rms | c2bc915e8d7cd7db85562825fd911a3cb2c72e7e846edde152c18d6e236f6ed8

Analysis

max time kernel
147s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab331fd318fdc268d79d9bd4a4e01a02292041b70403da4f36fe8f310122cc72.exe
Size

13.4MB
MD5

7fc38f5d43fe8f667cdeb77271f1a63c
SHA1

b2e560e020f5902792dc2ea5cf16df30c60bf93a
SHA256

c2bc915e8d7cd7db85562825fd911a3cb2c72e7e846edde152c18d6e236f6ed8
SHA512

b591467372ff3a3a044daea47ae491936d091ecdd91a22a0fcfbfd949b7bb044d589f7f54f7fbbedaddc8a5ac5b0aaa62e849618034c9b22dfb10b52e051d6d2
SSDEEP

196608:svN0dTdMShx5GBzSSEGdIBCFucTCreKQay7x2FV3cuvsZIC192LDXz68buR:eaBTmHIBwHL7x2FV32l92/XzhuR

Score

10^/10

rms rat trojan

Malware Config

Signatures

RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
trojan rat rms

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

rfusclient.exerutserv.exerfusclient.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Control Panel\International\Geo\Nation	rfusclient.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Control Panel\International\Geo\Nation	rutserv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Control Panel\International\Geo\Nation	rfusclient.exe

Executes dropped EXE 4 IoCs

Processes:

rfusclient.exerutserv.exerutserv.exerfusclient.exe

pid	Process
2660	rfusclient.exe
1632	rutserv.exe
2296	rutserv.exe
1316	rfusclient.exe

Loads dropped DLL 9 IoCs

Processes:

ab331fd318fdc268d79d9bd4a4e01a02292041b70403da4f36fe8f310122cc72.exerfusclient.exerutserv.exerutserv.exe

pid	Process
2232	ab331fd318fdc268d79d9bd4a4e01a02292041b70403da4f36fe8f310122cc72.exe
2660	rfusclient.exe
2660	rfusclient.exe
2660	rfusclient.exe
2660	rfusclient.exe
1632	rutserv.exe
1632	rutserv.exe
2296	rutserv.exe
2296	rutserv.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

rutserv.exerutserv.exe

pid	Process
1632	rutserv.exe
1632	rutserv.exe
1632	rutserv.exe
1632	rutserv.exe
1632	rutserv.exe
1632	rutserv.exe
2296	rutserv.exe
2296	rutserv.exe
2296	rutserv.exe
2296	rutserv.exe
2296	rutserv.exe
2296	rutserv.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

rutserv.exerutserv.exe

description	pid	Process
Token: SeDebugPrivilege	1632	rutserv.exe
Token: SeTakeOwnershipPrivilege	2296	rutserv.exe
Token: SeTcbPrivilege	2296	rutserv.exe
Token: SeTcbPrivilege	2296	rutserv.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

rfusclient.exe

pid	Process
1316	rfusclient.exe
1316	rfusclient.exe

Suspicious use of SendNotifyMessage 2 IoCs

Processes:

rfusclient.exe

pid	Process
1316	rfusclient.exe
1316	rfusclient.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

rutserv.exerutserv.exe

pid	Process
1632	rutserv.exe
1632	rutserv.exe
1632	rutserv.exe
1632	rutserv.exe
2296	rutserv.exe
2296	rutserv.exe
2296	rutserv.exe
2296	rutserv.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

ab331fd318fdc268d79d9bd4a4e01a02292041b70403da4f36fe8f310122cc72.exerfusclient.exerutserv.exe

description	pid	Process	procid_target
PID 2232 wrote to memory of 2660	2232	ab331fd318fdc268d79d9bd4a4e01a02292041b70403da4f36fe8f310122cc72.exe	28
PID 2232 wrote to memory of 2660	2232	ab331fd318fdc268d79d9bd4a4e01a02292041b70403da4f36fe8f310122cc72.exe	28
PID 2232 wrote to memory of 2660	2232	ab331fd318fdc268d79d9bd4a4e01a02292041b70403da4f36fe8f310122cc72.exe	28
PID 2232 wrote to memory of 2660	2232	ab331fd318fdc268d79d9bd4a4e01a02292041b70403da4f36fe8f310122cc72.exe	28
PID 2660 wrote to memory of 1632	2660	rfusclient.exe	29
PID 2660 wrote to memory of 1632	2660	rfusclient.exe	29
PID 2660 wrote to memory of 1632	2660	rfusclient.exe	29
PID 2660 wrote to memory of 1632	2660	rfusclient.exe	29
PID 2296 wrote to memory of 1316	2296	rutserv.exe	31
PID 2296 wrote to memory of 1316	2296	rutserv.exe	31
PID 2296 wrote to memory of 1316	2296	rutserv.exe	31
PID 2296 wrote to memory of 1316	2296	rutserv.exe	31

