-0x0000000000DD1000-memory.dmp

Filesize
4KB

Download
memory/1504-57-0x0000000000400000-0x0000000000ABB000-memory.dmp

Filesize
6.7MB

Download
memory/1504-59-0x0000000000400000-0x0000000000ABB000-memory.dmp

Filesize
6.7MB

Download
memory/1748-67-0x0000000000400000-0x0000000000ABB000-memory.dmp

Filesize
6.7MB

Download
memory/1748-62-0x0000000000FD0000-0x0000000000FD1000-memory.dmp

Filesize
4KB

Download
memory/1748-61-0x0000000000400000-0x0000000000ABB000-memory.dmp

Filesize
6.7MB

Download
memory/2328-75-0x0000000000400000-0x00000000009B9000-memory.dmp

Filesize
5.7MB

Download
memory/2328-77-0x0000000000400000-0x00000000009B9000-memory.dmp

Filesize
5.7MB

Download
memory/2328-76-0x0000000000E90000-0x0000000000E91000-memory.dmp

Filesize
4KB

Download
memory/3060-82-0x0000000000400000-0x00000000009B9000-memory.dmp

Filesize
5.7MB

Download
memory/3060-70-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/3060-107-0x0000000000400000-0x00000000009B9000-memory.dmp

Filesize
5.7MB

Download
memory/3060-80-0x0000000000400000-0x00000000009B9000-memory.dmp

Filesize
5.7MB

Download
memory/3060-69-0x0000000000400000-0x00000000009B9000-memory.dmp

Filesize
5.7MB

Download
memory/3060-86-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/3060-94-0x0000000000400000-0x00000000009B9000-memory.dmp

Filesize
5.7MB

Download
memory/3060-90-0x0000000000400000-0x00000000009B9000-memory.dmp

Filesize
5.7MB

Download
memory/3064-33-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/3592-53-0x0000000000400000-0x0000000000ABB000-memory.dmp

Filesize
6.7MB

Download
memory/3592-54-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/3592-55-0x0000000000400000-0x0000000000ABB000-memory.dmp

Filesize
6.7MB

Download
memory/4580-71-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/4580-68-0x0000000000400000-0x00000000009B9000-memory.dmp

Filesize
5.7MB

Download
memory/4580-79-0x0000000000400000-0x00000000009B9000-memory.dmp

Filesize
5.7MB

Download