rms | 409ae5318680c727dd3c22ccffb9be5ce959e1763360272e7357812c46c6591a

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 17:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87c178909c60f42c73b7bdf16363112b_JaffaCakes118.exe
Size

4.5MB
MD5

87c178909c60f42c73b7bdf16363112b
SHA1

d3b814dd306b5bd180a5f7c2ec529ec2310eaf7e
SHA256

409ae5318680c727dd3c22ccffb9be5ce959e1763360272e7357812c46c6591a
SHA512

809f8f9c0c4dcc5a75b00efed6f37c46f64816d72472ab8b9138ec8cc6dd2cf28569c4fdcd0dff0f35bc65adef15e728e4d5f750516ee70d9bad434a02cd8948
SSDEEP

98304:Vs2AhwkGMEOOgkOajllnEOUxjNRDBcFEyftigCgox:VVAWfOSlp9SDBWfMgCga

Score

10^/10

rms rat trojan

Malware Config

Signatures

RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
trojan rat rms

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

rfusclient.exerfusclient.exerutserv.exerfusclient.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation	rfusclient.exe
Key value queried	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation	rfusclient.exe
Key value queried	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation	rutserv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation	rfusclient.exe

Executes dropped EXE 5 IoCs

Processes:

rfusclient.exerfusclient.exerutserv.exerutserv.exerfusclient.exe

pid process

2392 rfusclient.exe
844 rfusclient.exe
2632 rutserv.exe
940 rutserv.exe
2148 rfusclient.exe
Loads dropped DLL 7 IoCs

Processes:

cmd.exerfusclient.exerfusclient.exe

pid process

2452 cmd.exe
2392 rfusclient.exe
2392 rfusclient.exe
844 rfusclient.exe
844 rfusclient.exe
844 rfusclient.exe
844 rfusclient.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

rutserv.exerutserv.exe

pid process

2632 rutserv.exe
2632 rutserv.exe
2632 rutserv.exe
2632 rutserv.exe
2632 rutserv.exe
940 rutserv.exe
940 rutserv.exe
940 rutserv.exe
940 rutserv.exe

pid	process
2392	rfusclient.exe
844	rfusclient.exe
2632	rutserv.exe
940	rutserv.exe
2148	rfusclient.exe

pid	process
2452	cmd.exe
2392	rfusclient.exe
2392	rfusclient.exe
844	rfusclient.exe
844	rfusclient.exe
844	rfusclient.exe
844	rfusclient.exe

pid	process
2632	rutserv.exe
2632	rutserv.exe
2632	rutserv.exe
2632	rutserv.exe
2632	rutserv.exe
940	rutserv.exe
940	rutserv.exe
940	rutserv.exe
940	rutserv.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

rutserv.exerutserv.exe

description	pid	process
Token: SeDebugPrivilege	2632	rutserv.exe
Token: SeTakeOwnershipPrivilege	940	rutserv.exe
Token: SeTcbPrivilege	940	rutserv.exe
Token: SeTcbPrivilege	940	rutserv.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

rfusclient.exe

pid process

2148 rfusclient.exe
2148 rfusclient.exe
2148 rfusclient.exe
2148 rfusclient.exe
Suspicious use of SendNotifyMessage 4 IoCs

Processes:

rfusclient.exe

pid process

2148 rfusclient.exe
2148 rfusclient.exe
2148 rfusclient.exe
2148 rfusclient.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

rutserv.exerutserv.exe

pid process

2632 rutserv.exe
2632 rutserv.exe
940 rutserv.exe
940 rutserv.exe

pid	process
2148	rfusclient.exe
2148	rfusclient.exe
2148	rfusclient.exe
2148	rfusclient.exe

pid	process
2148	rfusclient.exe
2148	rfusclient.exe
2148	rfusclient.exe
2148	rfusclient.exe

pid	process
2632	rutserv.exe
2632	rutserv.exe
940	rutserv.exe
940	rutserv.exe

Suspicious use of WriteProcessMemory 23 IoCs

Processes:

87c178909c60f42c73b7bdf16363112b_JaffaCakes118.execmd.exerfusclient.exerfusclient.exerutserv.exe

description	pid	process	target process
PID 2936 wrote to memory of 2452	2936	87c178909c60f42c73b7bdf16363112b_JaffaCakes118.exe	cmd.exe
PID 2936 wrote to memory of 2452	2936	87c178909c60f42c73b7bdf16363112b_JaffaCakes118.exe	cmd.exe
PID 2936 wrote to memory of 2452	2936	87c178909c60f42c73b7bdf16363112b_JaffaCakes118.exe	cmd.exe
PID 2936 wrote to memory of 2452	2936	87c178909c60f42c73b7bdf16363112b_JaffaCakes118.exe	cmd.exe
PID 2936 wrote to memory of 2452	2936	87c178909c60f42c73b7bdf16363112b_JaffaCakes118.exe	cmd.exe
PID 2936 wrote to memory of 2452	2936	87c178909c60f42c73b7bdf16363112b_JaffaCakes118.exe	cmd.exe
PID 2936 wrote to memory of 2452	2936	87c178909c60f42c73b7bdf16363112b_JaffaCakes118.exe	cmd.exe
PID 2452 wrote to memory of 2392	2452	cmd.exe	rfusclient.exe
PID 2452 wrote to memory of 2392	2452	cmd.exe	rfusclient.exe
PID 2452 wrote to memory of 2392	2452	cmd.exe	rfusclient.exe
PID 2452 wrote to memory of 2392	2452	cmd.exe	rfusclient.exe
PID 2392 wrote to memory of 844	2392	rfusclient.exe	rfusclient.exe
PID 2392 wrote to memory of 844	2392	rfusclient.exe	rfusclient.exe
PID 2392 wrote to memory of 844	2392	rfusclient.exe	rfusclient.exe
PID 2392 wrote to memory of 844	2392	rfusclient.exe	rfusclient.exe
PID 844 wrote to memory of 2632	844	rfusclient.exe	rutserv.exe
PID 844 wrote to memory of 2632	844	rfusclient.exe	rutserv.exe
PID 844 wrote to memory of 2632	844	rfusclient.exe	rutserv.exe
PID 844 wrote to memory of 2632	844	rfusclient.exe	rutserv.exe
PID 940 wrote to memory of 2148	940	rutserv.exe	rfusclient.exe
PID 940 wrote to memory of 2148	940	rutserv.exe	rfusclient.exe
PID 940 wrote to memory of 2148	940	rutserv.exe	rfusclient.exe
PID 940 wrote to memory of 2148	940	rutserv.exe	rfusclient.exe

C:\Users\Admin\AppData\Local\Temp\87c178909c60f42c73b7bdf16363112b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\87c178909c60f42c73b7bdf16363112b_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\install.cmd" "
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2452
- - C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\rfusclient.exe
    rfusclient.exe -deploy
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Users\Admin\AppData\Roaming\RUT-Agent\65005\A01A642690\rfusclient.exe
      "C:\Users\Admin\AppData\Roaming\RUT-Agent\65005\A01A642690\rfusclient.exe" -run_agent
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:844
    - - C:\Users\Admin\AppData\Roaming\RUT-Agent\65005\A01A642690\rutserv.exe
        
        "C:\Users\Admin\AppData\Roaming\RUT-Agent\65005\A01A642690\rutserv.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Roaming\RUT-Agent\65005\A01A642690\rutserv.exe
        
        C:\Users\Admin\AppData\Roaming\RUT-Agent\65005\A01A642690\rutserv.exe -second
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:940
        
        C:\Users\Admin\AppData\Roaming\RUT-Agent\65005\A01A642690\rfusclient.exe
        
        C:\Users\Admin\AppData\Roaming\RUT-Agent\65005\A01A642690\rfusclient.exe /tray /user
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Arabic.lg

Filesize
43KB

MD5
8e66ace6092bd48466784fec9bc3648b

SHA1
98ae43d49ebcc409d704b4bd6a3a3b2c508046ec

SHA256
4dc45baa86597a4c3d08b8297a7cd621e57089390837c3b1ef875393b34d2bf6

SHA512
cccf9e14ff4d35b0f08b80a5ca8684b5feaf2677769154ff5e9a9122683787984750913768605375c1bbe23c20ff88e0193aa62dbd5bf1a738b759f44438ca48