C:\Users\Admin\AppData\Local\Temp\ab331fd318fdc268d79d9bd4a4e01a02292041b70403da4f36fe8f310122cc72.exe
"C:\Users\Admin\AppData\Local\Temp\ab331fd318fdc268d79d9bd4a4e01a02292041b70403da4f36fe8f310122cc72.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rfusclient.exe
  "C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rfusclient.exe" -run_agent
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rutserv.exe
    "C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rutserv.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1632
  - - C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rutserv.exe
      "C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rutserv.exe" -second
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2296
    - - C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rfusclient.exe
        
        "C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rfusclient.exe" /tray /user
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\EULA.rtf

Filesize
114KB

MD5
c3d7db3461db0dbb8a1d2a937b1d6252

SHA1
35fafe6c6812f20454c709b0a43a21bf7e9f66bf

SHA256
cf8e39ce145e36d672cb2a140b3f33e0a1337975d7840e1d6a1920ce560bba46

SHA512
9759895e5d4f289e6227f65f46b24ad7f2607443bebd9b039f1cf42bd74c986a597d5de4bef70510c4463874a01695ca2f7ccbd231d6ef5316250d7492c48675

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\English.lg

Filesize
58KB

MD5
246286feb0ed55eaf4251e256d2fe47e

SHA1
bc76b013918e4c1bd6dff44708a760496d8c717c

SHA256
64c70065830cc623be55c73a940aa3da57c134ee459afbd983ff17960dc57c27

SHA512
900e670259fb3b5762c0242236ce86fcdd04300407fc4d79959edfed99bbec58b4e10048a2b9ef54e709d00717870bf09c7b5fb2f5fa3cfe844682d2bb36f12f

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\Russian.lg

Filesize
64KB

MD5
ff01d823419a6c243257aedfba479030

SHA1
00d307827b42c4ca7180c52f2f79000bfc274cd3

SHA256
b4fb1ae9896834dae6f20a1d79ca07ce0d6096eff589e2b48f1a5464995e96c1

SHA512
768c5dc72ed3700795fc985f1ebe60906d738471b35aadfc542994d960ff3f4fe7d35b3ebd7134dc3e0e35d8e10ebec4c0f7a382c3741ef87de5783766ad7c6a

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\branding.ini

Filesize
424B

MD5
c15a34733ee9fda863f29b7fecb644b5

SHA1
6bac89ceea9cbc8853acfc591c12b8f955797760

SHA256
13d219b400a096de5fc6eef8bd00be1c9c934819bee64efde4d87fa7458d7762

SHA512
e9095137c130056ac444e137ef7e3daca2097850f87e3c7a5a6103993be9658d850488ea3223a91eac8ef7e901d289c28d078dcbadbda75957366513f93a0012

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\libeay32.dll

Filesize
1.3MB

MD5
4cb2e1b9294ddae1bf7dcaaf42b365d1

SHA1
a225f53a8403d9b73d77bcbb075194520cce5a14

SHA256
a8124500cae0aba3411428c2c6df2762ea11cc11c312abed415d3f3667eb6884

SHA512
46cf4abf9121c865c725ca159df71066e0662595915d653914e4ec047f94e2ab3823f85c9e0e0c1311304c460c90224bd3141da62091c733dcaa5dccf64c04bb

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\libeay32.dll

Filesize
258KB

MD5
f2b91c51f4e73d5bb99db1e4c6db9ef7

SHA1
3b2fd02b92c1be0acb80af2f681c525d32c7981c

SHA256
405dc7669c9d23a14fbc07414cb1f044ef7449addf4ec5dd543fbe1030eacf6c

SHA512
6ae7cc90990890ff5fc49ba7f1dc221ae4063abdbafecd17995825ad557abdf509d72418f8d188d9e7477af0846be98c2f60ea8562d0ff457bbaa89b19db2e0c

