- Jul 27, 2015
- 5,458
" Execution Parents " if not digital signed etc normally tells the story of malicious altered/created. Pretty sure non of those was accessible/downloaded from the main site.
Rufus 3.8 | Infected with malware?
- Thread starter RoboMan
- Start date
- Status
Wow! I just used this myself but it was clean. Would you consider to submit a query to the developer if the mystery remains unsolved? An email link is located under the FAQ box.
I'm VERY interested in the outcome.
Rufus - The Official Website (Download, New Releases)
Rufus is a small application that creates bootable USB drives, which can then be used to install or run Microsoft Windows, Linux or DOS. In just a few minutes, and with very few clicks, Rufus can help you run a new Operating System on your computer...
rufus.ie
I'm VERY interested in the outcome.
- Jul 27, 2015
- 5,458
Considering the extrem low detection on VT, personal if curious enough I would simply submit the file direct to a few major AV vendors.
I could be wrong but, I doubt they would report back anything else then a FP ( false positive ).
I could be wrong but, I doubt they would report back anything else then a FP ( false positive ).
- Oct 1, 2019
- 1,120
Because it is packed or stripped in a way 99% of malware does?
- Aug 17, 2014
- 11,256
AnyRun isn't always right about "really" malicious activity/behavior of files, for example below:
app.any.run
Analysis Windscribe.exe (MD5: 1F63FAD0B2077B4807CD29D08F0D7317) Malicious activity - Interactive analysis ANY.RUN
Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
app.any.run
What does “execution parents” actually indicate on VT?
I downloaded the same Rufus binary and saw no evidence of it containing or executing any of the other referenced executables. I do agree the parents all seem actually malicious but this almost sounds like the parents are other binaries that VT have analyzed that happen to be malicious, and they happen to launch Rufus as part of the evil work they do.
All the other analysis looks like FP’s.... Rufus’s code for formatting external USBs makes it look inherently suspicious since it’s a double whammy of manipulating external drives and being able to make bootable things like root kits. They are hosted on CDNs that also are used by malware.
I downloaded the same Rufus binary and saw no evidence of it containing or executing any of the other referenced executables. I do agree the parents all seem actually malicious but this almost sounds like the parents are other binaries that VT have analyzed that happen to be malicious, and they happen to launch Rufus as part of the evil work they do.
All the other analysis looks like FP’s.... Rufus’s code for formatting external USBs makes it look inherently suspicious since it’s a double whammy of manipulating external drives and being able to make bootable things like root kits. They are hosted on CDNs that also are used by malware.
- Jun 24, 2016
- 2,487
Yes, you may be right. Still, the mystery remains: why on earth modify this key?AnyRun isn't always right about "really" malicious activity/behavior of files, for example below:
Analysis Windscribe.exe (MD5: 1F63FAD0B2077B4807CD29D08F0D7317) Malicious activity - Interactive analysis ANY.RUN
Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
View attachment 228057
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{1FF61BDF-5074-4284-B85A-81C9C5A68D21}Machine\Software\Policies\Microsoft\Windows Defender
And change AntiSpyware to disabled?
I agree this was the very first thing I thought and asked everybody here in this forum.
I wanna clarify I do not intend to be right about anything said here, I just dropped what seemed to be suspicious hoping we can all come to a conclusion.
EDIT: Is anyone able to test the file in a VM with Windows Defender and check via gpedit if the antispyware key was set to disabled?
Tried this in a Windows VM then on a bare metal test machine. Rufus tries to disable autorun using group policies (NoDriveTypeAutorun). It tries to disable this at the beginning of time and restores it to its previous setting on the exit path.
It also performs a bit of testing to see if Controlled Folder Access (Windows Defender antiransomware) is enabled by default (this is via PowerShell). I don't see any references to it trying to change the antispyware key, and the binary itself is not particularly obfuscated.... Note that all the source code is also available at pbatard/rufus and you can inspect the SetLGP() function's source code.
So yeah it seems like it does some stuff that an analysis tool might find suspicious but it seems to do so with decent intentions. As far as the sandbox analysis, my best guess would be that the sandbox environment disables Windows Defender in order to not have it interfere with malware analysis. And the Rufus code to disable autorun via Group Policy interacts badly with that, and causes them to flag it as Rufus turning off Windows Defender.
EDIT: I should mention, the binary downloaded from their website is UPX-packed. Not evil by nature but that usually does cause malware analysis tools to be suspicious.