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ChineseS.lg

Filesize
33KB

MD5
1b1fb5d5b3a34199682b381826128d10

SHA1
49862566b76aab47e365bcdf1993b3c542fd0a2d

SHA256
0137cc6245a8dcf82c1b8100fe2c90ecb19ec263f01009082885b07f125540ea

SHA512
d8e207e5a912e4e4f4b874abbd14362d6806941066f5a78283fa47543a73947bf786e4b119c8557c9b2093a32cb465a6db314fdb0aaa1e412c1ddfd0fb850dce

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ChineseT.lg

Filesize
33KB

MD5
a5de798ae043119dcd1f469ccaa93d83

SHA1
8cbf1b02f0c22eef305b1a00f2cf06fcc2d1e107

SHA256
d47fe430e4414f1285f67d93ee5ec1b6cb5f8c89b126b5558f97165579018f45

SHA512
87816f770a0d8568dc68d939e1504ba6156e643e560c4b8f610e143b7bbe7d729c4b0f6595cdc2f6e3fa1aa8fc4334aa6192a2d78a6e467b429c12025a63f7e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Czech.lg

Filesize
47KB

MD5
9f2fc2133731272cbf022300b3cb32f6

SHA1
7632ee3a7b329d7c509298c298a61c2532701ed0

SHA256
debf4286d7548ec59eccae0d86d3e735b14a895d85e3efacfe3b37e94ebb4316

SHA512
58577a50e405b556e42351e35a02d3fe536f032c52fe4682d5e4fa7d4fe0abd60d02ca513672fd9bd54046e840c2d7e964b90ee322f9a59906b29e1fdfbc7075

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Danish.lg

Filesize
46KB

MD5
1760c67e9e696c2a21efc2e6af49fd87

SHA1
f0d9317093b5d90a9721bf08689c427e79081f05

SHA256
1dd3dbe1bc8a0fe7bf63abbdeb78f5e8fd86b3e03f23495cb4ccea79308e7cae

SHA512
cf2595532a285c617dc5333928d9217ebc0e4c06c1f28f742b29ec3ee9cb3d55fd86d612e99540dc4c59e2c6d094027efa3879333d846647d8445f76fcb0bf81

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Dutch.lg

Filesize
47KB

MD5
c5b854838dba2e259b0216a89ce8d50f

SHA1
863442944210d40654b336685a51e8542b95c56d

SHA256
8a9475ac44cda25fa749b814cbe5c2837326b8f1565e0dfbdbf79cd6bfdb99be

SHA512
cf6b92e67299b329d2f15525178e8c13f088570d75c484b4986834d5078d962c49f5387554ee7cfc3484cc25921f32282a230fdddf40d2e857d8fd9865205789

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\EULA.rtf

Filesize
46KB

MD5
bc60f3fd1fa28d15ebafcb8d7808abb4

SHA1
8f4ca7015162d72e689971ce3306ba38c433b357

SHA256
cd29ae2ac8e6d19e23ba9f4578e2b8085ff53baf2e5085cd58e83b100c236df5

SHA512
0deb259f5d8d339b4c6bbc5e5a8adca84130b2851ac781ccc5f1d7f391028f1bfaa5fa1c35b09a32137c84c355a6cb8045b3c4371b9085e1d8861ed2eb7d89da

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\English.lg

Filesize
51KB

MD5
b9cbc2c695c98c1db36fb0a70d7659fa

SHA1
720d03fdc3661bbbff1aae04ff45fe183ce8f0c0

SHA256
9c33c7021de668c3752a12097af14869ab9ac18c75802562ab29b001a3d1037a

SHA512
95de152b9040265232a26c316009e53ab1664584cf711c9ae0fe34f79986842ed00b68a0f5f87272c67a7dde68ae2aa9e6f45aecd69d2f33fb5d67a934aa7c87

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\French.lg

Filesize
49KB

MD5
84d6b9987b7e52e32cb230856df57487

SHA1
0f544792675ef0993022768594f2c8b051dfd83e

SHA256
c771abe02aa0a0d6cbe37ba09b62ba4ec17195c85c2f11af13555c48afa5fcd2

SHA512
9273923c2e4545a2f48f2b00c3f22f7426a523a6347f63ae066b828b6d853de4791a143043714e388ca1b7fa40ad2c0809dd3041dcb5e36c007db90d7b9bf6e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\German.lg