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\logo.png

Filesize
19KB

MD5
03baf00347abc3f74b729f93e2058a9f

SHA1
66d44177346c2e29e0ab88a03685a460b0f8ad17

SHA256
16cd765dab99345a23b49f20014a9e722462945be6cac1066e4e4e9d4a1ebb81

SHA512
0fbde857aa34e9e2dfb0f088e18b9ef6db6edb0ffdd9f09c197c9df51aa99a1c28d5d527adcdc47bf39b9322bd03cc9ed2f24bdfd006a61b0dee13f10c1c5975

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rfusclient.exe

Filesize
413KB

MD5
90ee69c6622f11a7d46f12604f6ab30a

SHA1
816fed5cfca482661ad6c7811a0f26cd54776372

SHA256
d2c2438fbd45dd48a709a1f9c10819be2720d480629f20b6b17b0f95edee0982

SHA512
9bea925bcc7f8aff68bfe49937556920b3d4184af61ba6c1d51d9e9cd6d5d33f4aceae19c7405ecff6628dc2d1e3faadc4aeb3581048cdd2eeb0a63d1fb15cd5

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rfusclient.exe

Filesize
124KB

MD5
1defc774d0622754f626ae46a9d032f9

SHA1
1015743d5eb8eaba5c49ea35aa2c34dbfb162940

SHA256
a5447894f2a8edaecb0b5fbcdfacb582597fe121d1ad07736c6d04ba3ad6ef88

SHA512
d416e1f65d2e61b39006158444f0cadf929fd106c4176b43a5d7bf7025ecd54e916ca91f097a0f040cdab8fe280516071a46aa07cb245b9365eaac08c107ef04

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rfusclient.exe

Filesize
1.1MB

MD5
5aa36a193ff7719dea18b8589ade8a1d

SHA1
6daa43e987ea2926efb39100acdf033bf5707536

SHA256
2b0af3b40168fdd220a5ea64d3b4c1068fdebcc14b0391fac1efbc666e59fbcf

SHA512
59357eea55b0b9298b4df5a40a6e768aff0deb1638793a258fded2b8ab5adc7a6cbe0b00004a4f14cbb8a3d7273c7b4f85115943cdb664e3c5fa690b431f981a

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rfusclient.exe

Filesize
731KB

MD5
d8e421312b81c73947dd852e61c9acab

SHA1
386b872d21049ba17862b128547558c6ba15f066

SHA256
3c5a82d690acd25be7f513af5fe98c102c0e42004b06e50704cc6bae8a6ae68b

SHA512
faac9cb0cf801e994df3a0129573adc84c26682662c25b82691811257263fd927a6e85e88ff5aa85c7b8ef6c4f6cc449f3c6d13c2b776baa8f698f5d536df7a4

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rutserv.exe

Filesize
1.0MB

MD5
1114c18a5722dcf21bbe4dd8fe78ebc9

SHA1
a3d4ce3adbf31b93a3f57e681c5cc3fd0b36fee9

SHA256
7eee291a9816c2428db77d6d501bfb9e6e2d79c788fa0953ba781010212d2ed9

SHA512
d3aafdab5f27b40135ab48b3aa3aa9fa60f5b62b302c8fa96d9730e40dd6bd010560a921fe7a027d132b2eed38a3bbe46dbbcc008c987df504a459da2046c3f3

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rutserv.exe

Filesize
496KB

MD5
df75614b32426e0e19204d1a7cb5b15f

SHA1
ebf626a591e0fa98db8adf0e1bb177233102f57e

SHA256
dfcdf94b11c28314d09a9ade899225a13963afae508cdbc40eac797aeaaaeb91

SHA512
14dffc046342de21eb530b8294132bff6468ffc03473e1d24a3d8a7191d559848c7a8f6097dda8f4f9b6e6b814f191c39ab31893a0eb4689b6875d4e140c6ac8

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rutserv.exe

Filesize
465KB

MD5
018f2fe87f3f1371455e5162323c6040

SHA1
f8a91780e37459809e469ae773d63d6e40537af9

SHA256
febc21310f6a013c6f117fe1ad74a93fadb71e8a5a24bbe79d5c09e773dde75d

SHA512
e3fd6faa568879df33d40d2a1d04ecc3dac95f14df7d90382d0e9144e78b1e8304dfb8120e439e5a788ed8bab8bbf3fd522b6955c2dd0773313233a5aea12e37