Last edited:
Exciting/interesting development:
I unpacked Rufus 3.8 (using upx -d) and repacked it at a different compression level. That alone triggered a few behavior blockers:
F-Secure: "W32/Malware!DeepGuard!pg" : Blocked before Rufus even has a chance to request elevated privileges
Emsisoft: "Suspicious behavior SystemPolicies": Blocked after Rufus already asked for elevated privileges and I approved
Norton Internet Security on aggressive heuristics: Nothing
Not surprisingly, the act of poking around group policies is suspicious. I suspect most AV programs explicitly whitelist Rufus as good.
It is very interesting though that F-Secure flagged this binary on execution before it even started doing anything. F-Secure doesn't flag it on static scan though. Note their documentation for DeepGuard says:
Repacked Rufus on VT: VirusTotal
I unpacked Rufus 3.8 (using upx -d) and repacked it at a different compression level. That alone triggered a few behavior blockers:
F-Secure: "W32/Malware!DeepGuard!pg" : Blocked before Rufus even has a chance to request elevated privileges
Emsisoft: "Suspicious behavior SystemPolicies": Blocked after Rufus already asked for elevated privileges and I approved
Norton Internet Security on aggressive heuristics: Nothing
Not surprisingly, the act of poking around group policies is suspicious. I suspect most AV programs explicitly whitelist Rufus as good.
It is very interesting though that F-Secure flagged this binary on execution before it even started doing anything. F-Secure doesn't flag it on static scan though. Note their documentation for DeepGuard says:
Repacked Rufus on VT: VirusTotal
Last edited:
- May 27, 2013
- 340
4:19:58 Starting Install Tracker service...
14:19:58 Service version: 0x105
14:19:58 Starting 'rufus-3.8.exe'...
14:19:58 Installation monitor started
14:19:58 Create File C:\Users\a\AppData\Local\Temp\Ruf7BED.tmp
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}User
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows\CurrentVersion
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows\CurrentVersion\Policies
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\TextInput
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\TextInput\[@]AllowLinguisticDataCollection
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\InputPersonalization
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\InputPersonalization\[@]AllowInputPersonalization
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\InputPersonalization\[@]RestrictImplicitTextCollection
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\InputPersonalization\[@]RestrictImplicitInkCollection
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Internet Explorer
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Internet Explorer\SQM
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Internet Explorer\SQM\[@]DisableCustomerImprovementProgram
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Messenger
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Messenger\Client
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Messenger\Client\[@]CEIP
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\SearchCompanion
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\SearchCompanion\[@]DisableContentFileUpdates
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\SQMClient
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\SQMClient\Windows
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\SQMClient\Windows\[@]CEIPEnable
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AdvertisingInfo
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AdvertisingInfo\[@]DisabledByGroupPolicy
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppCompat
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppCompat\[@]DisableUAR
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppCompat\[@]DisableInventory
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessAccountInfo
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessCalendar
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessCallHistory
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessContacts
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessEmail
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessGazeInput
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessLocation
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessMessaging
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessNotifications
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessPhone
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessRadios
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessTasks
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessTrustedDevices
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsGetDiagnosticInfo
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsRunInBackground
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsSyncWithDevices
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsActivateWithVoice
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsActivateWithVoiceAboveLock
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\CloudContent
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\CloudContent\[@]DisableWindowsConsumerFeatures
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\DataCollection
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\DataCollection\[@]AllowTelemetry
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\DataCollection\[@]AllowDeviceNameInTelemetry
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\OneDrive
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\OneDrive\[@]DisableFileSyncNGSC
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\[@]DisableQueryRemoteServer
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\SettingSync
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\SettingSync\[@]DisableSettingSync
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\System
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\System\[@]PublishUserActivities
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\System\[@]UploadUserActivities
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\System\[@]EnableActivityFeed
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\System\[@]AllowCrossDeviceClipboard
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\WDI
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\[@]ScenarioExecutionEnabled
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\Windows Error Reporting
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\Windows Error Reporting\[@]Disabled
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\Windows Search
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\Windows Search\[@]AllowCortana
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\Windows Search\[@]AllowSearchToUseLocation
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\[@]NoDriveTypeAutorun
14:19:58 Create File C:\Windows\SysWOW64\rufus.ini~
14:19:58 Create File C:\Windows\SysWOW64\rufus.ini~
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}User
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows\CurrentVersion
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows\CurrentVersion\Policies
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\[@]NoDriveTypeAutorun
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\TextInput
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\TextInput\[@]AllowLinguisticDataCollection
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\InputPersonalization
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\InputPersonalization\[@]AllowInputPersonalization
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\InputPersonalization\[@]RestrictImplicitTextCollection
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\InputPersonalization\[@]RestrictImplicitInkCollection
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Internet Explorer
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Internet Explorer\SQM
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Internet Explorer\SQM\[@]DisableCustomerImprovementProgram