Filesize
48KB

MD5
14d228712681b346e3910d72ad337d0c

SHA1
e13b71686e0887d3cfd6a6bacbe0e8c345f2602d

SHA256
e5358640906c61b3474a6cf803dd967d0e3c576dfd6368646f6e09a5acb4a431

SHA512
3b3c9a1760a1042295f529344d0904f08edee43d1ac946e04eb55e49c767b1bb90da7edad5d51868842c6624efd5c741227b7a3794bcdf3769870c075242fea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Hebrew.lg

Filesize
40KB

MD5
f1c253bcdb334df95b4016f0994fc172

SHA1
c4185b62278dcba8fed32f4c9ffebb1b0b91daac

SHA256
a6623f691d947be4327b53662af986827aeeba497a07cdba5224402ae55b5fd9

SHA512
3868ca19f158dc4c4feeca67940b9b82db042d9f80bb3336f4ef027f5588dcd598eb7d007dba63020266a347b438694f2467502f60fe776a84857ca5b939d05e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Italian.lg

Filesize
48KB

MD5
62bae9a3b61257771bc4487774d03392

SHA1
cf64d7012fdbb662257508a9cab7b77808c78716

SHA256
01ba730325b4807b877ca64db8aec1fc261cfd24b6cee0b55519194d29f2da98

SHA512
2b29df2eb014d26644c5c4d60dc3c11a122caaa0119a266b560b111987695e2fedcd1e19e9aa2eec30eb303688d0ab9e2602536845cabbeda652691866ed77f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Japanese.lg

Filesize
37KB

MD5
219c07808c3707ea123d018f48b1046d

SHA1
c82cc84ae347640d1ae16cf774c2ce04f7bee8aa

SHA256
ba275f68ccf0634cf5038ff17cc90748fe3a336c82cc5bde856a10efe4632e9b

SHA512
bd4fb22e4acf8223ae3f3ff1a7498310f3494efac2236ce88595288727b20cc6e174681926b11cf70353d1ac4ce7210fff1ebfc8c36f2e89fe56946d0a1c7b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Korean.lg

Filesize
36KB

MD5
6a02429f647df9b53fb7fa02e289da75

SHA1
2ad17e95a4b91f36a9eb22a98a9fdbac96d602a3

SHA256
84f90a4dde8abfb48f1b6a2601952861a85df0cfb2ae1f2e27435b47534a8f06

SHA512
8cddaf8fc1782769875fe21e1070085c85773ff84ce2fe51bbdc1f8f8577f4ecdcc1d92c93f5cb4c2bd3478a8d1aaf28b5e2e120ecbbd111f91348e66d5c01eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Norwegian.lg

Filesize
45KB

MD5
b0b9aac2125db5ea4b06623900e2e8d6

SHA1
095b8f9326d53ee7d14758c1c0810fcd6993cab3

SHA256
6e3cc5e24337846c660cfc1e5e2e7ec18a5ec94702dbf1f8ae253fd00a1b07d9

SHA512
feccad04b242f33a91d1fc311d495c41cf922f7ed91b922e8d5dc0c28ba77c29e2e81a0ebf8c6d0b4e3e91fc397f01bec8eaf277ad6a8cfda064fc9cb520aabf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Polish.lg

Filesize
47KB

MD5
1c11ddfdccb34efe5fd3201a90b09ffc

SHA1
28421bc35d3d3eaaf10000da6c06e4982ec1acc2

SHA256
c0aa8df31b4f8e796a140159201b6809de077d58bafc6515c368f03cbacc5954

SHA512
b4b1da92e9ae5a0d560887b2cf9bfd1373ad5fdc94e173c1002de7c6dd57995c408d4f658b6c22aa9060b582812531901fcb0c7b212ac49aadcd91b1ae5f02db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Portuguese-Brazilian.lg

Filesize
48KB

MD5
f768f95e49c7092e16b0f19b328fe57b

SHA1
8b70ce67074862c79e61cba15f7bffea53d8632c

SHA256
d6c19126bfcea74dd5525ec13cfee394f8124cf3a1af34a84d443d6ea824d419

SHA512
0388775b4ff9cd7c1016d92b938a58e94073ccdb3dbc91d1fb0c1bb38ba74e8e367140090adf510a2bd423924f65c3ab94d497d66f5972d9aecfb1c50b47a6db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\RIPCServer.dll