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rutserv.exe

Filesize
494KB

MD5
aae7c7bbcfbc86f8bc622f30f9325269

SHA1
85bcffbb54bb61c60376c2a685502f069c85c668

SHA256
9da15a25fff67e8cbf664023077f301e0721d23428705b72de83a0ece2ef9c23

SHA512
14512a9b64d3e53350b53c541b19f2d1323b554d6428c1bf15ef2a9fadaa8b1a66d15ea6bef20df6542c9c0a052f838a64070bda4c851f71ed2fc226739d93c6

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\settings.dat

Filesize
1KB

MD5
21c00d0d153fe3926feb34a37b46cd2e

SHA1
b3e51cd8a5aa456ee92d095cec48ebd58bbd1ae9

SHA256
42b819c121cebec6160ac5b13ffb8cddd63d1d1f43a8abaa3878062fd2b130ab

SHA512
3e1732dedc97385babd1de5b950f59a8ce91f1cd83a568c6171e510dd271f6546fa7d84128c96bccbade40c9c8f0d2870a1aa0df6837a4432accff3f731ad66a

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\ssleay32.dll

Filesize
337KB

MD5
5c268ca919854fc22d85f916d102ee7f

SHA1
0957cf86e0334673eb45945985b5c033b412be0e

SHA256
1f4b3efc919af1106f348662ee9ad95ab019058ff502e3d68e1b5f7abff91b56

SHA512
76d0abad1d7d0856ec1b8e598b05a2a6eece220ea39d74e7f6278a4219e22c75b7f618160ce41810daa57d5d4d534afd78f5cc1bd6de927dbb6a551aca2f8310

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\vp8decoder.dll

Filesize
380KB

MD5
1ea62293ac757a0c2b64e632f30db636

SHA1
8c8ac6f8f28f432a514c3a43ea50c90daf66bfba

SHA256
970cb3e00fa68daec266cd0aa6149d3604cb696853772f20ad67555a2114d5df

SHA512
857872a260cd590bd533b5d72e6e830bb0e4e037cb6749bb7d6e1239297f21606cdbe4a0fb1492cdead6f46c88dd9eb6fab5c6e17029f7df5231cefc21fa35ab

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\vp8encoder.dll

Filesize
682KB

MD5
9187329ce2dc7d45c68d36aae3833560

SHA1
06f3da841a8595577405d41a9bbcefb52b4860d6

SHA256
df3bd27f858336abf4653879dc837dc8c3a4d9554154cc8d6fdbaa58e3fc2ea0

SHA512
f3c99fd43028ffa49425f96a5b3c4f921174df0e1da8ac94cd347adcefcfb6743c16df8e8c64c884b117aaeb537ddb9f5dec29c9e15ff7a29d6415446301d879

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\vp8encoder.dll

Filesize
805KB

MD5
1778701657e8017f272c315331aacc62

SHA1
5e9e04847c26f8e786ed93c7dc073a188c349107

SHA256
6034442ec9c95fa29d76e3fbeeb139e7b6122e3d1e3237d1aaec3f7b9b758f8a

SHA512
0c91d1b27a74835a9773f30208d9e10b2d9fc88f793f45ce6d0a3883511d38c0cb85e0b254114c199aa67356a11ee2af7cdf6dbe6384280949c9aa6227d5a7a2

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\webmmux.dll

Filesize
260KB

MD5
d29f7070ee379544aeb19913621c88e6

SHA1
499dcdb39862fd8ff5cbc4b13da9c465bfd5f4be

SHA256
654f43108fbd56bd2a3c5a3a74a2ff3f19ea9e670613b92a624e86747a496caf

SHA512
4ead1c8e0d33f2a6c35163c42e8f0630954de67e63bcadca003691635ccf8bfe709363ec88edb387b956535fdb476bc0b5773ede5b19cacf4858fb50072bbef5

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\webmvorbisdecoder.dll

Filesize
365KB

MD5
7a9eeac3ceaf7f95f44eb5c57b4db2e3

SHA1
be1048c254aa3114358f76d08c55667c4bf2d382

SHA256
b497d07ed995b16d1146209158d3b90d85c47a643fbf25a5158b26d75c478c88

SHA512
b68fa132c3588637d62a1c2bce8f8acc78e6e2f904a53644d732dc0f4e4fbc61a2829a1ac8f6b97fe4be4f3613ef92c43e6f2ab29c6abd968acc5acd635c990d