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Messenger
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Messenger\Client
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Messenger\Client\[@]CEIP
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\SearchCompanion
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\SearchCompanion\[@]DisableContentFileUpdates
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\SQMClient
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\SQMClient\Windows
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\SQMClient\Windows\[@]CEIPEnable
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AdvertisingInfo
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AdvertisingInfo\[@]DisabledByGroupPolicy
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppCompat
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppCompat\[@]DisableUAR
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppCompat\[@]DisableInventory
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessAccountInfo
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessCalendar
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessCallHistory
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessContacts
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessEmail
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessGazeInput
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessLocation
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessMessaging
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessNotifications
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessPhone
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessRadios
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessTasks
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessTrustedDevices
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsGetDiagnosticInfo
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsRunInBackground
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsSyncWithDevices
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsActivateWithVoice
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsActivateWithVoiceAboveLock
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\CloudContent
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\CloudContent\[@]DisableWindowsConsumerFeatures
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\DataCollection
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\DataCollection\[@]AllowTelemetry
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\DataCollection\[@]AllowDeviceNameInTelemetry
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\OneDrive
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\OneDrive\[@]DisableFileSyncNGSC
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\[@]DisableQueryRemoteServer
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\SettingSync
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\SettingSync\[@]DisableSettingSync
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\System
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\System\[@]PublishUserActivities
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\System\[@]UploadUserActivities
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\System\[@]EnableActivityFeed
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\System\[@]AllowCrossDeviceClipboard
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\WDI
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\[@]ScenarioExecutionEnabled
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\Windows Error Reporting
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\Windows Error Reporting\[@]Disabled
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\Windows Search
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\Windows Search\[@]AllowCortana
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\Windows Search\[@]AllowSearchToUseLocation
14:20:12 Process Killed C:\Users\a\Downloads\rufus-3.8.exe
14:20:12 All installation processes are finished
14:20:12 Setup is completed
14:20:12 Tracking service is stopped
14:20:12 Analyzing installation, please wait...
14:20:13 0 installation entries detected
14:19:58 Service version: 0x105
14:19:58 Starting 'rufus-3.8.exe'...
14:19:58 Installation monitor started
14:19:58 Create File C:\Users\a\AppData\Local\Temp\Ruf7BED.tmp
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}User
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows\CurrentVersion
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows\CurrentVersion\Policies
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\TextInput
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\TextInput\[@]AllowLinguisticDataCollection
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\InputPersonalization
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\InputPersonalization\[@]AllowInputPersonalization
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\InputPersonalization\[@]RestrictImplicitTextCollection
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\InputPersonalization\[@]RestrictImplicitInkCollection
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Internet Explorer
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Internet Explorer\SQM
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Internet Explorer\SQM\[@]DisableCustomerImprovementProgram
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Messenger
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Messenger\Client
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Messenger\Client\[@]CEIP
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\SearchCompanion
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\SearchCompanion\[@]DisableContentFileUpdates
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\SQMClient
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\SQMClient\Windows
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\SQMClient\Windows\[@]CEIPEnable
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AdvertisingInfo
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AdvertisingInfo\[@]DisabledByGroupPolicy
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppCompat
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppCompat\[@]DisableUAR
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppCompat\[@]DisableInventory
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessAccountInfo
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessCalendar
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessCallHistory
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessContacts
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessEmail
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessGazeInput
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessLocation
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessMessaging
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessNotifications
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessPhone
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessRadios
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessTasks
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessTrustedDevices
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsGetDiagnosticInfo
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsRunInBackground
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsSyncWithDevices
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsActivateWithVoice
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsActivateWithVoiceAboveLock
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\CloudContent
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\CloudContent\[@]DisableWindowsConsumerFeatures
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\DataCollection
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\DataCollection\[@]AllowTelemetry
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\DataCollection\[@]AllowDeviceNameInTelemetry
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\OneDrive