Filesize
147KB

MD5
5236fc713d1fd42567d5331ff83ff5e6

SHA1
e58c652a57833cdb04c548149a146a82669edad7

SHA256
c1a4af23df4b4630014e7e01704e61b9031fd78eda9352805a56d3e729b42929

SHA512
45dbe59693e12a20a8b96c43c6b23e08077dabba332512678d555da8b3e6524a31e0a1a11fa237992a1576b16f7ac3e4c8ce059cf8620143276a367a2cc7e877

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\RWLN.dll

Filesize
979KB

MD5
999b47021c31f1b2a7220c04192404aa

SHA1
79801d2556cd3efc4fee562dae1a17768d04ecd2

SHA256
36dde9f3025b18313008b95afbe4dfa5359eccef81b5692b69b14a135e844a2a

SHA512
18a325af8d293c8e607757d4aa33f5d1b8709372821bfeb322d9e85a5493fd7446988837d89b1311fd86b58f7b6992b8fe9e7954d0e961545fb0cd9cfa0b58b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Spanish.lg

Filesize
47KB

MD5
72dbf6cda53dd026be0ca832806643cd

SHA1
7a884b324ef4b48d9429f7c3f255f0e27d998028

SHA256
bf08cecf114a34535c1b06df9675eb8d6b8ce56d925d1d536cb2c3edaa07dcd0

SHA512
a6c2bdc00d6447aa234bc6c8b65dc3d2214e26d2fd5f6f07cb5db63ce1c4d4a06824743c3239eb60555a488c10735239892ec6658a358881326ff5e57f42603f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Swedish.lg

Filesize
46KB

MD5
7f79e44686ec67fa03f5eb2157be0e95

SHA1
b0788205f8e134d4d8bf8b9510da4fdf71f203ed

SHA256
d080ad158a8b083ddccb18f9ea5177bc5da11ab01112b04b14ef3917f8f53d9f

SHA512
f6528df47bfce981ab8a54e617111667cf10fb39022e05c2718fa767503316b89379319c8a535d7342f47342b470dd739c5f4bd2da936d2e59b63ff7a2c6742a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Turkish.lg

Filesize
46KB

MD5
2099795cc874ddb6bc22f34f1f6ff8f0

SHA1
fa423d8db42d6dabe58efacc6bd38bf6b9a25800

SHA256
beeb4409dbb580bf5246b2a5739b253513239dca62621a1c9e92041cd223bca0

SHA512
363a7ff773de9ce898b98d8c666e5b66f4c59acccbcfeed5ab313b7506f59c1d554345cb492fbe720e187ee8a6f8205ce6e34808663a0cd1383f3a88c9e9ba73

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\install.cmd

Filesize
25B

MD5
9b7ac054975f8f7b6fe9a41a18e2d6e7

SHA1
d820008d3732f37a7e4030c4bd414e3764de1af7

SHA256
815255a94853b2677f84ad15ff188f66a7e1ccd700bc7bf94afa05e2f4992255

SHA512
806d3161399eef58c87e7a14b850641c025bd0bfd98b827a16c2323402fc67a11db0b6714887d4a3be029f383ba9bdb75993b86d406208bc295b63f15f969cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\rutserv.exe

Filesize
8.2MB

MD5
5eb2db34d31b29db33049a3e481691c4

SHA1
05cd05495614f34463d40bfe72341e7141fed12b

SHA256
7f499c0a9d6dda63c4e8e0d37f8e8ad996e6042b6d3d09a13f9e3e66373793e8

SHA512
55e6ba66811761c5f246a657b008f0c1b38320b7f883411c323829df197ea8c64b7495301b995a6eb67a7132faff36f9dbacfe206314ec4d2670cc2cd89ea538

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vp8decoder.dll

Filesize
381KB

MD5
db341183e1224abf99eac3094adfb456

SHA1
a899f5156692ae2389d034d27527d790f093843e

SHA256
12d3367d85227176305661fb218c2e16d1d9eb44f5cae0d3278852671feab9a8

SHA512
7bdd3ffab318ca44949299a384dadf3b3edcaf0950a2f1f60a001a7be5509e9bd43d5f7ac539c6d802ad50e76b9c1a61d007b089ad43e51940b2b650b899fee7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vp8encoder.dll