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\webmvorbisencoder.dll

Filesize
384KB

MD5
215d094a4e8f2155dba0dc3ca7494b36

SHA1
1c85e094127949c60a859eadb74179551506fb14

SHA256
e7f6a9bcdf0bb1273e603a8504c2fbe9820d788e2df6c6892a7d623a4e63e522

SHA512
7821457356b8402de4e9fc3d58c07112f69fb707129d6de59243c244f8c62fd4be1dec279767e2c74c7a76334cc01bf33dadd11abbbf390659e9f0d701191be4

Download Submit
C:\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\webmvorbisencoder.dll

Filesize
860KB

MD5
5308b9945e348fbe3a480be06885434c

SHA1
5c3cb39686cca3e9586e4b405fc8e1853caaf8ff

SHA256
9dc30fb2118aad48f6a5e0a82504f365fe40abb3134f6cceeb65859f61ad939a

SHA512
4d7f08dc738a944bcee9b013b13d595e9c913b248c42a6c095cbdfc6059da7f04cca935841ff8a43687b75bdc5af05e888241e52ef594aa752ba9425cf966412

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\libeay32.dll

Filesize
173KB

MD5
c5ad47b1eda2880cc89664d7e4ca86e4

SHA1
500839cb4a0a946a5a4b80484b8e56dc666cda45

SHA256
ebcdacaaf00f508a9b4c54d7b7ce210dca089567504d7229d017eb6eac753988

SHA512
5cd6fd0848c9220a1b853dd887f02a3c0b36a745bcc031863bda6d9bb2ceb24a0b6f62df6eb3d77556373cc41d5b02335ce195170146866e26b3f146bb425abb

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\libeay32.dll

Filesize
482KB

MD5
01d88b3966dc19a76b3a96f9851e4853

SHA1
86ce8f81e315866b8841e7049ad4089eb92db8de

SHA256
a5b64619cd1496a4d0022764819cd0dfab55504fea77f02a04e250fe64d64bc0

SHA512
7199124099d00d8dc20894951b3d2f9f6820623d00d306e4d43e907852d83b68d936ae04b0d58318ce579ca60499006e4cff6fb95ea070a69c43f32a23c8f7a4

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rfusclient.exe

Filesize
664KB

MD5
71192cd29d9306712a640ef76f6674bc

SHA1
e0a02581c43bc8b9203686140cae6c966c821c1d

SHA256
32540b1357baa7bdae9c757fc4d1c5bc997ac60deb0ce6c145eebdf14dd743f9

SHA512
9d26f2fca851c1bf5c81990893415c13a7e0b93c32142359dce21790f820ddccfcf9e6002dc3d0a85458e8ea3439013b85106aaf7588cc8cae7a2057f75907b3

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rutserv.exe

Filesize
485KB

MD5
2e8ad7f91f5688f02e2c2cd9c10e2859

SHA1
fdd82fdd79d077e186002aa61eae6655ed6fdc72

SHA256
669c780e69f02e8378397ae451fe5b0503ba4ced892088aacd9dccbba8df3588

SHA512
002ad4f528810b52bd7758401d9e2d0dc182a76a6bb66cc485ad6ae650939af973d27c0037b887cff6da897c41bbfd433825a91d5d654e41963ca6884c02fa7a

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rutserv.exe

Filesize
474KB

MD5
240f8d7a888df9039d5502f7cbf43a20

SHA1
573edb832b33ec41d0f79d61733b65389520c812

SHA256
6163e296e13d0a681eb72100a598e99ed30650a0c64f3cecd36551154aa39979

SHA512
aa201be749a7d236e35196eb55e56425670978cd9569fbcf8b026bb5aa823de93c41962945d3bce211b2dd8a476397fef7771f8f2953282f42d4315ab2d6b1e1

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rutserv.exe

Filesize
685KB

MD5
1886d4dced3d161081a2726061f555d1

SHA1
686936d6c28d56bd6267bb7e8a697b6f4984fe58

SHA256
538ba69e432ce2de1e30bc0e3f8e4b456415ad8b86bcb5121b41ee2eb05bf9f0

SHA512
e17c6d9f6e13be0a43f184c7ab9499e63b8466d48a3a3e628409b6d1ddccee87bbcfd2c25e17d2c838b57a9bf209e4bdd9c6612c21cfb5bd8fad85655dc616be