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\OneDrive\[@]DisableFileSyncNGSC
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\[@]DisableQueryRemoteServer
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\SettingSync
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\SettingSync\[@]DisableSettingSync
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\System
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\System\[@]PublishUserActivities
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\System\[@]UploadUserActivities
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\System\[@]EnableActivityFeed
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\System\[@]AllowCrossDeviceClipboard
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\WDI
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\[@]ScenarioExecutionEnabled
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\Windows Error Reporting
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\Windows Error Reporting\[@]Disabled
14:19:58 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\Windows Search
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\Windows Search\[@]AllowCortana
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Policies\Microsoft\Windows\Windows Search\[@]AllowSearchToUseLocation
14:19:58 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{806750EC-501E-4A31-8325-39A7D4B95562}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\[@]NoDriveTypeAutorun
14:19:58 Create File C:\Windows\SysWOW64\rufus.ini~
14:19:58 Create File C:\Windows\SysWOW64\rufus.ini~
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}User
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows\CurrentVersion
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows\CurrentVersion\Policies
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\[@]NoDriveTypeAutorun
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\TextInput
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\TextInput\[@]AllowLinguisticDataCollection
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\InputPersonalization
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\InputPersonalization\[@]AllowInputPersonalization
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\InputPersonalization\[@]RestrictImplicitTextCollection
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\InputPersonalization\[@]RestrictImplicitInkCollection
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Internet Explorer
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Internet Explorer\SQM
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Internet Explorer\SQM\[@]DisableCustomerImprovementProgram
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Messenger
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Messenger\Client
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Messenger\Client\[@]CEIP
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\SearchCompanion
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\SearchCompanion\[@]DisableContentFileUpdates
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\SQMClient
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\SQMClient\Windows
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\SQMClient\Windows\[@]CEIPEnable
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AdvertisingInfo
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AdvertisingInfo\[@]DisabledByGroupPolicy
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppCompat
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppCompat\[@]DisableUAR
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppCompat\[@]DisableInventory
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessAccountInfo
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessCalendar
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessCallHistory
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessContacts
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessEmail
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessGazeInput
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessLocation
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessMessaging
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessNotifications
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessPhone
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessRadios
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessTasks
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsAccessTrustedDevices
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsGetDiagnosticInfo
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsRunInBackground
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsSyncWithDevices
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsActivateWithVoice
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\AppPrivacy\[@]LetAppsActivateWithVoiceAboveLock
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\CloudContent
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\CloudContent\[@]DisableWindowsConsumerFeatures
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\DataCollection
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\DataCollection\[@]AllowTelemetry
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\DataCollection\[@]AllowDeviceNameInTelemetry
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\OneDrive
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\OneDrive\[@]DisableFileSyncNGSC
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\[@]DisableQueryRemoteServer
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\SettingSync
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\SettingSync\[@]DisableSettingSync
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\System
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\System\[@]PublishUserActivities
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\System\[@]UploadUserActivities
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\System\[@]EnableActivityFeed
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\System\[@]AllowCrossDeviceClipboard
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\WDI
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\[@]ScenarioExecutionEnabled
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\Windows Error Reporting
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\Windows Error Reporting\[@]Disabled
14:20:10 Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\Windows Search
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\Windows Search\[@]AllowCortana
14:20:10 Set Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{3A3FF7BE-32C4-4C8E-A589-09B461E68107}Machine\Software\Policies\Microsoft\Windows\Windows Search\[@]AllowSearchToUseLocation
14:20:12 Process Killed C:\Users\a\Downloads\rufus-3.8.exe
14:20:12 All installation processes are finished
14:20:12 Setup is completed
14:20:12 Tracking service is stopped
14:20:12 Analyzing installation, please wait...
14:20:13 0 installation entries detected
Last edited by a moderator:
Interesting! Looks like attempting to set one key via that API also results in all of the default values being populated into the registry as well?
Looking at the code there does seem to be a Rufus.ini setting you can set to bypass the group policy Autorun disable. Not sure it’s worthwhile though.
This has been an excellent demonstration of the role of cloud whitelisting by file hash for behavior blockers... this kind of behavior is absolutely one I would expect a good BB to flag as suspicious. And this app is one that I would expect a low FP BB to whitelist.
Akeo
New Member
- Jul 13, 2012
- 2
Rufus developer here. I've only found this thread now, but I feel the need to respond to it.
MacDefender's analysis is pretty much spot on. We ask Windows (thought Group Policies, because this is what Microsoft recommends rather than poking the registry directly) to temporarily disable autorun, so that users don't get pestered with a "What do you want to do with this drive" every time they plug a drive.