Filesize
1.6MB

MD5
2f0ee2662d890f999afd2d642dabbf03

SHA1
0919e17a73b6d4a065406057e2a5f90b6a33c78b

SHA256
d73256de77b9175e61a879d427821575925b4c906becc0951cc4b4ce8080dfb1

SHA512
12aa9018797237b02bdda8b70e873d93a96756a15ebb0b55532b168bf08e52d2047a07df50baf4eebe3854d7a347af723064d1c58e2fc93ea011863d8c0e8859

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\webmmux.dll

Filesize
261KB

MD5
603e7f3aa5cb17e60b243514ad2d88e5

SHA1
3a9edb2075eede21125a4e5f6550c1d99476f57e

SHA256
76617176e21d3d97b0141f06240600d3ba7388453103e52e2255b151283c3d26

SHA512
00d667e59e14da5a05155239fdc6587960c40cca871a8642195e5363938c1167b04c0c9b1a11858dea97d9844e94c5530380a3cbf44faa92f5c64da1a25159b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\webmvorbisdecoder.dll

Filesize
366KB

MD5
723fba3735a3aa043af97f23146e2c30

SHA1
bd9ed3fc278f1cfa6e11fb06db5543f7ccf31978

SHA256
713e711686a687468a8ebae60bf7c2c42390afae806e608479086b128dd7c195

SHA512
28fd8327d70926bc9a9c6c9f18c82f53a477745e2cd3ca1749cdec71058d6ff8a9592062d4f115559b4eb64e07027339bd51cf4d599cde57c009909b46d12161

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\webmvorbisencoder.dll

Filesize
861KB

MD5
81a002118267fcc903e3cb6c1f65a614

SHA1
1e19def262a902c79eb6188aa255d355039c9d20

SHA256
34be39343d13792e68531b393ce368ceef3d911413eb74db6c3f20ac321aa869

SHA512
5b642cc602181a704166bd4d79f3e53a68ac7775bed1a42164d7b72d113ee04ac1fb9fe2aa7dedc02649b252f81c829ea225909989812aaa373c5cd992df7bba

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\rfusclient.exe

Filesize
5.1MB

MD5
03aa072ef43afdedeaae999cf0eac032

SHA1
14c94a9f00d85e25501518ee3e9856c620a83baa

SHA256
ac1098188890de95d8a2bce1dd48de5e69f7ee4d12fe48d1ed2b631a2cc2334a

SHA512
13308d7d56993b45dc9b410ec8a4447afc0f22ba6ee54574e5347624ad29466bd203eba974381628a69643c79c2856ea1b02350a8b0270524dbdd1c2a3f58a8a

Download Submit
memory/844-113-0x0000000000400000-0x000000000099E000-memory.dmp

Filesize
5.6MB

Download
memory/940-130-0x0000000000400000-0x0000000000CCD000-memory.dmp

Filesize
8.8MB

Download
memory/940-124-0x0000000000400000-0x0000000000CCD000-memory.dmp

Filesize
8.8MB

Download
memory/940-132-0x0000000000400000-0x0000000000CCD000-memory.dmp

Filesize
8.8MB

Download
memory/940-136-0x0000000000400000-0x0000000000CCD000-memory.dmp

Filesize
8.8MB

Download
memory/940-142-0x0000000000400000-0x0000000000CCD000-memory.dmp

Filesize
8.8MB

Download
memory/940-147-0x0000000000400000-0x0000000000CCD000-memory.dmp

Filesize
8.8MB

Download
memory/940-153-0x0000000000400000-0x0000000000CCD000-memory.dmp

Filesize
8.8MB

Download
memory/2148-125-0x0000000000400000-0x000000000099E000-memory.dmp

Filesize
5.6MB

Download
memory/2148-128-0x0000000000400000-0x000000000099E000-memory.dmp

Filesize
5.6MB

Download
memory/2148-131-0x0000000000400000-0x000000000099E000-memory.dmp

Filesize
5.6MB

Download
memory/2392-106-0x0000000000400000-0x000000000099E000-memory.dmp

Filesize
5.6MB

Download
memory/2632-115-0x0000000000400000-0x0000000000CCD000-memory.dmp

Filesize
8.8MB

Download