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\rutserv.exe

Filesize
622KB

MD5
008315873b55244cd4d9be787021a4ed

SHA1
449ae481019161e3e391b33e5d0a400132b8b40e

SHA256
2a7b7b0f46a58bd1e6795d555f19c640b0a608f2d0cb20a0f5d32e4f8a998b15

SHA512
e05b0a61fdb9781b872ef1e22bd569fe54d7f34fb05d19968d3f5c01e4df2e4d4771a06e8c7c4de4c50bf7ad22f1ed7a8f02b6514a0afad169c71a606a55aaaa

Download Submit
\Users\Admin\AppData\Roaming\RMS Agent\69105\699DE852C7\ssleay32.dll

Filesize
324KB

MD5
72eb69bc5ce55038c21dc56827535989

SHA1
2f35ee0d34f15a4e3a45c0c0402433c24e606abd

SHA256
fbb236d64143fed364b7a59d788fdf2eb7d5d69e10e6e9fa6014032325b25c4e

SHA512
9bd1a1708466c936ecc71d310d5dd1918dae9d1704f52c6d3b583d03cd1002970996ec1d1e8271e82aa2120abe4477e83ca9b5f46261e4cea1b585fbbe94a0a1

Download Submit
memory/1316-146-0x0000000000400000-0x0000000000AD6000-memory.dmp

Filesize
6.8MB

Download
memory/1316-151-0x0000000000400000-0x0000000000AD6000-memory.dmp

Filesize
6.8MB

Download
memory/1316-121-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1316-143-0x0000000000400000-0x0000000000AD6000-memory.dmp

Filesize
6.8MB

Download
memory/1316-138-0x0000000000400000-0x0000000000AD6000-memory.dmp

Filesize
6.8MB

Download
memory/1316-135-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1316-133-0x0000000000400000-0x0000000000AD6000-memory.dmp

Filesize
6.8MB

Download
memory/1632-90-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1632-99-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/1632-95-0x0000000004A20000-0x0000000004A21000-memory.dmp

Filesize
4KB

Download
memory/1632-96-0x0000000004A30000-0x0000000004A31000-memory.dmp

Filesize
4KB

Download
memory/2232-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2232-81-0x0000000000400000-0x00000000011EE000-memory.dmp

Filesize
13.9MB

Download
memory/2296-136-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2296-120-0x0000000005930000-0x0000000005931000-memory.dmp

Filesize
4KB

Download
memory/2296-139-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2296-119-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/2296-118-0x00000000058D0000-0x00000000058D1000-memory.dmp

Filesize
4KB

Download
memory/2296-117-0x00000000058C0000-0x00000000058C1000-memory.dmp

Filesize
4KB

Download
memory/2296-114-0x0000000005630000-0x0000000005631000-memory.dmp

Filesize
4KB

Download
memory/2296-115-0x00000000055E0000-0x00000000055E1000-memory.dmp

Filesize
4KB

Download
memory/2296-128-0x0000000005E50000-0x0000000005E51000-memory.dmp

Filesize
4KB

Download
memory/2296-131-0x00000000012D0000-0x00000000012D1000-memory.dmp

Filesize
4KB

Download
memory/2296-112-0x0000000005430000-0x0000000005431000-memory.dmp

Filesize
4KB

Download
memory/2296-132-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2296-111-0x0000000005410000-0x0000000005411000-memory.dmp

Filesize
4KB

Download
memory/2296-125-0x0000000005C20000-0x0000000005C21000-memory.dmp

Filesize
4KB

Download
memory/2296-174-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2296-124-0x0000000005B00000-0x0000000005B01000-memory.dmp

Filesize
4KB

Download
memory/2296-142-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2296-127-0x0000000005C30000-0x0000000005C31000-memory.dmp

Filesize
4KB

Download
memory/2296-171-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2296-145-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2296-150-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2296-98-0x00000000012D0000-0x00000000012D1000-memory.dmp

Filesize
4KB

Download
memory/2296-153-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2296-156-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2296-159-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2296-162-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2296-165-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2296-168-0x0000000000400000-0x0000000001121000-memory.dmp

Filesize
13.1MB

Download
memory/2660-89-0x0000000000400000-0x0000000000AD6000-memory.dmp

Filesize
6.8MB

Download
memory/2660-82-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download