With regards to Controlled Access Folder, we need to detect this, because if Controlled Access Folder is enabled, you can't repartition or format an USB drive, so rather than let a user ponder why this doesn't work, we'd rather tell them explicitly that this is because Controlled Access is enabled, and that, if they want to use Rufus, they need to disable it, at least temporarily.
I'm also seeing puzzlement at VirusTotal indicating that there exists a parent that is riddled with malware, but then you have to understand what the parent-child relationship means as far as VirusTotal is concerned: it means that the child executable was once found in a parent executable.
This means that someone can pretty much take any legitimate application (e.g. notepad.exe), embed it in a executable that extracts & run it (so that it appears like the real deal) while performing some more nefarious activities, and you will have VirusTotal report that they have a parent for Microsoft's genuine notepad.exe that is completely malicious.
In other words, it's not because you see an infected parent that it means that the child application is malware. With the success of Rufus, some less than respectable people have been trying to create executable packages that embed the official version of Rufus, along with some malware, and tried to make it look as if it was the official version. So of course, this crap gets detected by AntiVirus software, and you get a parentage relationship from the official Rufus, even as the latter is clean.
I also have to say that there has yet to be a release of Rufus that hasn't seen false positives, which is rather annoying, but I guess that's what you get from trying to do advanced stuff in order to help your users, rather than limit yourself to displaying a nice bunch of colours in a limited userspace corner, which apparently is what the lesser AntiVirus solution seem to expect all applications to do... Right now, it seems some Malware analysis tools have found nothing better than declare Rufus as adware, which I suspect might have to do with us creating a rufus.com (which is a domain we neither own or have anything to do with, since the only official domain is rufus.ie) application for commandline users, in order to work around Microsoft's super sucky behaviours when it comes to satisfying both GUI and console users.
Oh, and since I'm here, I'm not gonna pass an opportunity to point people who might be interested in the various security steps we are taking to ensure that you can trust the official Rufus download not to do something malicious behind your back at having a look at our Security Page.
MacDefender's analysis is pretty much spot on. We ask Windows (thought Group Policies, because this is what Microsoft recommends rather than poking the registry directly) to temporarily disable autorun, so that users don't get pestered with a "What do you want to do with this drive" every time they plug a drive.
With regards to Controlled Access Folder, we need to detect this, because if Controlled Access Folder is enabled, you can't repartition or format an USB drive, so rather than let a user ponder why this doesn't work, we'd rather tell them explicitly that this is because Controlled Access is enabled, and that, if they want to use Rufus, they need to disable it, at least temporarily.
I'm also seeing puzzlement at VirusTotal indicating that there exists a parent that is riddled with malware, but then you have to understand what the parent-child relationship means as far as VirusTotal is concerned: it means that the child executable was once found in a parent executable.
This means that someone can pretty much take any legitimate application (e.g. notepad.exe), embed it in a executable that extracts & run it (so that it appears like the real deal) while performing some more nefarious activities, and you will have VirusTotal report that they have a parent for Microsoft's genuine notepad.exe that is completely malicious.
In other words, it's not because you see an infected parent that it means that the child application is malware. With the success of Rufus, some less than respectable people have been trying to create executable packages that embed the official version of Rufus, along with some malware, and tried to make it look as if it was the official version. So of course, this crap gets detected by AntiVirus software, and you get a parentage relationship from the official Rufus, even as the latter is clean.
I also have to say that there has yet to be a release of Rufus that hasn't seen false positives, which is rather annoying, but I guess that's what you get from trying to do advanced stuff in order to help your users, rather than limit yourself to displaying a nice bunch of colours in a limited userspace corner, which apparently is what the lesser AntiVirus solution seem to expect all applications to do... Right now, it seems some Malware analysis tools have found nothing better than declare Rufus as adware, which I suspect might have to do with us creating a rufus.com (which is a domain we neither own or have anything to do with, since the only official domain is rufus.ie) application for commandline users, in order to work around Microsoft's super sucky behaviours when it comes to satisfying both GUI and console users.
Oh, and since I'm here, I'm not gonna pass an opportunity to point people who might be interested in the various security steps we are taking to ensure that you can trust the official Rufus download not to do something malicious behind your back at having a look at our Security Page.
ednsinf
New Member
- Aug 19, 2021
- 1
- Jul 27, 2015
- 5,458
- Status
Similar threads
